1
+ − 1
<?php
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 2
1
+ − 3
/*
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 5
* Version 1.1.6 (Caoineag beta 1)
1
+ − 6
* pageprocess.php - intelligent retrieval of pages
536
+ − 7
* Copyright (C) 2006-2008 Dan Fuhry
1
+ − 8
*
+ − 9
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 10
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 11
*
+ − 12
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 13
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 14
*/
+ − 15
+ − 16
/**
+ − 17
* Class to handle fetching page text (possibly from a cache) and formatting it.
322
+ − 18
* As of 1.0.4, this also handles the fetching and editing of certain data for pages.
1
+ − 19
* @package Enano
+ − 20
* @subpackage UI
+ − 21
* @copyright 2007 Dan Fuhry
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 22
* @license GNU General Public License <http://www.gnu.org/licenses/gpl-2.0.html>
1
+ − 23
*/
+ − 24
+ − 25
class PageProcessor
+ − 26
{
+ − 27
+ − 28
/**
+ − 29
* Page ID and namespace of the page handled by this instance
+ − 30
* @var string
+ − 31
*/
+ − 32
+ − 33
var $page_id;
+ − 34
var $namespace;
+ − 35
+ − 36
/**
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 37
* The instance of the namespace processor for the namespace we're doing.
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 38
* @var object
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 39
*/
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 40
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 41
var $ns;
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 42
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 43
/**
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 44
* The title of the page sent to the template parser
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 45
* @var string
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 46
*/
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 47
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 48
var $title = '';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 49
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 50
/**
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 51
* The information about the page(s) we were redirected from
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 52
* @var array
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 53
*/
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 54
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 55
var $redirect_stack = array();
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 56
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 57
/**
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 58
* The revision ID (history entry) to send. If set to 0 (the default) then the most recent revision will be sent.
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 59
* @var int
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 60
*/
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 61
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 62
var $revision_id = 0;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 63
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 64
/**
468
+ − 65
* The time this revision was saved, as a UNIX timestamp
+ − 66
* @var int
+ − 67
*/
+ − 68
+ − 69
var $revision_time = 0;
+ − 70
+ − 71
/**
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 72
* Unsanitized page ID.
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 73
* @var string
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 74
*/
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 75
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 76
var $page_id_unclean;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 77
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 78
/**
1
+ − 79
* Tracks if the page we're loading exists in the database or not.
+ − 80
* @var bool
+ − 81
*/
+ − 82
+ − 83
var $page_exists = false;
+ − 84
+ − 85
/**
+ − 86
* Permissions!
+ − 87
* @var object
+ − 88
*/
+ − 89
+ − 90
var $perms = null;
+ − 91
+ − 92
/**
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 93
* The SHA1 hash of the user-inputted password for the page
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 94
* @var string
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 95
*/
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 96
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 97
var $password = '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 98
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 99
/**
1
+ − 100
* Switch to track if redirects are allowed. Defaults to true.
+ − 101
* @var bool
+ − 102
*/
+ − 103
+ − 104
var $allow_redir = true;
+ − 105
+ − 106
/**
+ − 107
* If this is set to true, this will call the header and footer funcs on $template when render() is called.
+ − 108
* @var bool
+ − 109
*/
+ − 110
+ − 111
var $send_headers = false;
+ − 112
+ − 113
/**
+ − 114
* Cache the fetched text so we don't fetch it from the DB twice.
+ − 115
* @var string
+ − 116
*/
+ − 117
+ − 118
var $text_cache = '';
+ − 119
+ − 120
/**
+ − 121
* Debugging information to track errors. You can set enable to false to disable sending debug information.
+ − 122
* @var array
+ − 123
*/
+ − 124
+ − 125
var $debug = array(
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 126
'enable' => false,
1
+ − 127
'works' => false
+ − 128
);
+ − 129
+ − 130
/**
322
+ − 131
* The list of errors raised in the class.
+ − 132
* @var array
+ − 133
*/
+ − 134
+ − 135
var $_errors = array();
+ − 136
+ − 137
/**
1
+ − 138
* Constructor.
+ − 139
* @param string The page ID (urlname) of the page
+ − 140
* @param string The namespace of the page
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 141
* @param int Optional. The revision ID to send.
1
+ − 142
*/
+ − 143
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 144
function __construct( $page_id, $namespace, $revision_id = 0 )
1
+ − 145
{
+ − 146
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 147
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 148
profiler_log("PageProcessor [{$namespace}:{$page_id}]: Started constructor");
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 149
1
+ − 150
// See if we can get some debug info
+ − 151
if ( function_exists('debug_backtrace') && $this->debug['enable'] )
+ − 152
{
+ − 153
$this->debug['works'] = true;
+ − 154
$this->debug['backtrace'] = enano_debug_print_backtrace(true);
+ − 155
}
+ − 156
+ − 157
// First things first - check page existence and permissions
+ − 158
+ − 159
if ( !isset($paths->nslist[$namespace]) )
+ − 160
{
+ − 161
$this->send_error('The namespace "' . htmlspecialchars($namespace) . '" does not exist.');
+ − 162
}
+ − 163
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 164
if ( !is_int($revision_id) )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 165
$revision_id = 0;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 166
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 167
$this->_setup( $page_id, $namespace, $revision_id );
1
+ − 168
}
+ − 169
+ − 170
/**
61
+ − 171
* The main method to send the page content. Also responsible for checking permissions and calling the statistics counter.
+ − 172
* @param bool If true, the stat counter is called. Defaults to false.
1
+ − 173
*/
+ − 174
61
+ − 175
function send( $do_stats = false )
1
+ − 176
{
+ − 177
global $db, $session, $paths, $template, $plugins; // Common objects
314
+ − 178
global $lang;
+ − 179
592
+ − 180
profiler_log('PageProcessor: send() called');
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 181
1
+ − 182
if ( !$this->perms->get_permissions('read') )
+ − 183
{
570
+ − 184
if ( $this->send_headers )
+ − 185
{
+ − 186
$template->init_vars($this);
+ − 187
}
511
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 188
// Permission denied to read page. Is this one of our core pages that must always be allowed?
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 189
// NOTE: Not even the administration panel will work if ACLs deny access to it.
