1
+ − 1
<?php
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 2
1
+ − 3
/*
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 5
* Version 1.0.1 (Loch Ness)
1
+ − 6
* pageprocess.php - intelligent retrieval of pages
+ − 7
* Copyright (C) 2006-2007 Dan Fuhry
+ − 8
*
+ − 9
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 10
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 11
*
+ − 12
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 13
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 14
*/
+ − 15
+ − 16
/**
+ − 17
* Class to handle fetching page text (possibly from a cache) and formatting it.
+ − 18
* @package Enano
+ − 19
* @subpackage UI
+ − 20
* @copyright 2007 Dan Fuhry
+ − 21
* @license GNU General Public License <http://www.gnu.org/licenses/gpl.html>
+ − 22
*/
+ − 23
+ − 24
class PageProcessor
+ − 25
{
+ − 26
+ − 27
/**
+ − 28
* Page ID and namespace of the page handled by this instance
+ − 29
* @var string
+ − 30
*/
+ − 31
+ − 32
var $page_id;
+ − 33
var $namespace;
+ − 34
+ − 35
/**
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 36
* The title of the page sent to the template parser
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 37
* @var string
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 38
*/
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 39
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 40
var $title = '';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 41
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 42
/**
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 43
* The information about the page(s) we were redirected from
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 44
* @var array
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 45
*/
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 46
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 47
var $redirect_stack = array();
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 48
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 49
/**
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 50
* The revision ID (history entry) to send. If set to 0 (the default) then the most recent revision will be sent.
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 51
* @var int
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 52
*/
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 53
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 54
var $revision_id = 0;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 55
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 56
/**
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 57
* Unsanitized page ID.
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 58
* @var string
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 59
*/
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 60
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 61
var $page_id_unclean;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 62
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 63
/**
1
+ − 64
* Tracks if the page we're loading exists in the database or not.
+ − 65
* @var bool
+ − 66
*/
+ − 67
+ − 68
var $page_exists = false;
+ − 69
+ − 70
/**
+ − 71
* Permissions!
+ − 72
* @var object
+ − 73
*/
+ − 74
+ − 75
var $perms = null;
+ − 76
+ − 77
/**
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 78
* The SHA1 hash of the user-inputted password for the page
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 79
* @var string
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 80
*/
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 81
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 82
var $password = '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 83
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 84
/**
1
+ − 85
* Switch to track if redirects are allowed. Defaults to true.
+ − 86
* @var bool
+ − 87
*/
+ − 88
+ − 89
var $allow_redir = true;
+ − 90
+ − 91
/**
+ − 92
* If this is set to true, this will call the header and footer funcs on $template when render() is called.
+ − 93
* @var bool
+ − 94
*/
+ − 95
+ − 96
var $send_headers = false;
+ − 97
+ − 98
/**
+ − 99
* Cache the fetched text so we don't fetch it from the DB twice.
+ − 100
* @var string
+ − 101
*/
+ − 102
+ − 103
var $text_cache = '';
+ − 104
+ − 105
/**
+ − 106
* Debugging information to track errors. You can set enable to false to disable sending debug information.
+ − 107
* @var array
+ − 108
*/
+ − 109
+ − 110
var $debug = array(
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 111
'enable' => false,
1
+ − 112
'works' => false
+ − 113
);
+ − 114
+ − 115
/**
+ − 116
* Constructor.
+ − 117
* @param string The page ID (urlname) of the page
+ − 118
* @param string The namespace of the page
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 119
* @param int Optional. The revision ID to send.
1
+ − 120
*/
+ − 121
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 122
function __construct( $page_id, $namespace, $revision_id = 0 )
1
+ − 123
{
+ − 124
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 125
+ − 126
// See if we can get some debug info
+ − 127
if ( function_exists('debug_backtrace') && $this->debug['enable'] )
+ − 128
{
+ − 129
$this->debug['works'] = true;
+ − 130
$this->debug['backtrace'] = enano_debug_print_backtrace(true);
+ − 131
}
+ − 132
+ − 133
// First things first - check page existence and permissions
+ − 134
+ − 135
if ( !isset($paths->nslist[$namespace]) )
+ − 136
{
+ − 137
$this->send_error('The namespace "' . htmlspecialchars($namespace) . '" does not exist.');
+ − 138
}
+ − 139
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 140
if ( !is_int($revision_id) )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 141
$revision_id = 0;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 142
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 143
$this->_setup( $page_id, $namespace, $revision_id );
1
+ − 144
+ − 145
}
+ − 146
+ − 147
/**
61
+ − 148
* The main method to send the page content. Also responsible for checking permissions and calling the statistics counter.
+ − 149
* @param bool If true, the stat counter is called. Defaults to false.
