321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 1
<?php
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 2
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 3
/*
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
diff
changeset
+ − 5
* Copyright (C) 2006-2009 Dan Fuhry
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 6
*
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 7
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 8
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 9
*
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 10
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 11
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 12
*/
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 13
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 14
define('ENANO_INTERFACE_AJAX', '');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 15
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 16
require('includes/common.php');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 17
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 18
global $db, $session, $paths, $template, $plugins; // Common objects
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 19
if(!isset($_GET['_mode'])) die('This script cannot be accessed directly.');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 20
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 21
$_ob = '';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 22
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 23
switch($_GET['_mode']) {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 24
case "checkusername":
592
+ − 25
require_once(ENANO_ROOT.'/includes/pageutils.php');
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 26
echo PageUtils::checkusername($_GET['name']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 27
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 28
case "getsource":
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 29
header('Content-type: text/plain');
324
+ − 30
$password = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 31
$revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0;
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 32
$page = new PageProcessor($paths->page_id, $paths->namespace, $revid);
324
+ − 33
$page->password = $password;
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 34
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 35
$have_draft = false;
1161
+ − 36
// Kinda hacky fix for issue 7: draft restore not offered for nonexistent pages
1162
+ − 37
if ( ($src = $page->fetch_source()) || !$page->exists() )
324
+ − 38
{
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 39
$allowed = true;
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 40
$q = $db->sql_query('SELECT author, time_id, page_text, edit_summary, page_format FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 41
AND page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 42
AND namespace = \'' . $db->escape($paths->namespace) . '\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 43
AND is_draft = 1;');
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 44
if ( !$q )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 45
$db->die_json();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 46
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 47
if ( $db->numrows() > 0 )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 48
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 49
$have_draft = true;
419
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
diff
changeset
+ − 50
$draft_row = $db->fetchrow($q);
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 51
}
324
+ − 52
}
325
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 53
else if ( $src !== false )
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 54
{
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 55
$allowed = true;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 56
$src = '';
325
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 57
}
324
+ − 58
else
+ − 59
{
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 60
$allowed = false;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 61
$src = '';
324
+ − 62
}
336
+ − 63
1102
+ − 64
$auth_edit = ( $session->get_permissions('edit_page') && ( $session->get_permissions('even_when_protected') || !$page->ns->page_protected ) );
387
92664d2efab8
Rebranded source code as 1.1.1; added TinyMCE ACL rule as per Vadi's request: http://forum.enanocms.org/viewtopic.php?f=7&t=54
Dan
diff
changeset
+ − 65
$auth_wysiwyg = ( $session->get_permissions('edit_wysiwyg') );
336
+ − 66
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 67
$return = array(
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 68
'mode' => 'editor',
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 69
'src' => $src,
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 70
'auth_view_source' => $allowed,
336
+ − 71
'auth_edit' => $auth_edit,
+ − 72
'time' => time(),
+ − 73
'require_captcha' => false,
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 74
'allow_wysiwyg' => $auth_wysiwyg,
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 75
'revid' => $revid,
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 76
'have_draft' => false
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 77
);
336
+ − 78
1108
c1be67a50d81
Removed the $userpage parameter from Namespace_Default::error_404(). It screwed up a couple plugins. (Thanks Mazza for discovering the issue)
Dan
diff
changeset
+ − 79
$return['page_format'] = $page->ns->cdata['page_format'];
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 80