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 190
if ( $this->namespace == 'Special' && in_array($this->page_id, array('Login', 'Logout', 'LangExportJSON', 'CSS')) )
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 191
{
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 192
// Do nothing; allow execution to continue
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 193
}
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 194
else
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 195
{
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 196
// Page isn't whitelisted, behave as normal
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 197
$this->err_access_denied();
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 198
return false;
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 199
}
1
+ − 200
}
825
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 201
if ( $this->revision_id > 0 && !$this->perms->get_permissions('history_view') )
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 202
{
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 203
$this->err_access_denied();
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 204
return false;
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 205
}
571
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 206
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 207
// Is there a custom function registered for handling this namespace?
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 208
// DEPRECATED (even though it only saw its way into one alpha release.)
571
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 209
if ( $proc = $paths->get_namespace_processor($this->namespace) )
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 210
{
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 211
// yes, just call that
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 212
// this is protected aggressively by the PathManager against overriding critical namespaces
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 213
return call_user_func($proc, $this);
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 214
}
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 215
24
+ − 216
$pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
+ − 217
$strict_no_headers = false;
793
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 218
$admin_fail = false;
329
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 219
if ( $this->namespace == 'Admin' && strstr($this->page_id, '/') )
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 220
{
570
+ − 221
if ( $this->send_headers )
+ − 222
{
+ − 223
$template->init_vars($this);
+ − 224
}
329
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 225
$this->page_id = substr($this->page_id, 0, strpos($this->page_id, '/'));
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 226
$funcname = "page_{$this->namespace}_{$this->page_id}";
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 227
if ( function_exists($funcname) )
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 228
{
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 229
$this->page_exists = true;
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 230
}
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 231
}
24
+ − 232
if ( isset($paths->pages[$pathskey]) )
+ − 233
{
570
+ − 234
if ( $this->send_headers )
+ − 235
{
+ − 236
$template->init_vars($this);
+ − 237
}
24
+ − 238
if ( $paths->pages[$pathskey]['special'] == 1 )
+ − 239
{
+ − 240
$this->send_headers = false;
+ − 241
$strict_no_headers = true;
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 242
$GLOBALS['output'] = new Output_Naked();
24
+ − 243
}
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 244
if ( isset($paths->pages[$pathskey]['password']) )
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 245
{
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 246
if ( $paths->pages[$pathskey]['password'] != '' && $paths->pages[$pathskey]['password'] != sha1('') )
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 247
{
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 248
$password =& $paths->pages[$pathskey]['password'];
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 249
if ( $this->password != $password )
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 250
{
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 251
$this->err_wrong_password();
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 252
return false;
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 253
}
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 254
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 255
}
793
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 256
if ( isset($paths->pages[$pathskey]['require_admin']) && $paths->pages[$pathskey]['require_admin'] )
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 257
{
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 258
if ( $session->auth_level < USER_LEVEL_ADMIN )
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 259
{
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 260
$admin_fail = true;
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 261
}
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 262
}
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 263
}
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 264
else if ( $this->namespace === $paths->namespace && $this->page_id == $paths->page_id )
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 265
{
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 266
if ( isset($paths->cpage['require_admin']) && $paths->cpage['require_admin'] )
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 267
{
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 268
if ( $session->auth_level < USER_LEVEL_ADMIN )
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 269
{
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 270
$admin_fail = true;
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 271
}
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 272
}
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 273
}
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 274
if ( $admin_fail )
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 275
{
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 276
header('Content-type: text/javascript');
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 277
echo enano_json_encode(array(
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 278
'mode' => 'error',
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 279
'error' => 'need_auth_to_admin'
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 280
));
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 281
return true;
24
+ − 282
}
61
+ − 283
if ( $this->page_exists && $this->namespace != 'Special' && $this->namespace != 'Admin' && $do_stats )
+ − 284
{
592
+ − 285
require_once(ENANO_ROOT.'/includes/stats.php');
61
+ − 286
doStats($this->page_id, $this->namespace);
+ − 287
}
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 288
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 289
// We are all done. Ship off the page.
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 290
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 291
if ( $this->send_headers )
1
+ − 292
{
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 293
$template->init_vars($this);
1
+ − 294
}
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 295
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 296
$this->ns->send();
741
+ − 297
}
+ − 298
+ − 299
/**
+ − 300
* Sends the page through by fetching it from the database.
+ − 301
*/
+ − 302
+ − 303
function send_from_db($strict_no_headers = false)
+ − 304
{
+ − 305
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 306
global $lang;
+ − 307
+ − 308
// Send as regular page
+ − 309
if ( $this->send_headers )
+ − 310
{
+ − 311
$template->init_vars($this);
+ − 312
}
+ − 313
+ − 314
$text = $this->fetch_text();
+ − 315
+ − 316
if ( $text == 'err_no_text_rows' )
+ − 317
{
+ − 318
$this->err_no_rows();
+ − 319
return false;
+ − 320
}
+ − 321
else
+ − 322
{
+ − 323
$redirect = ( isset($_GET['redirect']) ) ? $_GET['redirect'] : 'YES YOU IDIOT';
+ − 324
if ( preg_match('/^#redirect \[\[([^\]]+)\]\]/i', $text, $match) && $redirect != 'no' )
570
+ − 325
{
741
+ − 326
// Redirect page!
+ − 327
$page_to = sanitize_page_id($match[1]);
+ − 328
$page_id_data = RenderMan::strToPageID($page_to);
+ − 329
if ( count($this->redirect_stack) >= 3 )
+ − 330
{
+ − 331
$this->render( (!$strict_no_headers), '<div class="usermessage"><b>' . $lang->get('page_err_redirects_exceeded') . '</b></div>' );
+ − 332
}
+ − 333
else
+ − 334
{
+ − 335
$result = $this->_handle_redirect($page_id_data[0], $page_id_data[1]);
+ − 336
if ( $result !== true )
+ − 337
{
+ − 338
// There was some error during the redirect process - usually an infinite redirect
+ − 339
$this->render( (!$strict_no_headers), '<div class="usermessage"><b>' . $result . '</b></div>' );
+ − 340
}
+ − 341
}
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 342
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 343
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 344
{
741
+ − 345
$this->render( (!$strict_no_headers) );
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 346
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 347
}
1
+ − 348
}
+ − 349
+ − 350
/**
322
+ − 351
* Fetches the wikitext or HTML source for the page.