1
+ − 150
*/
+ − 151
61
+ − 152
function send( $do_stats = false )
1
+ − 153
{
+ − 154
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 155
if ( !$this->perms->get_permissions('read') )
+ − 156
{
+ − 157
$this->err_access_denied();
+ − 158
return false;
+ − 159
}
24
+ − 160
$pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
+ − 161
$strict_no_headers = false;
+ − 162
if ( isset($paths->pages[$pathskey]) )
+ − 163
{
+ − 164
if ( $paths->pages[$pathskey]['special'] == 1 )
+ − 165
{
+ − 166
$this->send_headers = false;
+ − 167
$strict_no_headers = true;
+ − 168
}
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 169
if ( $paths->pages[$pathskey]['password'] != '' && $paths->pages[$pathskey]['password'] != sha1('') )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 170
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 171
$password =& $paths->pages[$pathskey]['password'];
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 172
if ( $this->password != $password )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 173
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 174
$this->err_wrong_password();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 175
return false;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 176
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 177
}
24
+ − 178
}
61
+ − 179
if ( $this->page_exists && $this->namespace != 'Special' && $this->namespace != 'Admin' && $do_stats )
+ − 180
{
+ − 181
doStats($this->page_id, $this->namespace);
+ − 182
}
1
+ − 183
if ( $this->namespace == 'Special' || $this->namespace == 'Admin' )
+ − 184
{
+ − 185
if ( !$this->page_exists )
+ − 186
{
+ − 187
redirect( makeUrl(getConfig('main_page')), 'Can\'t find special page', 'The special or administration page you requested does not exist. You will now be transferred to the main page.', 2 );
+ − 188
}
+ − 189
$func_name = "page_{$this->namespace}_{$this->page_id}";
+ − 190
if ( function_exists($func_name) )
+ − 191
{
+ − 192
return @call_user_func($func_name);
+ − 193
}
+ − 194
else
+ − 195
{
+ − 196
$title = 'Page backend not found';
+ − 197
$message = "The administration page you are looking for was properly registered using the page API, but the backend function
+ − 198
(<tt>$fname</tt>) was not found. If this is a plugin page, then this is almost certainly a bug with the plugin.";
+ − 199
+ − 200
if ( $this->send_headers )
+ − 201
{
+ − 202
$template->tpl_strings['PAGE_NAME'] = $title;
+ − 203
$template->header();
+ − 204
echo "<p>$message</p>";
+ − 205
$template->footer();
+ − 206
}
+ − 207
else
+ − 208
{
+ − 209
echo "<h2>$title</h2>
+ − 210
<p>$message</p>";
+ − 211
}
+ − 212
return false;
+ − 213
}
+ − 214
}
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 215
else if ( $this->namespace == 'User' )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 216
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 217
$this->_handle_userpage();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 218
}
1
+ − 219
else if ( ( $this->namespace == 'Template' || $this->namespace == 'System' ) && $this->page_exists )
+ − 220
{
+ − 221
$this->header();
+ − 222
+ − 223
$text = $this->fetch_text();
+ − 224
$text = preg_replace('/<noinclude>(.*?)<\/noinclude>/is', '\\1', $text);
+ − 225
$text = preg_replace('/<nodisplay>(.*?)<\/nodisplay>/is', '', $text);
+ − 226
+ − 227
$text = RenderMan::render( $text );
+ − 228
+ − 229
echo $text;
+ − 230
+ − 231
$this->footer();
+ − 232
+ − 233
}
+ − 234
else if ( !$this->page_exists )
+ − 235
{
+ − 236
// Perhaps this is hooked?
+ − 237
ob_start();
+ − 238
+ − 239
$code = $plugins->setHook('page_not_found');
+ − 240
foreach ( $code as $cmd )
+ − 241
{
+ − 242
eval($cmd);
+ − 243
}
+ − 244
+ − 245
$ob = ob_get_contents();
+ − 246
+ − 247
if ( empty($ob) )
+ − 248
{
+ − 249
$this->err_page_not_existent();
+ − 250
}
61
+ − 251
else
+ − 252
{
+ − 253
// Something sent content, so we'll assume the page exist...ed at least according to the plugin
+ − 254
if ( $this->namespace != 'Special' && $this->namespace != 'Admin' && $do_stats )
+ − 255
{
+ − 256
doStats($this->page_id, $this->namespace);
+ − 257
}
+ − 258
}
1
+ − 259
}
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 260
else // (disabled for compatibility reasons) if ( in_array($this->namespace, array('Article', 'User', 'Project', 'Help', 'File', 'Category')) && $this->page_exists )
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 261
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 262
// Send as regular page
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 263
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 264
// die($this->page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 265
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 266
$text = $this->fetch_text();
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 267
if ( $text == 'err_no_text_rows' )
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 268
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 269
$this->err_no_rows();
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 270
return false;
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 271
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 272
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 273
{
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 274
$redirect = ( isset($_GET['redirect']) ) ? $_GET['redirect'] : 'YES YOU IDIOT';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 275
if ( preg_match('/^#redirect \[\[([^\]]+)\]\]/i', $text, $match) && $redirect != 'no' )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 276
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 277
// Redirect page!
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 278
$page_to = sanitize_page_id($match[1]);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 279
$page_id_data = RenderMan::strToPageID($page_to);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 280
if ( count($this->redirect_stack) >= 3 )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 281
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 282
$this->render( (!$strict_no_headers), '<div class="usermessage"><b>The maximum number of internal redirects has been exceeded.</b></div>' );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 283
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 284
else
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 285
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 286
$result = $this->_handle_redirect($page_id_data[0], $page_id_data[1]);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 287
if ( $result !== true )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 288
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 289
// There was some error during the redirect process - usually an infinite redirect
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 290
$this->render( (!$strict_no_headers), '<div class="usermessage"><b>' . $result . '</b></div>' );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 291
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 292
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 293
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 294
else
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 295
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 296
$this->render( (!$strict_no_headers) );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 297
}
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 298
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 299
}
1
+ − 300
}
+ − 301
+ − 302
/**
+ − 303
* Sets internal variables.