if ( $return['page_format'] == 'xhtml' )
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 81
{
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 82
// gently process headings to make tinymce format them correctly
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 83
if ( preg_match_all('/^ *?(={1,6}) *(.+?) *\\1 *$/m', $return['src'], $matches) )
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 84
{
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 85
foreach ( $matches[0] as $i => $match )
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 86
{
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 87
$hi = strlen($matches[1][$i]);
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 88
$heading = "<h{$hi}>{$matches[2][$i]}</h{$hi}>";
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 89
$return['src'] = str_replace_once($match, $heading, $return['src']);
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 90
}
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 91
}
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 92
}
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 93
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 94
if ( $have_draft )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 95
{
419
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
diff
changeset
+ − 96
$row =& $draft_row;
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 97
$return['have_draft'] = true;
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 98
$return['draft_author'] = $row['author'];
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
diff
changeset
+ − 99
$return['draft_time'] = enano_date(ED_DATE | ED_TIME, intval($row['time_id']));
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 100
if ( isset($_GET['get_draft']) && @$_GET['get_draft'] === '1' )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 101
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 102
$return['src'] = $row['page_text'];
417
+ − 103
$return['edit_summary'] = $row['edit_summary'];
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 104
$return['page_format'] = $row['page_format'];
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 105
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 106
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 107
468
+ − 108
$return['undo_info'] = array();
+ − 109
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 110
if ( $revid > 0 )
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 111
{
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 112
// Retrieve information about this revision and the current one
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 113
$q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 114
LEFT JOIN ' . table_prefix . 'logs AS l2
468
+ − 115
ON ( l2.log_id = ' . $revid . '
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 116
AND l2.log_type = \'page\'
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 117
AND l2.action = \'edit\'
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 118
AND l2.page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 119
AND l2.namespace = \'' . $db->escape($paths->namespace) . '\'
468
+ − 120
AND l2.is_draft != 1
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 121
)
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 122
WHERE l1.log_type = \'page\'
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 123
AND l1.action = \'edit\'
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 124
AND l1.page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 125
AND l1.namespace = \'' . $db->escape($paths->namespace) . '\'
468
+ − 126
AND l1.time_id > ' . $page->revision_time . '
+ − 127
AND l1.is_draft != 1
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 128
ORDER BY l1.time_id DESC;');
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 129
if ( !$q )
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 130
$db->die_json();
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 131
468
+ − 132
if ( $db->numrows() > 0 )
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 133
{
468
+ − 134
$rev_count = $db->numrows() - 1;
+ − 135
if ( $rev_count == -1 )
+ − 136
{
+ − 137
$return = array(
+ − 138
'mode' => 'error',
+ − 139
'error' => '[Internal] No rows returned by revision info query. SQL:<pre>' . $db->latest_query . '</pre>'
+ − 140
);
+ − 141
}
+ − 142
else
+ − 143
{
+ − 144
$row = $db->fetchrow();
+ − 145
$return['undo_info'] = array(
+ − 146
'old_author' => $row['oldrev_author'],
+ − 147
'current_author' => $row['currentrev_author'],
+ − 148
'undo_count' => $rev_count
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 149
);
468
+ − 150
}
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 151
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 152
else
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 153
{
468
+ − 154
$return['revid'] = $revid = 0;
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 155
}
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 156
}
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 157
336
+ − 158
if ( $auth_edit && !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
+ − 159
{
+ − 160
$return['require_captcha'] = true;
+ − 161
$return['captcha_id'] = $session->make_captcha();
+ − 162
}
+ − 163
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 164
$template->load_theme();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 165
$return['toolbar_templates'] = $template->extract_vars('toolbar.tpl');
1068
4bcefa85649c
Editor: completely moved wiki edit notice to AJAX fetch, so it's not shipped with the page anymore.