+ − 352
* @return string
+ − 353
*/
+ − 354
+ − 355
function fetch_source()
+ − 356
{
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 357
global $db, $session, $paths, $template, $plugins; // Common objects
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 358
322
+ − 359
if ( !$this->perms->get_permissions('view_source') )
+ − 360
{
+ − 361
return false;
+ − 362
}
325
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 363
if ( !$this->page_exists )
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 364
{
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 365
return '';
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 366
}
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 367
$pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 368
if ( isset($paths->pages[$pathskey]) )
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 369
{
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 370
if ( isset($paths->pages[$pathskey]['password']) )
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 371
{
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 372
if ( $paths->pages[$pathskey]['password'] != sha1('') && $paths->pages[$pathskey]['password'] !== $this->password && !empty($paths->pages[$pathskey]['password']) )
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 373
{
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 374
return false;
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 375
}
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 376
}
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 377
}
322
+ − 378
return $this->fetch_text();
+ − 379
}
+ − 380
+ − 381
/**
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 382
* Updates (saves/changes/edits) the content of the page.
322
+ − 383
* @param string The new text for the page
+ − 384
* @param string A summary of edits made to the page.
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 385
* @param bool If true, the edit is marked as a minor revision
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 386
* @return bool True on success, false on failure. When returning false, it will push errors to the PageProcessor error stack; read with $page->pop_error()
322
+ − 387
*/
+ − 388
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 389
function update_page($text, $edit_summary = false, $minor_edit = false)
322
+ − 390
{
+ − 391
global $db, $session, $paths, $template, $plugins; // Common objects
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 392
global $lang;
322
+ − 393
+ − 394
// Create the page if it doesn't exist
+ − 395
if ( !$this->page_exists )
+ − 396
{
+ − 397
if ( !$this->create_page() )
+ − 398
{
+ − 399
return false;
+ − 400
}
+ − 401
}
+ − 402
+ − 403
//
+ − 404
// Validation
+ − 405
//
+ − 406
+ − 407
$page_id = $db->escape($this->page_id);
+ − 408
$namespace = $db->escape($this->namespace);
+ − 409
+ − 410
$q = $db->sql_query('SELECT protected FROM ' . table_prefix . "pages WHERE urlname='$page_id' AND namespace='$namespace';");
+ − 411
if ( !$q )
+ − 412
$db->_die('PageProcess updating page content');
+ − 413
if ( $db->numrows() < 1 )
+ − 414
{
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 415
$this->raise_error($lang->get('editor_err_no_rows'));
322
+ − 416
return false;
+ − 417
}
+ − 418
+ − 419
// Do we have permission to edit the page?
+ − 420
if ( !$this->perms->get_permissions('edit_page') )
+ − 421
{
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 422
$this->raise_error($lang->get('editor_err_no_permission'));
322
+ − 423
return false;
+ − 424
}
+ − 425
+ − 426
list($protection) = $db->fetchrow_num();
+ − 427
$db->free_result();
+ − 428
+ − 429
if ( $protection == 1 )
+ − 430
{
+ − 431
// The page is protected - do we have permission to edit protected pages?
+ − 432
if ( !$this->perms->get_permissions('even_when_protected') )
+ − 433
{
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 434
$this->raise_error($lang->get('editor_err_page_protected'));
322
+ − 435
return false;
+ − 436
}
+ − 437
}
+ − 438
else if ( $protection == 2 )
+ − 439
{
+ − 440
// The page is semi-protected.
+ − 441
if (
+ − 442
( !$session->user_logged_in || // Is the user logged in?
+ − 443
( $session->user_logged_in && $session->reg_time + ( 4 * 86400 ) >= time() ) ) // If so, have they been registered for 4 days?
+ − 444
&& !$this->perms->get_permissions('even_when_protected') ) // And of course, is there an ACL that overrides semi-protection?
+ − 445
{
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 446
$this->raise_error($lang->get('editor_err_page_protected'));
322
+ − 447
return false;
+ − 448
}
+ − 449
}
+ − 450
825
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 451
// Spam check
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 452
if ( !spamalyze($text) )
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 453
{
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 454
$this->raise_error($lang->get('editor_err_spamcheck_failed'));
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 455
return false;
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 456
}
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 457
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 458
//
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 459
// Protection validated; update page content
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 460
//
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 461
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 462
$text_undb = RenderMan::preprocess_text($text, false, false);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 463
$text = $db->escape($text_undb);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 464
$author = $db->escape($session->username);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 465
$time = time();
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 466
$edit_summary = ( strval($edit_summary) === $edit_summary ) ? $db->escape($edit_summary) : '';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 467
$minor_edit = ( $minor_edit ) ? '1' : '0';
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 468
$date_string = enano_date('d M Y h:i a');
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 469
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 470
// Insert log entry
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 471
$sql = 'INSERT INTO ' . table_prefix . "logs ( time_id, date_string, log_type, action, page_id, namespace, author, page_text, edit_summary, minor_edit )\n"
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 472
. " VALUES ( $time, '$date_string', 'page', 'edit', '{$this->page_id}', '{$this->namespace}', '$author', '$text', '$edit_summary', $minor_edit );";
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 473
if ( !$db->sql_query($sql) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 474
{
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 475
$this->raise_error($db->get_error());
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 476
return false;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 477
}
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 478
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 479
// Update the master text entry
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 480
$sql = 'UPDATE ' . table_prefix . "page_text SET page_text = '$text' WHERE page_id = '{$this->page_id}' AND namespace = '{$this->namespace}';";
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 481
if ( !$db->sql_query($sql) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 482
{
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 483
$this->raise_error($db->get_error());
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 484
return false;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 485
}
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 486
468
+ − 487
// If there's an identical draft copy, delete it
+ − 488
$sql = 'DELETE FROM ' . table_prefix . "logs WHERE is_draft = 1 AND page_id = '{$this->page_id}' AND namespace = '{$this->namespace}' AND page_text = '{$text}';";
+ − 489
if ( !$db->sql_query($sql) )
+ − 490
{
+ − 491
$this->raise_error($db->get_error());
+ − 492
return false;
+ − 493
}
+ − 494
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 495
// Rebuild the search index
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 496
$paths->rebuild_page_index($this->page_id, $this->namespace);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 497
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 498
$this->text_cache = $text;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 499
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 500
return true;
322
+ − 501
+ − 502
}
+ − 503
+ − 504
/**
+ − 505
* Creates the page if it doesn't already exist.