+ − 304
* @access private
+ − 305
*/
+ − 306
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 307
function _setup($page_id, $namespace, $revision_id)
1
+ − 308
{
+ − 309
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 310
+ − 311
$page_id_cleaned = sanitize_page_id($page_id);
+ − 312
+ − 313
$this->page_id = $page_id_cleaned;
+ − 314
$this->namespace = $namespace;
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 315
$this->revision_id = $revision_id;
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 316
$this->page_id_unclean = dirtify_page_id($page_id);
1
+ − 317
+ − 318
$this->perms = $session->fetch_page_acl( $page_id, $namespace );
+ − 319
+ − 320
// Exception for Admin: pages
+ − 321
if ( $this->namespace == 'Admin' )
+ − 322
{
+ − 323
$fname = "page_Admin_{$this->page_id}";
+ − 324
}
+ − 325
+ − 326
// Does the page "exist"?
4
+ − 327
if ( $paths->cpage['urlname_nons'] == $page_id && $paths->namespace == $namespace && !$paths->page_exists && ( $this->namespace != 'Admin' || ($this->namespace == 'Admin' && !function_exists($fname) ) ) )
1
+ − 328
{
+ − 329
$this->page_exists = false;
+ − 330
}
+ − 331
else if ( !isset( $paths->pages[ $paths->nslist[$namespace] . $page_id ] ) && ( $this->namespace == 'Admin' && !function_exists($fname) ) )
+ − 332
{
+ − 333
$this->page_exists = false;
+ − 334
}
+ − 335
else
+ − 336
{
+ − 337
$this->page_exists = true;
+ − 338
}
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 339
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 340
// Compatibility with older databases
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 341
if ( strstr($this->page_id, '.2e') && !$this->page_exists )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 342
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 343
$page_id = str_replace('.2e', '.', $page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 344
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 345
if ( $paths->cpage['urlname_nons'] == $page_id && $paths->namespace == $namespace && !$paths->page_exists && ( $this->namespace != 'Admin' || ($this->namespace == 'Admin' && !function_exists($fname) ) ) )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 346
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 347
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 348
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 349
else if ( !isset( $paths->pages[ $paths->nslist[$namespace] . $page_id ] ) && ( $this->namespace == 'Admin' && !function_exists($fname) ) )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 350
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 351
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 352
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 353
else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 354
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 355
$this->page_exists = true;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 356
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 357
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 358
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 359
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 360
$this->title = get_page_title_ns($this->page_id, $this->namespace);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 361
1
+ − 362
}
+ − 363
+ − 364
/**
+ − 365
* Renders it all in one go, and echoes it out. This assumes that the text is in the DB.
+ − 366
* @access private
+ − 367
*/
+ − 368
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 369
function render($incl_inner_headers = true, $_errormsg = false)
1
+ − 370
{
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 371
global $db, $session, $paths, $template, $plugins; // Common objects
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 372
1
+ − 373
$text = $this->fetch_text();
+ − 374
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 375
$redir_enabled = false;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 376
if ( preg_match('/^#redirect \[\[([^\]]+?)\]\]/i', $text, $match ) )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 377
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 378
$redir_enabled = true;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 379
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 380
$oldtarget = RenderMan::strToPageID($match[1]);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 381
$oldtarget[0] = sanitize_page_id($oldtarget[0]);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 382
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 383
$url = makeUrlNS($oldtarget[1], $oldtarget[0], false, true);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 384
$page_id_key = $paths->nslist[ $oldtarget[1] ] . $oldtarget[0];
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 385
$page_data = $paths->pages[$page_id_key];
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 386
$title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$oldtarget[1]] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $oldtarget[0] ) ) );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 387
if ( !isset($page_data['name']) )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 388
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 389
$cls = 'class="wikilink-nonexistent"';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 390
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 391
else
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 392
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 393
$cls = '';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 394
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 395
$a = '<a ' . $cls . ' href="' . $url . '">' . $title . '</a>';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 396
$redir_html = '<br /><div class="mdg-infobox">
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 397
<table border="0" width="100%" cellspacing="0" cellpadding="0">
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 398
<tr>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 399
<td valign="top">
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 400
<img alt="Cute wet-floor icon" src="'.scriptPath.'/images/redirector.png" />
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 401
</td>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 402
<td valign="top" style="padding-left: 10px;">
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 403
<b>This page is a <i>redirector</i>.</b><br />
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 404
This means that this page will not show its own content by default. Instead it will display the contents of the page it redirects to.<br /><br />
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 405
To create a redirect page, make the <i>first characters</i> in the page content <tt>#redirect [[Page_ID]]</tt>. For more information, see the
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 406
Enano <a href="http://enanocms.org/Help:Wiki_formatting" onclick="window.open(this.href); return false;">Wiki formatting guide</a>.<br /><br />
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 407
This page redirects to ' . $a . '.
