# HG changeset patch # User Dan # Date 1188706987 14400 # Node ID 008b1c42be72de7c0cd5dd72929da5e4dbe9dd51 # Parent b348ace50bc7637206de2a6bd3374a4c00e74e50 Rewrote all code related to delvote_ips column to use serialize() diff -r b348ace50bc7 -r 008b1c42be72 includes/functions.php --- a/includes/functions.php Sat Sep 01 23:29:33 2007 -0400 +++ b/includes/functions.php Sun Sep 02 00:23:07 2007 -0400 @@ -872,7 +872,8 @@ global $db, $session, $paths, $template, $plugins; // Common objects if($session->get_permissions('vote_reset') && $paths->cpage['delvotes'] > 0) { - $hr = implode(', ', explode('|', $paths->cpage['delvote_ips'])); + $delvote_ips = unserialize($paths->cpage['delvote_ips']); + $hr = htmlspecialchars(implode(', ', $delvote_ips['u'])); $is = 'is'; $s = ''; $s2 = 's'; diff -r b348ace50bc7 -r 008b1c42be72 includes/pageutils.php --- a/includes/pageutils.php Sat Sep 01 23:29:33 2007 -0400 +++ b/includes/pageutils.php Sun Sep 02 00:23:07 2007 -0400 @@ -405,18 +405,23 @@ $prot = ( $namespace == 'System' ) ? 1 : 0; + $ips = array( + 'ip' => array(), + 'u' => array() + ); + $page_data = Array( 'name'=>$name, 'urlname'=>$page_id, 'namespace'=>$namespace, - 'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>$prot,'delvotes'=>0,'delvote_ips'=>'','wiki_mode'=>2, + 'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>$prot,'delvotes'=>0,'delvote_ips'=>serialize($ips),'wiki_mode'=>2, ); // die('PageUtils::createpage: Creating page with this data:
' . print_r($page_data, true) . ''); $paths->add_page($page_data); - $qa = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,visible,protected) VALUES(\''.$db->escape($name).'\', \''.$db->escape($page_id).'\', \''.$namespace.'\', '. ( $visible ? '1' : '0' ) .', '.$prot.');'); + $qa = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\''.$db->escape($name).'\', \''.$db->escape($page_id).'\', \''.$namespace.'\', '. ( $visible ? '1' : '0' ) .', '.$prot.', \'' . $db->escape(serialize($ips)) . '\');'); $qb = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace) VALUES(\''.$db->escape($page_id).'\', \''.$namespace.'\');'); $qc = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'create\', \''.$session->username.'\', \''.$db->escape($page_id).'\', \''.$namespace.'\');'); @@ -1302,25 +1307,60 @@ function delvote($page_id, $namespace) { global $db, $session, $paths, $template, $plugins; // Common objects - if(!$session->get_permissions('vote_delete')) + if ( !$session->get_permissions('vote_delete') ) + { return 'Access denied'; - $pname = $paths->nslist[$namespace] . $page_id; - $cv = $paths->pages[$pname]['delvotes']; - $ips = $paths->pages[$pname]['delvote_ips']; - $ips = explode('|', $ips); - if(in_array($_SERVER['REMOTE_ADDR'], $ips)) return('It appears that you have already voted to have this page deleted.'); - if($session->user_logged_in) - if(in_array($session->username, $ips)) - return('It appears that you have already voted to have this page deleted.'); - $ips[] = $_SERVER['REMOTE_ADDR']; - if($session->user_logged_in) $ips[] = $session->username; - $ips = implode('|', $ips); - $ips = substr($ips, 1, strlen($ips)); + } + + if ( $namespace == 'Admin' || $namespace == 'Special' || $namespace == 'System' ) + { + return 'Special pages and system messages can\'t be voted for deletion.'; + } + + $pname = $paths->nslist[$namespace] . sanitize_page_id($page_id); + + if ( !isset($paths->pages[$pname]) ) + { + return 'The page does not exist.'; + } + + $cv =& $paths->pages[$pname]['delvotes']; + $ips = $paths->pages[$pname]['delvote_ips']; + + if ( empty($ips) ) + { + $ips = array( + 'ip' => array(), + 'u' => array() + ); + } + else + { + $ips = @unserialize($ips); + if ( !$ips ) + { + $ips = array( + 'ip' => array(), + 'u' => array() + ); + } + } + + if ( in_array($session->username, $ips['u']) || in_array($_SERVER['REMOTE_ADDR'], $ips['ip']) ) + { + return 'It appears that you have already voted to have this page deleted.'; + } + + $ips['u'][] = $session->username; + $ips['ip'][] = $_SERVER['REMOTE_ADDR']; + $ips = $db->escape( serialize($ips) ); + $cv++; + $q = 'UPDATE '.table_prefix.'pages SET delvotes='.