Dan
diff
changeset
+ − 166
$return['edit_notice'] = $template->get_wiki_edit_notice();
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 167
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 168
echo enano_json_encode($return);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 169
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 170
case "getpage":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 171
// echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 172
$output = new Output_Striptease();
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 173
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 174
$revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
324
+ − 175
$page = new PageProcessor( $paths->page_id, $paths->namespace, $revision_id );
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 176
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 177
$pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : '';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 178
$page->password = $pagepass;
963
b572ce1114f1
Wikitext redirects should work again + get_redirect() added to Namespace_* to allow plugins to extend
Dan
diff
changeset
+ − 179
$page->allow_redir = ( !isset($_GET['redirect']) || (isset($_GET['redirect']) && $_GET['redirect'] !== 'no') );
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 180
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 181
$page->send();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 182
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 183
case "savepage":
468
+ − 184
/* **** OBSOLETE **** */
592
+ − 185
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 186
break;
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 187
case "savepage_json":
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 188
header('Content-type: application/json');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 189
if ( !isset($_POST['r']) )
550
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 190
die('Invalid request');
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 191
880
+ − 192
try
+ − 193
{
+ − 194
$request = enano_json_decode($_POST['r']);
+ − 195
if ( !isset($request['src']) || !isset($request['summary']) || !isset($request['minor_edit']) || !isset($request['time']) || !isset($request['draft']) )
+ − 196
die('Invalid request');
+ − 197
}
+ − 198
catch(Zend_Json_Exception $e)
+ − 199
{
+ − 200
die("JSON parsing failed. View as HTML to see full report.\n<br /><br />\n<pre>" . htmlspecialchars(strval($e)) . "</pre><br />Request: <pre>" . htmlspecialchars($_POST['r']) . "</pre>");
+ − 201
}
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 202
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 203
$time = intval($request['time']);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 204
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 205
if ( $request['draft'] )
336
+ − 206
{
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 207
//
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 208
// The user wants to save a draft version of the page.
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 209
//
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 210
550
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 211
// Validate permissions
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 212
if ( !$session->get_permissions('edit_page') )
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 213
{
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 214
$return = array(
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 215
'mode' => 'error',
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 216
'error' => 'access_denied'
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 217
);
550
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 218
}
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 219
else
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 220
{
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 221
// Delete any draft copies if they exist
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 222
$q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 223
AND page_id = \'' . $db->escape($paths->page_id) . '\'
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 224
AND namespace = \'' . $db->escape($paths->namespace) . '\'
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 225
AND is_draft = 1;');
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 226
if ( !$q )
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 227
$db->die_json();
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 228
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 229
// are we just supposed to delete the draft?
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 230
if ( $request['src'] === -1 )
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 231
{
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 232
$return = array(
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 233
'mode' => 'success',
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 234
'is_draft' => 'delete'
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 235
);
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 236
}
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 237
else
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 238
{
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 239
$src = RenderMan::preprocess_text($request['src'], false, false);
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 240
$draft_format = $request['format'];
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 241
if ( !in_array($draft_format, array('xhtml', 'wikitext')) )
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 242
{
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 243
$return = array(
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 244
'mode' => 'error',
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 245
'error' => 'invalid_format'
550
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 246
);
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 247
}
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 248
else
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 249
{
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 250
// Save the draft
1175
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 251
$q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs ( log_type, action, page_id, namespace, author, author_uid, edit_summary, page_text, is_draft, time_id, page_format )
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 252
VALUES (
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 253
\'page\',
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 254
\'edit\',
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 255
\'' . $db->escape($paths->page_id) . '\',
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 256
\'' . $db->escape($paths->namespace) . '\',
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 257
\'' . $db->escape($session->username) . '\',
1175
1e2c9819ede3
Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
diff
changeset
+ − 258
' . $session->user_id . ',
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 259
\'' . $db->escape($request['summary']) . '\',
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 260
\'' . $db->escape($src) . '\',
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 261
1,
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 262
' . time() . ',
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 263
\'' . $draft_format . '\'
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 264
);');
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 265
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 266
// Done!
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 267
$return = array(
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 268
'mode' => 'success',
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 269
'is_draft' => true
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 270
);
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 271
}
550
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 272
}
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 273
}
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 274
}
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 275
else
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 276
{
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 277
// Verify that no edits have been made since the editor was requested
416
+ − 278
$q = $db->sql_query('SELECT time_id, author FROM ' . table_prefix . "logs WHERE log_type = 'page' AND action = 'edit' AND page_id = '{$paths->page_id}' AND namespace = '{$paths->namespace}' AND is_draft != 1 ORDER BY time_id DESC LIMIT 1;");
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 279
if ( !$q )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 280
$db->die_json();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 281
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 282
$row = $db->fetchrow();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 283
$db->free_result();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 284
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 285
if ( $row['time_id'] > $time )
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 286
{
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 287
$return = array(
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 288
'mode' => 'obsolete',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 289
'author' => $row['author'],
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
diff
changeset
+ − 290
'date_string' => enano_date(ED_DATE | ED_TIME, $row['time_id']),
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 291
'time' => $row['time_id'] // time() ???