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 408
</td>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 409
</tr>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 410
</table>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 411
</div>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 412
<br />
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 413
<hr style="margin-left: 1em; width: 200px;" />';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 414
$text = str_replace($match[0], '', $text);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 415
$text = trim($text);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 416
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 417
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 418
$template->tpl_strings['PAGE_NAME'] = htmlspecialchars( $this->title );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 419
1
+ − 420
$this->header();
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 421
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 422
if ( $_errormsg )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 423
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 424
echo $_errormsg;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 425
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 426
24
+ − 427
if ( $incl_inner_headers )
+ − 428
{
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 429
if ( count($this->redirect_stack) > 0 )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 430
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 431
$stack = array_reverse($this->redirect_stack);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 432
foreach ( $stack as $oldtarget )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 433
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 434
$url = makeUrlNS($oldtarget[1], $oldtarget[0], 'redirect=no', true);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 435
$page_id_key = $paths->nslist[ $oldtarget[1] ] . $oldtarget[0];
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 436
$page_data = $paths->pages[$page_id_key];
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 437
$title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$oldtarget[1]] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $oldtarget[0] ) ) );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 438
$a = '<a href="' . $url . '">' . $title . '</a>';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 439
echo '<small>(Redirected from ' . $a . ')<br /></small>';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 440
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 441
}
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 442
display_page_headers();
24
+ − 443
}
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 444
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 445
if ( $this->revision_id )
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 446
{
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 447
echo '<div class="info-box" style="margin-left: 0; margin-top: 5px;"><b>Notice:</b><br />The page you are viewing was archived on '.date('F d, Y \a\t h:i a', $this->revision_id).'.<br /><a href="'.makeUrlNS($this->namespace, $this->page_id).'" onclick="ajaxReset(); return false;">View current version</a> | <a href="'.makeUrlNS($this->namespace, $this->pageid, 'do=rollback&id='.$this->revision_id).'" onclick="ajaxRollback(\''.$this->revision_id.'\')">Restore this version</a></div><br />';
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 448
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 449
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 450
if ( $redir_enabled )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 451
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 452
echo $redir_html;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 453
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 454
25
+ − 455
if ( $incl_inner_headers )
+ − 456
{
+ − 457
$text = '?>' . RenderMan::render($text);
+ − 458
}
+ − 459
else
+ − 460
{
+ − 461
$text = '?>' . $text;
26
+ − 462
$text = preg_replace('/<nowiki>(.*?)<\/nowiki>/s', '\\1', $text);
25
+ − 463
}
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 464
// echo('<pre>'.htmlspecialchars($text).'</pre>');
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 465
eval ( $text );
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 466
24
+ − 467
if ( $incl_inner_headers )
+ − 468
{
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 469
display_page_footers();
24
+ − 470
}
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 471
1
+ − 472
$this->footer();
+ − 473
}
+ − 474
+ − 475
/**
+ − 476
* Sends the page header, dependent on, of course, whether we're supposed to.
+ − 477
*/
+ − 478
+ − 479
function header()
+ − 480
{
+ − 481
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 482
if ( $this->send_headers )
+ − 483
$template->header();
+ − 484
}
+ − 485
+ − 486
/**
+ − 487
* Sends the page footer, dependent on, of course, whether we're supposed to.
+ − 488
*/
+ − 489
+ − 490
function footer()
+ − 491
{
+ − 492
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 493
if ( $this->send_headers )
+ − 494
$template->footer();
+ − 495
}
+ − 496
+ − 497
/**
+ − 498
* Fetches the raw, unfiltered page text.
+ − 499
* @access public
+ − 500
*/
+ − 501
+ − 502
function fetch_text()
+ − 503
{
+ − 504
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 505
+ − 506
if ( !empty($this->text_cache) )
+ − 507
{
+ − 508
return $this->text_cache;
+ − 509
}
+ − 510
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 511
if ( $this->revision_id > 0 && is_int($this->revision_id) )
1
+ − 512
{
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 513
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 514
$q = $db->sql_query('SELECT page_text, char_tag, date_string FROM '.table_prefix.'logs WHERE page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\' AND time_id=' . $this->revision_id . ';');
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 515
if ( !$q )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 516
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 517
$this->send_error('Error during SQL query.', true);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 518
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 519
if ( $db->numrows() < 1 )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 520
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 521
// Compatibility fix for old pages with dots in the page ID
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 522
if ( strstr($this->page_id, '.2e') )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 523
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 524
$db->free_result();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 525
$page_id = str_replace('.2e', '.', $this->page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 526
$q = $db->sql_query('SELECT page_text, char_tag, date_string FROM '.table_prefix.'logs WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $this->namespace . '\' AND time_id=' . $this->revision_id . ';');
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 527
if ( !$q )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 528
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 529
$this->send_error('Error during SQL query.', true);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 530
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 531
if ( $db->numrows() < 1 )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 532
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 533
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 534
return 'err_no_text_rows';
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 535
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 536
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 537
else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 538
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 539
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 540
return 'err_no_text_rows';
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 541
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 542
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 543
else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 544
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 545
$row = $db->fetchrow();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 546
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 547
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 548
$db->free_result();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 549
1
+ − 550
}
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 551
else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 552
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 553
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 554
$q = $db->sql_query('SELECT page_text, char_tag FROM '.table_prefix.'page_text WHERE page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\';');
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 555
if ( !$q )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 556
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 557
$this->send_error('Error during SQL query.', true);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 558
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 559
if ( $db->numrows() < 1 )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 560
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 561
// Compatibility fix for old pages with dots in the page ID
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 562
if ( strstr($this->page_id, '.2e') )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 563
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 564
$db->free_result();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 565
$page_id = str_replace('.2e', '.', $this->page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 566
$q = $db->sql_query('SELECT page_text, char_tag FROM '.table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $this->namespace . '\';');
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 567
if ( !$q )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 568
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 569
$this->send_error('Error during SQL query.', true);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 570
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 571
if ( $db->numrows() < 1 )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 572
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 573
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 574
return 'err_no_text_rows';
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 575
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 576
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 577
else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 578
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 579
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 580
return 'err_no_text_rows';
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 581
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 582
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 583
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 584
$row = $db->fetchrow();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 585
$db->free_result();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 586
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 587
}
1
+ − 588
+ − 589
if ( !empty($row['char_tag']) )
+ − 590
{
+ − 591
// This page text entry uses the old text-escaping format
+ − 592
$from = array(
+ − 593
"{APOS:{$row['char_tag']}}",
+ − 594
"{QUOT:{$row['char_tag']}}",
+ − 595
"{SLASH:{$row['char_tag']}}"
+ − 596
);
+ − 597
$to = array("'", '"', '\\');
+ − 598
$row['page_text'] = str_replace($from, $to, $row['page_text']);
+ − 599
}
+ − 600
+ − 601
$this->text_cache = $row['page_text'];
+ − 602
+ − 603
return $row['page_text'];
+ − 604
+ − 605
}
+ − 606
+ − 607
/**
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 608
* Handles the extra overhead required for user pages.