426
+ − 506
* @param string Optional page title.
821
a64c56a1a6a4
PageProcessor: fix not setting page_exists to true after create_page() success (todo: move to Namespace_*?); add $visible parameter to create_page()
Dan
diff
changeset
+ − 507
* @param bool Visibility (allow indexing) flag
322
+ − 508
* @return bool True on success, false on failure.
+ − 509
*/
+ − 510
821
a64c56a1a6a4
PageProcessor: fix not setting page_exists to true after create_page() success (todo: move to Namespace_*?); add $visible parameter to create_page()
Dan
diff
changeset
+ − 511
function create_page($title = false, $visible = true)
322
+ − 512
{
+ − 513
global $db, $session, $paths, $template, $plugins; // Common objects
426
+ − 514
global $lang;
322
+ − 515
+ − 516
// Do we have permission to create the page?
+ − 517
if ( !$this->perms->get_permissions('create_page') )
+ − 518
{
426
+ − 519
$this->raise_error($lang->get('pagetools_create_err_no_permission'));
322
+ − 520
return false;
+ − 521
}
+ − 522
+ − 523
// Does it already exist?
+ − 524
if ( $this->page_exists )
+ − 525
{
426
+ − 526
$this->raise_error($lang->get('pagetools_create_err_already_exists'));
322
+ − 527
return false;
+ − 528
}
+ − 529
+ − 530
// It's not in there. Perform validation.
+ − 531
+ − 532
// We can't create special, admin, or external pages.
692
78473351a6c9
Changed namespace properties (including core identifier) for external pages that load the Enano API to be a uniform "API" namespace and "SystemAPI:" prefix.
Dan
diff
changeset
+ − 533
if ( $this->namespace == 'Special' || $this->namespace == 'Admin' || $this->namespace == 'API' )
322
+ − 534
{
426
+ − 535
$this->raise_error($lang->get('pagetools_create_err_nodb_namespace'));
322
+ − 536
return false;
+ − 537
}
+ − 538
+ − 539
// Guess the proper title
481
+ − 540
$name = ( !empty($title) ) ? $title : str_replace('_', ' ', dirtify_page_id($this->page_id));
322
+ − 541
+ − 542
// Check for the restricted Project: prefix
+ − 543
if ( substr($this->page_id, 0, 8) == 'Project:' )
+ − 544
{
426
+ − 545
$this->raise_error($lang->get('pagetools_create_err_reserved_prefix'));
322
+ − 546
return false;
+ − 547
}
+ − 548
+ − 549
// Validation successful - insert the page
+ − 550
+ − 551
$metadata = array(
+ − 552
'urlname' => $this->page_id,
+ − 553
'namespace' => $this->namespace,
+ − 554
'name' => $name,
+ − 555
'special' => 0,
821
a64c56a1a6a4
PageProcessor: fix not setting page_exists to true after create_page() success (todo: move to Namespace_*?); add $visible parameter to create_page()
Dan
diff
changeset
+ − 556
'visible' => $visible ? 1 : 0,
322
+ − 557
'comments_on' => 1,
+ − 558
'protected' => ( $this->namespace == 'System' ? 1 : 0 ),
+ − 559
'delvotes' => 0,
+ − 560
'delvote_ips' => serialize(array()),
+ − 561
'wiki_mode' => 2
+ − 562
);
+ − 563
+ − 564
$paths->add_page($metadata);
+ − 565
+ − 566
$page_id = $db->escape($this->page_id);
+ − 567
$namespace = $db->escape($this->namespace);
+ − 568
$name = $db->escape($name);
+ − 569
$protect = ( $this->namespace == 'System' ) ? '1' : '0';
+ − 570
$blank_array = $db->escape(serialize(array()));
+ − 571
+ − 572
// Query 1: Metadata entry
821
a64c56a1a6a4
PageProcessor: fix not setting page_exists to true after create_page() success (todo: move to Namespace_*?); add $visible parameter to create_page()
Dan
diff
changeset
+ − 573
$q = $db->sql_query('INSERT INTO ' . table_prefix . "pages(name, urlname, namespace, visible, protected, delvotes, delvote_ips, wiki_mode)\n"
a64c56a1a6a4
PageProcessor: fix not setting page_exists to true after create_page() success (todo: move to Namespace_*?); add $visible parameter to create_page()
Dan
diff
changeset
+ − 574
. " VALUES ( '$name', '$page_id', '$namespace', {$metadata['visible']}, $protect, 0, '$blank_array', 2 );");
322
+ − 575
if ( !$q )
+ − 576
$db->_die('PageProcessor page creation - metadata stage');
+ − 577
+ − 578
// Query 2: Text insertion
+ − 579
$q = $db->sql_query('INSERT INTO ' . table_prefix . "page_text(page_id, namespace, page_text)\n"
+ − 580
. "VALUES ( '$page_id', '$namespace', '' );");
+ − 581
if ( !$q )
+ − 582
$db->_die('PageProcessor page creation - text stage');
+ − 583
426
+ − 584
// Query 3: Log entry
+ − 585
$db->sql_query('INSERT INTO ' . table_prefix."logs(time_id, date_string, log_type, action, author, page_id, namespace)\n"
+ − 586
. " VALUES ( " . time() . ", '" . enano_date('d M Y h:i a') . "', 'page', 'create', \n"
+ − 587
. " '" . $db->escape($session->username) . "', '" . $db->escape($this->page_id) . "', '" . $this->namespace . "');");
+ − 588
if ( !$q )
+ − 589
$db->_die('PageProcessor page creation - logging stage');
+ − 590
593
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 591
// Update the cache
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 592
$paths->update_metadata_cache();
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 593
821
a64c56a1a6a4
PageProcessor: fix not setting page_exists to true after create_page() success (todo: move to Namespace_*?); add $visible parameter to create_page()
Dan
diff
changeset
+ − 594
// Make sure that when/if we save the page later in this instance it doesn't get re-created
a64c56a1a6a4
PageProcessor: fix not setting page_exists to true after create_page() success (todo: move to Namespace_*?); add $visible parameter to create_page()
Dan
diff
changeset
+ − 595
$this->page_exists = true;
a64c56a1a6a4
PageProcessor: fix not setting page_exists to true after create_page() success (todo: move to Namespace_*?); add $visible parameter to create_page()
Dan
diff
changeset
+ − 596
322
+ − 597
// Page created. We're good!