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 292
);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 293
echo enano_json_encode($return);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 294
break;
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 295
}
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 296
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 297
// Verify captcha, if needed
555
ac4c6a7f01d8
Added user preference for disabling visual effects in Javascript applets; added re-import button to installed plugins
Dan
diff
changeset
+ − 298
if ( false && !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
336
+ − 299
{
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 300
if ( !isset($request['captcha_id']) || !isset($request['captcha_code']) )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 301
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 302
die('Invalid request, need captcha metadata');
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 303
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 304
$code_correct = strtolower($session->get_captcha($request['captcha_id']));
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 305
$code_input = strtolower($request['captcha_code']);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 306
if ( $code_correct !== $code_input )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 307
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 308
$return = array(
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 309
'mode' => 'errors',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 310
'errors' => array($lang->get('editor_err_captcha_wrong')),
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 311
'new_captcha' => $session->make_captcha()
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 312
);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 313
echo enano_json_encode($return);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 314
break;
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 315
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 316
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 317
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 318
// Verification complete. Start the PageProcessor and let it do the dirty work for us.
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 319
$page = new PageProcessor($paths->page_id, $paths->namespace);
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 320
if ( $page->update_page($request['src'], $request['summary'], ( $request['minor_edit'] == 1 ), $request['format']) )
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 321
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 322
$return = array(
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 323
'mode' => 'success',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 324
'is_draft' => false
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 325
);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 326
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 327
else
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 328
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 329
$errors = array();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 330
while ( $err = $page->pop_error() )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 331
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 332
$errors[] = $err;
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 333
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 334
$return = array(
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 335
'mode' => 'errors',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 336
'errors' => array_values($errors)
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 337
);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 338
if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 339
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 340
$return['new_captcha'] = $session->make_captcha();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 341
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 342
}
468
+ − 343
}
+ − 344
+ − 345
// If this is based on a draft version, delete the draft - we no longer need it.
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 346
if ( @$request['used_draft'] && !$request['draft'] )
468
+ − 347
{
+ − 348
$q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
+ − 349
AND page_id = \'' . $db->escape($paths->page_id) . '\'
+ − 350
AND namespace = \'' . $db->escape($paths->namespace) . '\'
+ − 351
AND is_draft = 1;');
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 352
}
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 353
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 354
echo enano_json_encode($return);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 355
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 356
break;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 357
case "diff_cur":
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 358
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 359
// Lie about our content type to fool ad scripts
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 360
header('Content-type: application/xhtml+xml');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 361
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 362
if ( !isset($_POST['text']) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 363
die('Invalid request');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 364
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 365
$page = new PageProcessor($paths->page_id, $paths->namespace);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 366
if ( !($src = $page->fetch_source()) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 367
{
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 368
die('Access denied');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 369
}
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 370
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 371
$diff = RenderMan::diff($src, $_POST['text']);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 372
if ( $diff == '<table class="diff"></table>' )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 373
{
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 374
$diff = '<p>' . $lang->get('editor_msg_diff_empty') . '</p>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 375
}
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 376
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 377
echo '<div class="info-box">' . $lang->get('editor_msg_diff') . '</div>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 378
echo $diff;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 379
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 380
break;
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 381
case "protect":
468
+ − 382
// echo PageUtils::protect($paths->page_id, $paths->namespace, (int)$_POST['level'], $_POST['reason']);
481
+ − 383
+ − 384
if ( @$_POST['reason'] === '__ROLLBACK__' )
+ − 385
{
+ − 386
// __ROLLBACK__ is a keyword for log entries.