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 609
* @access private
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 610
*/
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 611
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 612
function _handle_userpage()
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 613
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 614
global $db, $session, $paths, $template, $plugins; // Common objects
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 615
global $email;
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 616
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 617
if ( $this->page_id == $paths->cpage['urlname_nons'] && $this->namespace == $paths->namespace )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 618
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 619
$page_name = ( isset($paths->cpage['name']) ) ? $paths->cpage['name'] : $this->page_id;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 620
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 621
else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 622
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 623
$page_name = ( isset($paths->pages[$this->page_id]) ) ? $paths->pages[$this->page_id]['name'] : $this->page_id;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 624
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 625
22
+ − 626
$target_username = strtr($page_name,
+ − 627
Array(
+ − 628
'_' => ' ',
+ − 629
'<' => '<',
+ − 630
'>' => '>'
+ − 631
));
+ − 632
+ − 633
$target_username = preg_replace('/^' . preg_quote($paths->nslist['User']) . '/', '', $target_username);
+ − 634
+ − 635
if ( ( $page_name == str_replace('_', ' ', $this->page_id) || $page_name == $paths->nslist['User'] . str_replace('_', ' ', $this->page_id) ) || !$this->page_exists )
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 636
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 637
$page_name = "$target_username's user page";
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 638
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 639
else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 640
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 641
// User has a custom title for their userpage
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 642
$page_name = $paths->pages[ $paths->nslist[$this->namespace] . $this->page_id ]['name'];
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 643
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 644
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 645
$template->tpl_strings['PAGE_NAME'] = htmlspecialchars($page_name);
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 646
22
+ − 647
$q = $db->sql_query('SELECT u.username, u.user_id AS authoritative_uid, u.real_name, u.email, u.reg_time, x.*, COUNT(c.comment_id) AS n_comments
+ − 648
FROM '.table_prefix.'users u
+ − 649
LEFT JOIN '.table_prefix.'users_extra AS x
+ − 650
ON ( u.user_id = x.user_id OR x.user_id IS NULL )
+ − 651
LEFT JOIN '.table_prefix.'comments AS c
47
+ − 652
ON ( ( c.user_id=u.user_id AND c.name=u.username AND c.approved=1 ) OR ( c.comment_id IS NULL AND c.approved IS NULL ) )
22
+ − 653
WHERE u.username=\'' . $db->escape($target_username) . '\'
+ − 654
GROUP BY u.user_id;');
+ − 655
if ( !$q )
+ − 656
$db->_die();
+ − 657
+ − 658
$user_exists = true;
+ − 659
+ − 660
if ( $db->numrows() < 1 )
+ − 661
{
+ − 662
$user_exists = false;
+ − 663
}
+ − 664
else
+ − 665
{
+ − 666
$userdata = $db->fetchrow();
+ − 667
if ( $userdata['authoritative_uid'] == 1 )
+ − 668
{
+ − 669
// Hide data for anonymous user
+ − 670
$user_exists = false;
+ − 671
unset($userdata);
+ − 672
}
+ − 673
}
+ − 674
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 675
$this->header();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 676
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 677
// if ( $send_headers )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 678
// {
22
+ − 679
// display_page_headers();
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 680
// }
16
+ − 681
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 682
// Start left sidebar: basic user info, latest comments
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 683
22
+ − 684
if ( $user_exists ):
+ − 685
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 686
echo '<table border="0" cellspacing="4" cellpadding="0" style="width: 100%;">';
22
+ − 687
echo '<tr><td style="width: 150px;" valign="top">';
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 688
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 689
echo '<div class="tblholder">
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 690
<table border="0" cellspacing="1" cellpadding="4">';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 691
22
+ − 692
//
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 693
// Main part of sidebar
22
+ − 694
//
+ − 695
+ − 696
// Basic user info
+ − 697
+ − 698
echo '<tr><th class="subhead">All about ' . htmlspecialchars($target_username) . '</th></tr>';
+ − 699
echo '<tr><td class="row3">Joined: ' . date('F d, Y h:i a', $userdata['reg_time']) . '</td></tr>';
+ − 700
echo '<tr><td class="row1">Total comments: ' . $userdata['n_comments'] . '</td></tr>';
+ − 701
+ − 702
if ( !empty($userdata['real_name']) )
+ − 703
{
31
+ − 704
echo '<tr><td class="row3">Real name: ' . $userdata['real_name'] . '</td></tr>';
22
+ − 705
}
+ − 706
+ − 707
// Comments
+ − 708
+ − 709
echo '<tr><th class="subhead">' . htmlspecialchars($target_username) . '\'s latest comments</th></tr>';
47
+ − 710
$q = $db->sql_query('SELECT page_id, namespace, subject, time FROM '.table_prefix.'comments WHERE name=\'' . $db->escape($target_username) . '\' AND user_id=' . $userdata['authoritative_uid'] . ' AND approved=1 ORDER BY time DESC LIMIT 5;');
22
+ − 711
if ( !$q )
+ − 712
$db->_die();
+ − 713
+ − 714
$comments = Array();
+ − 715
$no_comments = false;
+ − 716
+ − 717
if ( $row = $db->fetchrow() )
+ − 718
{
+ − 719
do
+ − 720
{
+ − 721
$row['time'] = date('F d, Y', $row['time']);
+ − 722
$comments[] = $row;
+ − 723
}
+ − 724
while ( $row = $db->fetchrow() );
+ − 725
}
+ − 726
else
+ − 727
{
+ − 728
$no_comments = true;
+ − 729
}
+ − 730
+ − 731
echo '<tr><td class="row3">';
+ − 732
echo '<div style="border: 1px solid #000000; padding: 0px; margin: 0; max-height: 200px; clip: rect(0px,auto,auto,0px); overflow: auto; background-color: transparent;" class="tblholder">';
+ − 733
+ − 734
echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 735
$class = 'row1';
+ − 736
+ − 737
$tpl = '<tr>
+ − 738
<td class="{CLASS}">
+ − 739
<a href="{PAGE_LINK}" <!-- BEGINNOT page_exists -->class="wikilink-nonexistent"<!-- END page_exists -->>{PAGE}</a><br />
+ − 740
<small>Posted {DATE}<br /></small>
+ − 741
<b><a href="{COMMENT_LINK}">{SUBJECT}</a></b>
+ − 742
</td>
+ − 743
</tr>';
+ − 744
$parser = $template->makeParserText($tpl);
+ − 745
+ − 746
if ( count($comments) > 0 )
+ − 747
{
+ − 748
foreach ( $comments as $comment )
+ − 749
{