$cv.',delvote_ips=\''.$ips.'\' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\''; $w = $db->sql_query($q); - if(!$w) return("Error updating pages table: ".mysql_error()."\n\nAttemped SQL:\n".$q); - return('Your vote to have this page deleted has been cast.'."\nYou are encouraged to leave a comment explaining the reason for your vote."); + + return 'Your vote to have this page deleted has been cast.'."\nYou are encouraged to leave a comment explaining the reason for your vote."; } /** @@ -1334,7 +1374,7 @@ { global $db, $session, $paths, $template, $plugins; // Common objects if(!$session->get_permissions('vote_reset')) die('You need moderator rights in order to do this, stinkin\' hacker.'); - $q = 'UPDATE '.table_prefix.'pages SET delvotes=0,delvote_ips=\'\' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\''; + $q = 'UPDATE '.table_prefix.'pages SET delvotes=0,delvote_ips=\'' . $db->escape(serialize(array('ip'=>array(),'u'=>array()))) . '\' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\''; $e = $db->sql_query($q); if(!$e) $db->_die('The number of delete votes was not reset.'); else return('The number of votes for having this page deleted has been reset to zero.'); diff -r b348ace50bc7 -r 008b1c42be72 plugins/SpecialPageFuncs.php --- a/plugins/SpecialPageFuncs.php Sat Sep 01 23:29:33 2007 -0400 +++ b/plugins/SpecialPageFuncs.php Sun Sep 02 00:23:07 2007 -0400 @@ -127,6 +127,12 @@ $db->_die('An SQL injection attempt was caught at '.dirname(__FILE__).':'.__LINE__.'.'); } + $ips = array( + 'ip' => array(), + 'u' => array() + ); + $ips = $db->escape(serialize($ips)); + $urlname = sanitize_page_id($urlname); $urlname = $db->escape($urlname); @@ -140,7 +146,7 @@ $db->_die('The page log could not be updated.'); } - $q = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace) VALUES(\''.$name.'\', \''.$urlname.'\', \''.$_POST['namespace'].'\');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,delvote_ips) VALUES(\''.$name.'\', \''.$urlname.'\', \''.$_POST['namespace'].'\',\'' . $ips . '\');'); if ( !$q ) { $db->_die('The page entry could not be inserted.'); diff -r b348ace50bc7 -r 008b1c42be72 upgrade.php --- a/upgrade.php Sat Sep 01 23:29:33 2007 -0400 +++ b/upgrade.php Sun Sep 02 00:23:07 2007 -0400 @@ -77,6 +77,7 @@ ); $this_version = '1.0.1'; $func_list = Array( + '1.0' => Array('u_1_0_1_update_del_votes'), '1.0b4' => Array('u_1_0_RC1_update_user_ids', 'u_1_0_RC1_add_admins_to_group', 'u_1_0_RC1_alter_files_table', 'u_1_0_RC1_destroy_session_cookie', 'u_1_0_RC1_set_contact_email', 'u_1_0_RC1_update_page_text'), // , // '1.0RC2' => Array('u_1_0_populate_userpage_comments') '1.0RC3' => Array('u_1_0_RC3_make_users_extra') @@ -353,23 +354,51 @@ } } -function u_1_0_populate_userpage_comments() +function u_1_0_1_update_del_votes() { - // - // UNFINISHED... - // - - /* global $db; - $q = $db->sql_query('SELECT COUNT(c.comment_id) AS num_comments...'); + $q = $db->sql_query('SELECT urlname, namespace, delvote_ips FROM '.table_prefix.'pages;'); if ( !$q ) $db->_die(); - while ( $row = $db->fetchrow() ) + while ( $row = $db->fetchrow($q) ) { - + $ips = strval($row['delvote_ips']); + if ( is_array( @unserialize($ips) ) ) + continue; + $ips = explode('|', $ips); + $new = array( + 'ip' => array(), + 'u' => array() + ); + $i = 0; + $prev = ''; + $prev_is_ip = false; + foreach ( $ips as $ip ) + { + $i++; + $current_is_ip = is_valid_ip($ip); + if ( $current_is_ip && $prev_is_ip ) + { + $new['u'][] = $prev; + } + if ( $current_is_ip ) + { + $new['ip'][] = $ip; + } + else + { + $new['u'][] = $ip; + } + $prev = $ip; + $prev_is_ip = $current_is_ip; + } + $new = serialize($new); + $e = $db->sql_query('UPDATE '.table_prefix.'pages SET delvote_ips=\'' . $db->escape($new) . '\' WHERE urlname=\'' . $db->escape($row['urlname']) . '\' AND namespace=\'' . $db->escape($row['namespace']) . '\';'); + if ( !$e ) + $db->_die(); } - */ + $db->free_result($q); } function u_1_0_RC3_make_users_extra()