+ − 387
die('"__ROLLBACK__" ain\'t gonna do it, buddy. Try to _not_ use reserved keywords next time, ok?');
+ − 388
}
+ − 389
468
+ − 390
$page = new PageProcessor($paths->page_id, $paths->namespace);
+ − 391
header('Content-type: application/json');
+ − 392
+ − 393
$result = $page->protect_page(intval($_POST['level']), $_POST['reason']);
+ − 394
echo enano_json_encode($result);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 395
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 396
case "histlist":
592
+ − 397
require_once(ENANO_ROOT.'/includes/pageutils.php');
324
+ − 398
echo PageUtils::histlist($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 399
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 400
case "rollback":
468
+ − 401
$id = intval(@$_GET['id']);
+ − 402
$page = new PageProcessor($paths->page_id, $paths->namespace);
+ − 403
header('Content-type: application/json');
+ − 404
+ − 405
$result = $page->rollback_log_entry($id);
+ − 406
echo enano_json_encode($result);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 407
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 408
case "comments":
592
+ − 409
require_once(ENANO_ROOT.'/includes/comment.php');
324
+ − 410
$comments = new Comments($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 411
if ( isset($_POST['data']) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 412
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 413
$comments->process_json($_POST['data']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 414
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 415
else
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 416
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 417
die('{ "mode" : "error", "error" : "No input" }');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 418
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 419
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 420
case "rename":
468
+ − 421
$page = new PageProcessor($paths->page_id, $paths->namespace);
+ − 422
header('Content-type: application/json');
+ − 423
+ − 424
$result = $page->rename_page($_POST['newtitle']);
+ − 425
echo enano_json_encode($result);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 426
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 427
case "flushlogs":
592
+ − 428
require_once(ENANO_ROOT.'/includes/pageutils.php');
324
+ − 429
echo PageUtils::flushlogs($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 430
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 431
case "deletepage":
592
+ − 432
require_once(ENANO_ROOT.'/includes/pageutils.php');
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 433
$reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 434
if ( empty($reason) )
378
c1c7fa6b329f
Got Enano to load even if there are no plugins; added caching for decrypted session keys to significantly improve performance (in theory at least)
Dan
diff
changeset
+ − 435
die($lang->get('page_err_need_reason'));
324
+ − 436
echo PageUtils::deletepage($paths->page_id, $paths->namespace, $reason);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 437
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 438
case "delvote":
592
+ − 439
require_once(ENANO_ROOT.'/includes/pageutils.php');
324
+ − 440
echo PageUtils::delvote($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 441
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 442
case "resetdelvotes":
592
+ − 443
require_once(ENANO_ROOT.'/includes/pageutils.php');
324
+ − 444
echo PageUtils::resetdelvotes($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 445
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 446
case "getstyles":
592
+ − 447
require_once(ENANO_ROOT.'/includes/pageutils.php');
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 448
echo PageUtils::getstyles($_GET['id']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 449
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 450
case "catedit":
592
+ − 451
require_once(ENANO_ROOT.'/includes/pageutils.php');
324
+ − 452
echo PageUtils::catedit($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 453
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 454
case "catsave":
592
+ − 455
require_once(ENANO_ROOT.'/includes/pageutils.php');
324
+ − 456
echo PageUtils::catsave($paths->page_id, $paths->namespace, $_POST);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 457
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 458
case "setwikimode":
592
+ − 459
require_once(ENANO_ROOT.'/includes/pageutils.php');
324
+ − 460
echo PageUtils::setwikimode($paths->page_id, $paths->namespace, (int)$_GET['mode']);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 461
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 462
case "setpass":
592
+ − 463
require_once(ENANO_ROOT.'/includes/pageutils.php');
324
+ − 464
echo PageUtils::setpass($paths->page_id, $paths->namespace, $_POST['password']);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 465
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 466
case "fillusername":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 467
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 468
case "fillpagename":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 469
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 470
case "preview":
592
+ − 471
require_once(ENANO_ROOT.'/includes/pageutils.php');
714
+ − 472
$template->init_vars();
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 473
echo PageUtils::genPreview($_POST['text']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 474
break;
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 475
case "transform":
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 476
header('Content-type: text/javascript');
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 477
if ( !isset($_GET['to']) )
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 478
{
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 479
echo enano_json_encode(array(
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 480
'mode' => 'error',
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 481
'error' => '"to" not specified'
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 482
));
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 483
break;
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 484
}
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 485
if ( !isset($_POST['text']) )
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 486
{
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 487