+ − 750
$c_page_id = $paths->nslist[ $comment['namespace'] ] . sanitize_page_id($comment['page_id']);
+ − 751
if ( isset($paths->pages[ $c_page_id ]) )
+ − 752
{
+ − 753
$parser->assign_bool(array(
+ − 754
'page_exists' => true
+ − 755
));
+ − 756
$page_title = $paths->pages[ $c_page_id ]['name'];
+ − 757
}
+ − 758
else
+ − 759
{
+ − 760
$parser->assign_bool(array(
+ − 761
'page_exists' => false
+ − 762
));
+ − 763
$page_title = htmlspecialchars(dirtify_page_id($c_page_id));
+ − 764
}
+ − 765
$parser->assign_vars(array(
+ − 766
'CLASS' => $class,
+ − 767
'PAGE_LINK' => makeUrlNS($comment['namespace'], sanitize_page_id($comment['page_id'])),
+ − 768
'PAGE' => $page_title,
+ − 769
'SUBJECT' => $comment['subject'],
+ − 770
'DATE' => $comment['time'],
+ − 771
'COMMENT_LINK' => makeUrlNS($comment['namespace'], sanitize_page_id($comment['page_id']), 'do=comments', true)
+ − 772
));
+ − 773
$class = ( $class == 'row3' ) ? 'row1' : 'row3';
+ − 774
echo $parser->run();
+ − 775
}
+ − 776
}
+ − 777
else
+ − 778
{
+ − 779
echo '<tr><td class="' . $class . '">This user has not posted any comments.</td></tr>';
+ − 780
}
+ − 781
echo '</table>';
+ − 782
+ − 783
echo '</div>';
+ − 784
echo '</td></tr>';
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 785
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 786
echo ' </table>
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 787
</div>';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 788
22
+ − 789
echo '</td><td valign="top" style="padding: 0 10px;">';
+ − 790
+ − 791
else:
+ − 792
+ − 793
// Nothing for now
+ − 794
+ − 795
endif;
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 796
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 797
// User's own content
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 798
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 799
$send_headers = $this->send_headers;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 800
$this->send_headers = false;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 801
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 802
if ( $this->page_exists )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 803
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 804
$this->render();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 805
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 806
else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 807
{
22
+ − 808
$this->err_page_not_existent(true);
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 809
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 810
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 811
// Right sidebar
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 812
22
+ − 813
if ( $user_exists ):
+ − 814
+ − 815
echo '</td><td style="width: 150px;" valign="top">';
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 816
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 817
echo '<div class="tblholder">
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 818
<table border="0" cellspacing="1" cellpadding="4">';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 819
22
+ − 820
//
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 821
// Main part of sidebar
22
+ − 822
//
+ − 823
+ − 824
// Contact information
+ − 825
+ − 826
echo '<tr><th class="subhead">Get in touch</th></tr>';
+ − 827
+ − 828
$class = 'row3';
+ − 829
+ − 830
if ( $userdata['email_public'] == 1 )
+ − 831
{
+ − 832
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 833
$email_link = $email->encryptEmail($userdata['email']);
+ − 834
echo '<tr><td class="'.$class.'">E-mail address: ' . $email_link . '</td></tr>';
+ − 835
}
+ − 836
+ − 837
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 838
if ( $session->user_logged_in )
+ − 839
{
+ − 840
echo '<tr><td class="'.$class.'">Send ' . htmlspecialchars($target_username) . ' a <a href="' . makeUrlNS('Special', 'PrivateMessages/Compose/to/' . $this->page_id, false, true) . '">Private Message</a>!</td></tr>';
+ − 841
}
+ − 842
else
+ − 843
{
+ − 844
echo '<tr><td class="'.$class.'">You could send ' . htmlspecialchars($target_username) . ' a private message if you were <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist[$this->namespace] . $this->page_id) . '">logged in</a>.</td></tr>';
+ − 845
}
+ − 846
+ − 847
if ( !empty($userdata['user_aim']) )
+ − 848
{
+ − 849
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
37
+ − 850
echo '<tr><td class="'.$class.'">AIM: ' . $userdata['user_aim'] . '</td></tr>';
22
+ − 851
}
+ − 852
+ − 853
if ( !empty($userdata['user_yahoo']) )
+ − 854
{
+ − 855
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
37
+ − 856
echo '<tr><td class="'.$class.'">Yahoo! IM: ' . $userdata['user_yahoo'] . '</td></tr>';
22
+ − 857
}
+ − 858
+ − 859
if ( !empty($userdata['user_msn']) )
+ − 860
{
+ − 861
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 862
$email_link = $email->encryptEmail($userdata['user_msn']);
+ − 863
echo '<tr><td class="'.$class.'">WLM: ' . $email_link . '</td></tr>';
+ − 864
}
+ − 865
+ − 866
if ( !empty($userdata['user_xmpp']) )
+ − 867
{
+ − 868
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 869
$email_link = $email->encryptEmail($userdata['user_xmpp']);
+ − 870
echo '<tr><td class="'.$class.'">XMPP/Jabber: ' . $email_link . '</td></tr>';
+ − 871
}
+ − 872
+ − 873
// Real life
+ − 874
+ − 875
echo '<tr><th class="subhead">' . htmlspecialchars($target_username) . ' in real life</th></tr>';
+ − 876
+ − 877
if ( !empty($userdata['user_location']) )
+ − 878
{
+ − 879
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
37
+ − 880
echo '<tr><td class="'.$class.'">Location: ' . $userdata['user_location'] . '</td></tr>';
22
+ − 881
}
+ − 882
+ − 883
if ( !empty($userdata['user_job']) )
+ − 884
{
+ − 885
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
37
+ − 886
echo '<tr><td class="'.$class.'">Job/occupation: ' . $userdata['user_job'] . '</td></tr>';
22
+ − 887
}
+ − 888
+ − 889
if ( !empty($userdata['user_hobbies']) )
+ − 890
{
+ − 891
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
37
+ − 892
echo '<tr><td class="'.$class.'">Enjoys: ' . $userdata['user_hobbies'] . '</td></tr>';
22
+ − 893
}
+ − 894
28
+ − 895
if ( empty($userdata['user_location']) && empty($userdata['user_job']) && empty($userdata['user_hobbies']) )
+ − 896
{
+ − 897
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 898
echo '<tr><td class="'.$class.'">' . htmlspecialchars($target_username) . ' hasn\'t posted any real-life contact information.</td></tr>';
+ − 899
}
+ − 900
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 901
echo ' </table>
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 902
</div>';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 903
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 904
echo '</tr></table>';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 905
22
+ − 906
else:
+ − 907
+ − 908
echo '<p>Additional information: user "' . htmlspecialchars($target_username) . '" does not exist.</p>';
+ − 909
+ − 910
endif;
+ − 911