+ − 598
return true;
+ − 599
}
+ − 600
+ − 601
/**
468
+ − 602
* Rolls back a non-edit action in the logs
+ − 603
* @param int Log entry (log_id) to roll back
+ − 604
* @return array Standard Enano error/success protocol
+ − 605
*/
+ − 606
+ − 607
function rollback_log_entry($log_id)
+ − 608
{
+ − 609
global $db, $session, $paths, $template, $plugins; // Common objects
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 610
global $cache;
468
+ − 611
+ − 612
// Verify permissions
+ − 613
if ( !$this->perms->get_permissions('history_rollback') )
+ − 614
{
+ − 615
return array(
+ − 616
'success' => false,
+ − 617
'error' => 'access_denied'
+ − 618
);
+ − 619
}
+ − 620
+ − 621
// Check input
+ − 622
$log_id = intval($log_id);
+ − 623
if ( empty($log_id) )
+ − 624
{
+ − 625
return array(
+ − 626
'success' => false,
+ − 627
'error' => 'invalid_parameter'
+ − 628
);
+ − 629
}
+ − 630
+ − 631
// Fetch the log entry
+ − 632
$q = $db->sql_query('SELECT * FROM ' . table_prefix . "logs WHERE log_type = 'page' AND page_id='{$this->page_id}' AND namespace='{$this->namespace}' AND log_id = $log_id;");
+ − 633
if ( !$q )
+ − 634
$db->_die();
+ − 635
+ − 636
// Is this even a valid log entry for this context?
+ − 637
if ( $db->numrows() < 1 )
+ − 638
{
+ − 639
return array(
+ − 640
'success' => false,
+ − 641
'error' => 'entry_not_found'
+ − 642
);
+ − 643
}
+ − 644
+ − 645
// All good, fetch and free the result
+ − 646
$log_entry = $db->fetchrow();
+ − 647
$db->free_result();
+ − 648
481
+ − 649
$dateline = enano_date('d M Y h:i a', $log_entry['time_id']);
+ − 650
468
+ − 651
// Let's see, what do we have here...
+ − 652
switch ( $log_entry['action'] )
+ − 653
{
+ − 654
case 'rename':
+ − 655
// Page was renamed, let the rename method handle this
481
+ − 656
return array_merge($this->rename($log_entry['edit_summary']), array('dateline' => $dateline, 'action' => $log_entry['action']));
468
+ − 657
break;
+ − 658
case 'prot':
+ − 659
case 'unprot':
+ − 660
case 'semiprot':
481
+ − 661
return array_merge($this->protect_page(intval($log_entry['page_text']), '__REVERSION__'), array('dateline' => $dateline, 'action' => $log_entry['action']));
+ − 662
break;
+ − 663
case 'delete':
+ − 664
+ − 665
// Raising a previously dead page has implications...
+ − 666
+ − 667
// FIXME: l10n
+ − 668
// rollback_extra is required because usually only moderators can undo page deletion AND restore the content.
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 669
// potential flaw here - once recreated, can past revisions be restored by users without rollback_extra? should
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 670
// probably modify editor routine to deny revert access if the timestamp < timestamp of last deletion if any.
481
+ − 671
if ( !$this->perms->get_permissions('history_rollback_extra') )
+ − 672
return 'Administrative privileges are required for page undeletion.';
+ − 673
+ − 674
// Rolling back the deletion of a page that was since created?
+ − 675
$pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
+ − 676
if ( isset($paths->pages[$pathskey]) )
+ − 677
return array(
+ − 678
'success' => false,
+ − 679
// This is a clean Christian in-joke.
+ − 680
'error' => 'seeking_living_among_dead'
+ − 681
);
+ − 682
+ − 683
// Generate a crappy page name
+ − 684
$name = $db->escape( str_replace('_', ' ', dirtify_page_id($this->page_id)) );
+ − 685
+ − 686
// Stage 1 - re-insert page
+ − 687
$e = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace) VALUES( \'' . $name . '\', \'' . $this->page_id . '\',\'' . $this->namespace . '\' )');
+ − 688
if ( !$e )
+ − 689
$db->die_json();
+ − 690
+ − 691
// Select the latest published revision
+ − 692
$q = $db->sql_query('SELECT page_text FROM ' . table_prefix . "logs WHERE\n"
+ − 693
. " log_type = 'page'\n"
+ − 694
. " AND action = 'edit'\n"
+ − 695
. " AND page_id = '$this->page_id'\n"
+ − 696
. " AND namespace = '$this->namespace'\n"
+ − 697
. " AND is_draft != 1\n"
+ − 698
. "ORDER BY time_id DESC LIMIT 1;");
+ − 699
if ( !$q )
+ − 700
$db->die_json();
+ − 701
list($page_text) = $db->fetchrow_num();
+ − 702
$db->free_result($q);
+ − 703
+ − 704
// Apply the latest revision as the current page text
+ − 705
$page_text = $db->escape($page_text);
+ − 706
$e = $db->sql_query('INSERT INTO ' . table_prefix."page_text(page_id, namespace, page_text) VALUES\n"
+ − 707
. " ( '$this->page_id', '$this->namespace', '$page_text' );");
+ − 708
if ( !$e )
+ − 709
$db->die_json();
+ − 710
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 711
$cache->purge('page_meta');
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 712
481
+ − 713
return array(
+ − 714
'success' => true,
+ − 715
'dateline' => $dateline,
+ − 716
'action' => $log_entry['action']
+ − 717
);
+ − 718
+ − 719
break;
+ − 720
case 'reupload':
+ − 721
+ − 722
// given a log id and some revision info, restore the old file.
+ − 723
// get the timestamp of the file before this one
+ − 724
$q = $db->sql_query('SELECT time_id, file_key, file_extension, filename, size, mimetype FROM ' . table_prefix . "files WHERE time_id < {$log_entry['time_id']} ORDER BY time_id DESC LIMIT 1;");
+ − 725
if ( !$q )
+ − 726
$db->_die();
+ − 727
+ − 728
$row = $db->fetchrow();
+ − 729
$db->free_result();
+ − 730
+ − 731
// If the file hasn't been renamed to the new format (omitting timestamp), do that now.