echo enano_json_encode(array(
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 488
'mode' => 'error',
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 489
'error' => '"text" not specified (must be on POST)'
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 490
));
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 491
break;
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 492
}
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 493
switch($_GET['to'])
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 494
{
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 495
case 'xhtml':
1108
c1be67a50d81
Removed the $userpage parameter from Namespace_Default::error_404(). It screwed up a couple plugins. (Thanks Mazza for discovering the issue)
Dan
diff
changeset
+ − 496
$result = RenderMan::render($_POST['text'], RENDER_BLOCK | RENDER_NOSMILIES, false);
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 497
break;
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 498
case 'wikitext':
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 499
$result = RenderMan::reverse_render($_POST['text']);
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 500
break;
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 501
default:
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 502
$text =& $_POST['text'];
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 503
$result = false;
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 504
$code = $plugins->setHook('ajax_transform');
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 505
foreach ( $code as $cmd )
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 506
{
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 507
eval($cmd);
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 508
}
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 509
if ( !$result )
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 510
{
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 511
echo enano_json_encode(array(
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 512
'mode' => 'error',
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 513
'error' => 'Invalid target format'
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 514
));
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 515
break;
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 516
}
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 517
break;
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 518
}
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 519
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 520
// mostly for debugging, but I suppose this could be useful elsewhere.
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 521
if ( isset($_POST['plaintext']) )
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 522
die($result);
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 523
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 524
echo enano_json_encode(array(
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 525
'mode' => 'transformed_text',
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 526
'text' => $result
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 527
));
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 528
break;
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 529
case "pagediff":
592
+ − 530
require_once(ENANO_ROOT.'/includes/pageutils.php');
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 531
$id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 532
$id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 533
if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 534
if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) ||
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 535
!preg_match('#^([0-9]+)$#', (string)$_GET['diff2'] )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
324
+ − 536
echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 537
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 538
case "jsres":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 539
die('// ERROR: this section is deprecated and has moved to includes/clientside/static/enano-lib-basic.js.');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 540
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 541
case "rdns":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 542
if(!$session->get_permissions('mod_misc')) die('Go somewhere else for your reverse DNS info!');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 543
$ip = $_GET['ip'];
1005
+ − 544
if ( !is_valid_ip($ip) )
+ − 545
{
+ − 546
echo $lang->get('acpsl_err_invalid_ip');
+ − 547
}
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 548
$rdns = gethostbyaddr($ip);
1005
+ − 549
if ( $rdns == $ip )
+ − 550
echo $lang->get('acpsl_err_ptr_no_resolve');
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 551
else echo $rdns;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 552
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 553
case 'acljson':
592
+ − 554
require_once(ENANO_ROOT.'/includes/pageutils.php');
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 555
$parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 556
echo PageUtils::acl_json($parms);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 557
break;
870
+ − 558
case 'theme_list':
+ − 559
header('Content-type: application/json');
+ − 560
+ − 561
$return = array();
968
+ − 562
foreach ( $template->theme_list as $theme )
870
+ − 563
{
1017
+ − 564
if ( $theme['enabled'] != 1 )
+ − 565
continue;
+ − 566
968
+ − 567
$return[] = array(
+ − 568
'theme_name' => $theme['theme_name'],
+ − 569
'theme_id' => $theme['theme_id'],
+ − 570
'have_thumb' => file_exists(ENANO_ROOT . "/themes/{$theme['theme_id']}/preview.png")
+ − 571
);
870
+ − 572
}
+ − 573
+ − 574
echo enano_json_encode($return);
+ − 575
+ − 576
break;
+ − 577
case "get_styles":
+ − 578
if ( !preg_match('/^[a-z0-9_-]+$/', $_GET['theme_id']) )
+ − 579
die(enano_json_encode(array()));
+ − 580
+ − 581
$theme_id = $_GET['theme_id'];
+ − 582
$return = array();
+ − 583
+ − 584
if ( $dr = @opendir(ENANO_ROOT . "/themes/$theme_id/css/") )
+ − 585
{
+ − 586
while ( $dh = @readdir($dr) )
+ − 587
{
+ − 588
if ( preg_match('/\.css$/', $dh) && $dh != '_printable.css' )
+ − 589
{
+ − 590
$return[] = preg_replace('/\.css$/', '', $dh);
+ − 591
}
+ − 592
}
+ − 593
}
+ − 594
else
+ − 595
{
+ − 596
$return = array(
+ − 597
'mode' => 'error',
+ − 598
'error' => 'Could not open directory.'