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 912
// if ( $send_headers )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 913
// {
22
+ − 914
// display_page_footers();
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 915
// }
16
+ − 916
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 917
$this->send_headers = $send_headers;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 918
unset($send_headers);
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 919
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 920
$this->footer();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 921
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 922
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 923
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 924
/**
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 925
* Pushes to the redirect stack and resets the instance. This depends on the page ID and namespace already being validated and sanitized, and does not check the size of the redirect stack.
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 926
* @param string Page ID to redirect to
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 927
* @param string Namespace to redirect to
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 928
* @access private
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 929
*/
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 930
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 931
function _handle_redirect($page_id, $namespace)
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 932
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 933
$arr_pid = array($this->page_id, $this->namespace);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 934
if ( $namespace == 'Special' || $namespace == 'Admin' )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 935
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 936
return 'This page redirects to a Special or Administration page, which is not allowed.';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 937
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 938
if ( in_array($this->redirect_stack, $arr_pid) )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 939
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 940
return 'This page infinitely redirects with another page (or another series of pages), and the infinite redirect was trapped.';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 941
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 942
$page_id_key = $paths->nslist[ $namespace ] . $page_id;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 943
if ( !isset($paths->pages[$page_id_key]) )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 944
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 945
return 'This page redirects to another page that doesn\'t exist.';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 946
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 947
$this->redirect_stack[] = $arr_pid;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 948
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 949
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 950
// Nuke the text cache to avoid infinite loops, gah...
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 951
$this->text_cache = '';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 952
$this->_setup($page_id, $namespace, 0);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 953
$this->send();
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 954
return true;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 955
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 956
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 957
/**
1
+ − 958
* Send the error message to the user that the access to this page is denied.
+ − 959
* @access private
+ − 960
*/
+ − 961
+ − 962
function err_access_denied()
+ − 963
{
+ − 964
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 965
+ − 966
$ob = '';
+ − 967
$template->tpl_strings['PAGE_NAME'] = 'Access denied';
+ − 968
+ − 969
if ( $this->send_headers )
+ − 970
{
+ − 971
$ob .= $template->getHeader();
+ − 972
}
+ − 973
+ − 974
$ob .= '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
+ − 975
+ − 976
if ( $this->send_headers )
+ − 977
{
+ − 978
$ob .= $template->getFooter();
+ − 979
}
+ − 980
echo $ob;
+ − 981
}
+ − 982
+ − 983
/**
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 984
* Inform the user of an incorrect or absent password
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 985
* @access private
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 986
*/
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 987
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 988
function err_wrong_password()
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 989
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 990
global $db, $session, $paths, $template, $plugins; // Common objects
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 991
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 992
$title = 'Password required';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 993
$message = ( empty($this->password) ) ? '<p>Access to this page requires a password. Please enter the password for this page below:</p>' : '<p>The password you entered for this page was incorrect. Please enter the password for this page below:</p>';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 994
$message .= '<form action="' . makeUrlNS($this->namespace, $this->page_id) . '" method="post">
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 995
<p>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 996
<label>Password: <input name="pagepass" type="password" /></label> <input type="submit" value="Submit" />
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 997
</p>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 998
</form>';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 999
if ( $this->send_headers )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1000
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1001
$template->tpl_strings['PAGE_NAME'] = $title;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1002
$template->header();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1003
echo "$message";
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1004
$template->footer();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1005
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1006
else
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1007
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1008
echo "<h2>$title</h2>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1009
$message";
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1010
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1011
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1012
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1013
/**
1
+ − 1014
* Send the error message to the user complaining that there weren't any rows.