+ − 732
$fname = ENANO_ROOT . "/files/{$row['file_key']}_{$row['time_id']}{$row['file_extension']}";
+ − 733
if ( @file_exists($fname) )
+ − 734
{
+ − 735
// it's stored in the old format - rename
+ − 736
$fname_new = ENANO_ROOT . "/files/{$row['file_key']}{$row['file_extension']}";
+ − 737
if ( !@rename($fname, $fname_new) )
+ − 738
{
+ − 739
return array(
+ − 740
'success' => false,
+ − 741
'error' => 'rb_file_rename_failed',
+ − 742
'action' => $log_entry['action']
+ − 743
);
+ − 744
}
+ − 745
}
+ − 746
+ − 747
// Insert a new file entry
+ − 748
$time = time();
+ − 749
$filename = $db->escape($row['filename']);
+ − 750
$mimetype = $db->escape($row['mimetype']);
+ − 751
$ext = $db->escape($row['file_extension']);
+ − 752
$key = $db->escape($row['file_key']);
+ − 753
+ − 754
$q = $db->sql_query('INSERT INTO ' . table_prefix . "files ( time_id, page_id, filename, size, mimetype, file_extension, file_key ) VALUES\n"
+ − 755
. " ( $time, '$this->page_id', '$filename', {$row['size']}, '$mimetype', '$ext', '$key' );");
+ − 756
if ( !$q )
+ − 757
$db->die_json();
+ − 758
+ − 759
// add reupload log entry
+ − 760
$username = $db->escape($session->username);
+ − 761
$q = $db->sql_query('INSERT INTO ' . table_prefix . "logs ( log_type, action, time_id, page_id, namespace, author, edit_summary ) VALUES\n"
+ − 762
. " ( 'page', 'reupload', $time, '$this->page_id', '$this->namespace', '$username', '__ROLLBACK__' )");
+ − 763
if ( !$q )
+ − 764
$db->die_json();
+ − 765
+ − 766
return array(
+ − 767
'success' => true,
+ − 768
'dateline' => $dateline,
+ − 769
'action' => $log_entry['action']
+ − 770
);
+ − 771
468
+ − 772
break;
+ − 773
default:
481
+ − 774
+ − 775
return array(
+ − 776
'success' => false,
+ − 777
'error' => 'rb_action_not_supported',
+ − 778
'action' => $log_entry['action']
+ − 779
);
+ − 780
468
+ − 781
break;
+ − 782
}
+ − 783
}
+ − 784
+ − 785
/**
+ − 786
* Renames the page
+ − 787
* @param string New name
+ − 788
* @return array Standard Enano error/success protocol
+ − 789
*/
+ − 790
+ − 791
function rename_page($new_name)
+ − 792
{
+ − 793
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 794
+ − 795
// Check permissions
+ − 796
if ( !$this->perms->get_permissions('rename') )
+ − 797
{
+ − 798
return array(
+ − 799
'success' => false,
+ − 800
'error' => 'access_denied'
+ − 801
);
+ − 802
}
+ − 803
+ − 804
// If this is the same as the current name, return success
+ − 805
$page_name = get_page_title_ns($this->page_id, $this->namespace);
+ − 806
if ( $page_name === $new_name )
+ − 807
{
+ − 808
return array(
+ − 809
'success' => true
+ − 810
);
+ − 811
}
+ − 812
+ − 813
// Make sure the name is valid
+ − 814
$new_name = trim($new_name);
+ − 815
if ( empty($new_name) )
+ − 816
{
+ − 817
return array(
+ − 818
'success' => false,
+ − 819
'error' => 'invalid_parameter'
+ − 820
);
+ − 821
}
+ − 822
+ − 823
// Log the action
+ − 824
$username = $db->escape($session->username);
+ − 825
$page_name = $db->escape($page_name);
+ − 826
$time = time();
+ − 827
+ − 828
$q = $db->sql_query('INSERT INTO ' . table_prefix . "logs ( log_type, action, page_id, namespace, author, edit_summary, time_id, date_string ) VALUES\n"
+ − 829
. " ( 'page', 'rename', '{$this->page_id}', '{$this->namespace}', '$username', '$page_name', '$time', 'DATE_STRING COLUMN OBSOLETE, USE time_id' );");
+ − 830
if ( !$q )
+ − 831
$db->_die();
+ − 832
+ − 833
// Not much to do but to rename it now
+ − 834
$new_name = $db->escape($new_name);
+ − 835
$q = $db->sql_query('UPDATE ' . table_prefix . "pages SET name = '$new_name' WHERE urlname = '{$this->page_id}' AND namespace = '{$this->namespace}';");
+ − 836
if ( !$q )
+ − 837
$db->_die();
+ − 838
600
46abecc238e7
Fixed missing require() on stats.php in pageprocess; made pageprocess update the metadata cache on page rename
Dan
diff
changeset
+ − 839
// Update the cache
46abecc238e7
Fixed missing require() on stats.php in pageprocess; made pageprocess update the metadata cache on page rename
Dan
diff
changeset
+ − 840
$paths->update_metadata_cache();
46abecc238e7
Fixed missing require() on stats.php in pageprocess; made pageprocess update the metadata cache on page rename
Dan
diff
changeset
+ − 841
468
+ − 842
return array(
+ − 843
'success' => true
+ − 844
);
+ − 845
}
+ − 846
+ − 847
/**
+ − 848
* Sets the protection level of the page
+ − 849
* @param int Protection level, one of PROTECT_{FULL,SEMI,NONE}
+ − 850
* @param string Reason for protection - required
+ − 851
*/
+ − 852
+ − 853
function protect_page($protection_level, $reason)
+ − 854
{
+ − 855
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 856
+ − 857
// Validate permissions
+ − 858
if ( !$this->perms->get_permissions('protect') )
+ − 859
{
+ − 860
return array(
+ − 861
'success' => false,
+ − 862
'error' => 'access_denied'
+ − 863
);
+ − 864
}
+ − 865
+ − 866
// Validate input
+ − 867
$reason = trim($reason);
+ − 868
if ( !in_array($protection_level, array(PROTECT_NONE, PROTECT_FULL, PROTECT_SEMI)) || empty($reason) )
+ − 869
{
+ − 870
return array(
+ − 871
'success' => false,
+ − 872
'error' => 'invalid_parameter'
+ − 873
);
+ − 874
}
+ − 875
+ − 876
// Retrieve page metadata
+ − 877
$pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
+ − 878
if ( !isset($paths->pages[$pathskey]) )
+ − 879
{
+ − 880
return array(
+ − 881
'success' => false,
+ − 882
'error' => 'page_metadata_not_found'
+ − 883
);
+ − 884
}
+ − 885
$metadata =& $paths->pages[$pathskey];
+ − 886
+ − 887
// Log the action
+ − 888
$username = $db->escape($session->username);
+ − 889
$time = time();
+ − 890
$existing_protection = intval($metadata['protected']);
+ − 891
$reason = $db->escape($reason);
+ − 892
481
+ − 893
if ( $existing_protection == $protection_level )
+ − 894
{
+ − 895
return array(
+ − 896
'success' => false,