+ − 599
);
+ − 600
}
+ − 601
echo enano_json_encode($return);
+ − 602
break;
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 603
case "change_theme":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 604
if ( !isset($_POST['theme_id']) || !isset($_POST['style_id']) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 605
{
870
+ − 606
die(enano_json_encode(array('mode' => 'error', 'error' => 'Invalid parameter')));
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 607
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 608
if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme_id']) || !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style_id']) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 609
{
870
+ − 610
die(enano_json_encode(array('mode' => 'error', 'error' => 'Invalid parameter')));
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 611
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 612
if ( !file_exists(ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css') )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 613
{
870
+ − 614
die(enano_json_encode(array('mode' => 'error', 'error' => 'Can\'t find theme file: ' . ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css')));;
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 615
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 616
if ( !$session->user_logged_in )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 617
{
870
+ − 618
die(enano_json_encode(array('mode' => 'error', 'error' => 'You must be logged in to change your theme')));
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 619
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 620
// Just in case something slipped through...
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 621
$theme_id = $db->escape($_POST['theme_id']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 622
$style_id = $db->escape($_POST['style_id']);
870
+ − 623
$e = $db->sql_query('UPDATE ' . table_prefix . "users SET theme = '$theme_id', style = '$style_id' WHERE user_id = $session->user_id;");
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 624
if ( !$e )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 625
die( $db->get_error() );
870
+ − 626
+ − 627
echo enano_json_encode(array(
+ − 628
'success' => true
+ − 629
));
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 630
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 631
case 'get_tags':
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 632
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 633
$ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 634
$q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user_id FROM '.table_prefix.'tags AS t
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 635
LEFT JOIN '.table_prefix.'page_groups AS pg
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 636
ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
324
+ − 637
WHERE t.page_id=\'' . $db->escape($paths->page_id) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 638
if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 639
$db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 640
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 641
while ( $row = $db->fetchrow() )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 642
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 643
$can_del = true;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 644
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 645
$perm = ( $row['user_id'] != $session->user_id ) ?
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 646
'tag_delete_other' :
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 647
'tag_delete_own';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 648
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 649
if ( $row['user_id'] == 1 && !$session->user_logged_in )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 650
// anonymous user trying to delete tag (hardcode blacklisted)
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 651
$can_del = false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 652
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 653
if ( !$session->get_permissions($perm) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 654
$can_del = false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 655
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 656
if ( $row['used_in_acl'] == 1 && !$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 657
$can_del = false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 658
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 659
$ret['tags'][] = array(
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 660
'id' => $row['tag_id'],
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 661
'name' => $row['tag_name'],
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 662
'can_del' => $can_del,
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 663
'acl' => ( $row['used_in_acl'] == 1 )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 664
);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 665
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 666
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 667
echo enano_json_encode($ret);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 668
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 669
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 670
case 'addtag':
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 671
$resp = array(
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 672
'success' => false,
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 673
'error' => 'No error',
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 674
'can_del' => ( $session->get_permissions('tag_delete_own') && $session->user_logged_in ),
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 675
'in_acl' => false
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 676
);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 677
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 678
// first of course, are we allowed to tag pages?