+ − 1015
* @access private
+ − 1016
*/
+ − 1017
+ − 1018
function err_no_rows()
+ − 1019
{
+ − 1020
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1021
+ − 1022
$title = 'No text rows';
+ − 1023
$message = 'While the page\'s existence was verified, there were no rows in the database that matched the query for the text. This may indicate a bug with the software; ask the webmaster for more information. The offending query was:<pre>' . $db->latest_query . '</pre>';
+ − 1024
if ( $this->send_headers )
+ − 1025
{
+ − 1026
$template->tpl_strings['PAGE_NAME'] = $title;
+ − 1027
$template->header();
+ − 1028
echo "<p>$message</p>";
+ − 1029
$template->footer();
+ − 1030
}
+ − 1031
else
+ − 1032
{
+ − 1033
echo "<h2>$title</h2>
+ − 1034
<p>$message</p>";
+ − 1035
}
+ − 1036
}
+ − 1037
+ − 1038
/**
+ − 1039
* Tell the user the page doesn't exist, and present them with their options.
+ − 1040
* @access private
+ − 1041
*/
+ − 1042
22
+ − 1043
function err_page_not_existent($userpage = false)
1
+ − 1044
{
+ − 1045
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1046
+ − 1047
$this->header();
+ − 1048
header('HTTP/1.1 404 Not Found');
22
+ − 1049
if ( $userpage )
+ − 1050
{
+ − 1051
echo '<h3>There is no page with this title yet.</h3>
+ − 1052
<p>This user has not created his or her user page yet.';
+ − 1053
}
+ − 1054
else
+ − 1055
{
+ − 1056
echo '<h3>There is no page with this title yet.</h3>
+ − 1057
<p>You have requested a page that doesn\'t exist yet.';
+ − 1058
}
1
+ − 1059
if ( $session->get_permissions('create_page') )
+ − 1060
{
+ − 1061
echo ' You can <a href="'.makeUrlNS($this->namespace, $this->page_id, 'do=edit', true).'" onclick="ajaxEditor(); return false;">create this page</a>, or return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.';
+ − 1062
}
+ − 1063
else
+ − 1064
{
+ − 1065
echo ' Return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.</p>';
+ − 1066
}
+ − 1067
if ( $session->get_permissions('history_rollback') )
+ − 1068
{
+ − 1069
$e = $db->sql_query('SELECT * FROM ' . table_prefix . 'logs WHERE action=\'delete\' AND page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\' ORDER BY time_id DESC;');
+ − 1070
if ( !$e )
+ − 1071
{
+ − 1072
$db->_die('The deletion log could not be selected.');
+ − 1073
}
+ − 1074
if ( $db->numrows() > 0 )
+ − 1075
{
+ − 1076
$r = $db->fetchrow();
28
+ − 1077
echo '<p><b>This page was deleted on ' . $r['date_string'] . '.</b> The stated reason was:</p><blockquote>' . $r['edit_summary'] . '</blockquote><p>You can probably <a href="'.makeUrl($paths->page, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">roll back</a> the deletion.</p>';
1
+ − 1078
}
+ − 1079
$db->free_result();
+ − 1080
}
+ − 1081
echo '<p>
+ − 1082
HTTP Error: 404 Not Found
+ − 1083
</p>';
+ − 1084
$this->footer();
+ − 1085
}
+ − 1086
+ − 1087
/**
+ − 1088
* PHP 4 constructor.
+ − 1089
* @see PageProcessor::__construct()
+ − 1090
*/
+ − 1091
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1092
function PageProcessor( $page_id, $namespace, $revision_id = 0 )
1
+ − 1093
{
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1094
$this->__construct($page_id, $namespace, $revision_id);
1
+ − 1095
}
+ − 1096
+ − 1097
/**
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1098
* Send an error message and die. For debugging or critical technical errors only - nothing that would under normal circumstances be shown to the user.
1
+ − 1099
* @var string Error message
+ − 1100
* @var bool If true, send DBAL's debugging information as well
+ − 1101
*/
+ − 1102
+ − 1103
function send_error($message, $sql = false)
+ − 1104
{
+ − 1105
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1106
+ − 1107
$content = "<p>$message</p>";
+ − 1108
$template->tpl_strings['PAGE_NAME'] = 'General error in page fetcher';
+ − 1109
+ − 1110
if ( $this->debug['works'] )
+ − 1111
{
+ − 1112
$content .= $this->debug['backtrace'];
+ − 1113
}
+ − 1114
+ − 1115
header('HTTP/1.1 500 Internal Server Error');
+ − 1116
+ − 1117
$template->header();
+ − 1118
echo $content;
+ − 1119
$template->footer();
+ − 1120
+ − 1121
$db->close();
+ − 1122
+ − 1123
exit;
+ − 1124
+ − 1125
}
+ − 1126
+ − 1127
} // class PageProcessor
+ − 1128
+ − 1129
?>