+ − 897
'error' => 'protection_already_there'
+ − 898
);
+ − 899
}
+ − 900
468
+ − 901
$action = '[ insanity ]';
+ − 902
switch($protection_level)
+ − 903
{
+ − 904
case PROTECT_FULL: $action = 'prot'; break;
+ − 905
case PROTECT_NONE: $action = 'unprot'; break;
+ − 906
case PROTECT_SEMI: $action = 'semiprot'; break;
+ − 907
}
+ − 908
+ − 909
$sql = 'INSERT INTO ' . table_prefix . "logs ( log_type, action, page_id, namespace, author, edit_summary, time_id, page_text, date_string ) VALUES\n"
+ − 910
. " ( 'page', '$action', '{$this->page_id}', '{$this->namespace}', '$username', '$reason', '$time', '$existing_protection', 'DATE_STRING COLUMN OBSOLETE, USE time_id' );";
+ − 911
if ( !$db->sql_query($sql) )
+ − 912
{
481
+ − 913
$db->die_json();
468
+ − 914
}
+ − 915
+ − 916
// Perform the actual protection
+ − 917
$q = $db->sql_query('UPDATE ' . table_prefix . "pages SET protected = $protection_level WHERE urlname = '{$this->page_id}' AND namespace = '{$this->namespace}';");
+ − 918
if ( !$q )
481
+ − 919
$db->die_json();
468
+ − 920
+ − 921
return array(
+ − 922
'success' => true
+ − 923
);
+ − 924
}
+ − 925
+ − 926
/**
1
+ − 927
* Sets internal variables.
+ − 928
* @access private
+ − 929
*/
+ − 930
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 931
function _setup($page_id, $namespace, $revision_id)
1
+ − 932
{
+ − 933
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 934
+ − 935
$page_id_cleaned = sanitize_page_id($page_id);
+ − 936
+ − 937
$this->page_id = $page_id_cleaned;
+ − 938
$this->namespace = $namespace;
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 939
$this->revision_id = $revision_id;
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 940
$this->page_id_unclean = dirtify_page_id($page_id);
1
+ − 941
+ − 942
$this->perms = $session->fetch_page_acl( $page_id, $namespace );
+ − 943
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 944
// resolve namespace
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 945
$this->ns = namespace_factory($this->page_id, $this->namespace, $this->revision_id);
426
+ − 946
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 947
$this->page_exists = $this->ns->exists();
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 948
$this->title = get_page_title_ns($this->page_id, $this->namespace);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 949
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 950
profiler_log("PageProcessor [{$this->namespace}:{$this->page_id}]: Ran _setup()");
1
+ − 951
}
+ − 952
+ − 953
/**
+ − 954
* Renders it all in one go, and echoes it out. This assumes that the text is in the DB.
+ − 955
* @access private
+ − 956
*/
+ − 957
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 958
function render($incl_inner_headers = true, $_errormsg = false)
1
+ − 959
{
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 960
global $db, $session, $paths, $template, $plugins; // Common objects
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 961
global $output, $lang;
592
+ − 962
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 963
if ( count($this->redirect_stack) > 0 )
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 964
{
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 965
$stack = array_reverse($this->redirect_stack);
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 966
foreach ( $stack as $oldtarget )
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 967
{
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 968
$url = makeUrlNS($oldtarget[1], $oldtarget[0], 'redirect=no', true);
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 969
$page_id_key = $paths->nslist[ $oldtarget[1] ] . $oldtarget[0];
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 970
$page_data = $paths->pages[$page_id_key];
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 971
$title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$oldtarget[1]] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $oldtarget[0] ) ) );
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 972
$a = '<a href="' . $url . '">' . $title . '</a>';
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 973
$output->add_after_header('<small>' . $lang->get('page_msg_redirected_from', array('from' => $a)) . '<br /></small>');
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 974
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 975
}
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 976
$this->ns->send($incl_inner_headers, $_errormsg);
1
+ − 977
}
+ − 978
+ − 979
/**
+ − 980
* Sends the page header, dependent on, of course, whether we're supposed to.
+ − 981
*/
+ − 982
+ − 983
function header()
+ − 984
{
+ − 985
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 986
if ( $this->send_headers )
+ − 987
$template->header();
+ − 988
}
+ − 989
+ − 990
/**
+ − 991
* Sends the page footer, dependent on, of course, whether we're supposed to.
+ − 992
*/
+ − 993
+ − 994
function footer()
+ − 995
{
+ − 996
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 997
if ( $this->send_headers )
+ − 998
$template->footer();
+ − 999
}
+ − 1000
+ − 1001
/**
+ − 1002
* Fetches the raw, unfiltered page text.
+ − 1003
* @access public
+ − 1004
*/
+ − 1005
+ − 1006
function fetch_text()
+ − 1007
{
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 1008
return $this->ns->fetch_text();
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1009
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1010
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1011
/**
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1012
* Pushes to the redirect stack and resets the instance. This depends on the page ID and namespace already being validated and sanitized, and does not check the size of the redirect stack.