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 679
if ( !$session->get_permissions('tag_create') )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 680
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 681
$resp['error'] = 'You are not permitted to tag pages.';
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 682
die(enano_json_encode($resp));
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 683
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 684
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 685
// sanitize the tag name
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 686
$tag = sanitize_tag($_POST['tag']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 687
$tag = $db->escape($tag);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 688
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 689
if ( strlen($tag) < 2 )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 690
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 691
$resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.';
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 692
die(enano_json_encode($resp));
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 693
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 694
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 695
// check if tag is already on page
324
+ − 696
$q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';');
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 697
if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 698
$db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 699
if ( $db->numrows() > 0 )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 700
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 701
$resp['error'] = 'This page already has this tag.';
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 702
die(enano_json_encode($resp));
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 703
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 704
$db->free_result();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 705
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 706
// tricky: make sure this tag isn't being used in some page group, and thus adding it could affect page access
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 707
$can_edit_acl = ( $session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN );
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 708
$q = $db->sql_query('SELECT 1 FROM '.table_prefix.'page_groups WHERE pg_type=' . PAGE_GRP_TAGGED . ' AND pg_target=\'' . $tag . '\';');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 709
if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 710
$db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 711
if ( $db->numrows() > 0 && !$can_edit_acl )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 712
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 713
$resp['error'] = 'This tag is used in an ACL page group, and thus can\'t be added to a page by people without administrator privileges.';
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 714
die(enano_json_encode($resp));
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 715
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 716
$resp['in_acl'] = ( $db->numrows() > 0 );
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 717
$db->free_result();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 718
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 719
// we're good
324
+ − 720
$q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user_id) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->page_id) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 721
if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 722
$db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 723
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 724
$resp['success'] = true;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 725
$resp['tag'] = $tag;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 726
$resp['tag_id'] = $db->insert_id();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 727
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 728
echo enano_json_encode($resp);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 729
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 730
case 'deltag':
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 731
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 732
$tag_id = intval($_POST['tag_id']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 733
if ( empty($tag_id) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 734
die('Invalid tag ID');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 735
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 736
$q = $db->sql_query('SELECT t.tag_id, t.user_id, t.page_id, t.namespace, pg.pg_target IS NOT NULL AS used_in_acl FROM '.table_prefix.'tags AS t
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 737
LEFT JOIN '.table_prefix.'page_groups AS pg
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 738
ON ( pg.pg_id IS NULL OR ( pg.pg_target = t.tag_name AND pg.pg_type = ' . PAGE_GRP_TAGGED . ' ) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 739
WHERE t.tag_id=' . $tag_id . ';');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 740
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 741
if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 742
$db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 743
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 744
if ( $db->numrows() < 1 )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 745
die('Could not find a tag with that ID');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 746
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 747
$row = $db->fetchrow();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 748
$db->free_result();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 749
324
+ − 750
if ( $row['page_id'] == $paths->page_id && $row['namespace'] == $paths->namespace )
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 751
$perms =& $session;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 752
else
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 753
$perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 754
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 755
$perm = ( $row['user_id'] != $session->user_id ) ?
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 756
'tag_delete_other' :
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 757
'tag_delete_own';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 758
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 759
if ( $row['user_id'] == 1 && !$session->user_logged_in )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 760
// anonymous user trying to delete tag (hardcode blacklisted)
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 761
die('You are not authorized to delete this tag.');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 762
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 763
if ( !$perms->get_permissions($perm) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 764
die('You are not authorized to delete this tag.');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 765
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 766
if ( $row['used_in_acl'] == 1 && !$perms->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 767
die('You are not authorized to delete this tag.');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 768
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 769
// We're good
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 770
$q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE tag_id = ' . $tag_id . ';');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 771
if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 772
$db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 773
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 774
echo 'success';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 775
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 776
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 777
case 'ping':
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 778
echo 'pong';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 779
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 780
default:
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 781
die('Hacking attempt');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 782
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 783
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 784
0
+ − 785
?>