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1013
* @param string Page ID to redirect to
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1014
* @param string Namespace to redirect to
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1015
* @access private
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1016
*/
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1017
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1018
function _handle_redirect($page_id, $namespace)
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1019
{
92
+ − 1020
global $db, $session, $paths, $template, $plugins; // Common objects
314
+ − 1021
global $lang;
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1022
$arr_pid = array($this->page_id, $this->namespace);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1023
if ( $namespace == 'Special' || $namespace == 'Admin' )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1024
{
314
+ − 1025
return $lang->get('page_err_redirect_to_special');
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1026
}
314
+ − 1027
$looped = false;
+ − 1028
foreach ( $this->redirect_stack as $page )
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1029
{
314
+ − 1030
if ( $page[0] == $arr_pid[0] && $page[1] == $arr_pid[1] )
+ − 1031
{
+ − 1032
$looped = true;
+ − 1033
break;
+ − 1034
}
+ − 1035
}
+ − 1036
if ( $looped )
+ − 1037
{
+ − 1038
return $lang->get('page_err_redirect_infinite_loop');
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1039
}
92
+ − 1040
$page_id_key = $paths->nslist[ $namespace ] . sanitize_page_id($page_id);
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1041
if ( !isset($paths->pages[$page_id_key]) )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1042
{
314
+ − 1043
return $lang->get('page_err_redirect_to_nonexistent');
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1044
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1045
$this->redirect_stack[] = $arr_pid;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1046
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1047
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1048
// Nuke the text cache to avoid infinite loops, gah...
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1049
$this->text_cache = '';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1050
$this->_setup($page_id, $namespace, 0);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1051
$this->send();
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1052
return true;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1053
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1054
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1055
/**
1
+ − 1056
* Send the error message to the user that the access to this page is denied.
+ − 1057
* @access private
+ − 1058
*/
+ − 1059
+ − 1060
function err_access_denied()
+ − 1061
{
+ − 1062
global $db, $session, $paths, $template, $plugins; // Common objects
314
+ − 1063
global $lang;
+ − 1064
global $email;
1
+ − 1065
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1066
// Log it for crying out loud
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1067
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'illegal_page\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$db->escape($session->username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(serialize(array($this->page_id, $this->namespace))) . '\')');
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1068
1
+ − 1069
$ob = '';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1070
//$template->tpl_strings['PAGE_NAME'] = 'Access denied';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1071
$template->tpl_strings['PAGE_NAME'] = htmlspecialchars( $this->title );
1
+ − 1072
+ − 1073
if ( $this->send_headers )
+ − 1074
{
+ − 1075
$ob .= $template->getHeader();
+ − 1076
}
+ − 1077
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1078
if ( count($this->redirect_stack) > 0 )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1079
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1080
$stack = array_reverse($this->redirect_stack);
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1081
foreach ( $stack as $oldtarget )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1082
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1083
$url = makeUrlNS($oldtarget[1], $oldtarget[0], 'redirect=no', true);
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1084
$page_id_key = $paths->nslist[ $oldtarget[1] ] . $oldtarget[0];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1085
$page_data = $paths->pages[$page_id_key];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1086
$title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$oldtarget[1]] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $oldtarget[0] ) ) );
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1087
$a = '<a href="' . $url . '">' . $title . '</a>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1088
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1089
$url = makeUrlNS($this->namespace, $this->page_id, 'redirect=no', true);
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1090
$page_id_key = $paths->nslist[ $this->namespace ] . $this->page_id;
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1091
$page_data = $paths->pages[$page_id_key];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1092
$title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$this->namespace] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $this->page_id ) ) );
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1093
$b = '<a href="' . $url . '">' . $title . '</a>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1094
369
+ − 1095
$ob .= '<small>' . $lang->get('page_msg_redirected_from_to', array('from' => $a, 'to' => $b)) . '<br /></small>';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1096
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1097
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1098
314
+ − 1099
$email_link = $email->encryptEmail(getConfig('contact_email'), '', '', $lang->get('page_err_access_denied_siteadmin'));
+ − 1100
+ − 1101
$ob .= "<h3>" . $lang->get('page_err_access_denied_title') . "</h3>";
+ − 1102
$ob .= "<p>" . $lang->get('page_err_access_denied_body', array('site_administration' => $email_link)) . "</p>";
1
+ − 1103
+ − 1104
if ( $this->send_headers )
+ − 1105
{
+ − 1106
$ob .= $template->getFooter();
+ − 1107
}
+ − 1108
echo $ob;
+ − 1109
}
+ − 1110
+ − 1111
/**
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1112
* Inform the user of an incorrect or absent password
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1113
* @access private
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1114
*/
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1115
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1116
function err_wrong_password()
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1117
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1118
global $db, $session, $paths, $template, $plugins; // Common objects
369
+ − 1119
global $lang;
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1120
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 1121
$title = $lang->get('page_msg_passrequired_title');
369
+ − 1122
$message = ( empty($this->password) ) ?
+ − 1123
'<p>' . $lang->get('page_msg_passrequired') . '</p>' :
+ − 1124
'<p>' . $lang->get('page_msg_pass_wrong') . '</p>';
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1125
$message .= '<form action="' . makeUrlNS($this->namespace, $this->page_id) . '" method="post">
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1126
<p>
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 1127
<label>' . $lang->get('page_lbl_password') . ' <input name="pagepass" type="password" /></label> <input type="submit" value="' . $lang->get('page_btn_password_submit') . '" />
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1128
</p>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1129
</form>';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1130
if ( $this->send_headers )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1131
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1132
$template->tpl_strings['PAGE_NAME'] = $title;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1133
$template->header();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1134
echo "$message";
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1135
$template->footer();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1136
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1137
else
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1138
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1139
echo "<h2>$title</h2>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1140
$message";
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1141
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1142
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1143
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1144
/**
1
+ − 1145
* Send the error message to the user complaining that there weren't any rows.
+ − 1146
* @access private
+ − 1147
*/
+ − 1148
+ − 1149
function err_no_rows()
+ − 1150
{
+ − 1151
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1152
+ − 1153
$title = 'No text rows';
+ − 1154
$message = 'While the page\'s existence was verified, there were no rows in the database that matched the query for the text. This may indicate a bug with the software; ask the webmaster for more information. The offending query was:<pre>' . $db->latest_query . '</pre>';
+ − 1155
if ( $this->send_headers )
+ − 1156
{
+ − 1157
$template->tpl_strings['PAGE_NAME'] = $title;
+ − 1158
$template->header();
+ − 1159
echo "<p>$message</p>";
+ − 1160
$template->footer();
+ − 1161
}
+ − 1162
else
+ − 1163
{
+ − 1164
echo "<h2>$title</h2>
+ − 1165
<p>$message</p>";
+ − 1166
}
+ − 1167
}
+ − 1168
+ − 1169
/**
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1170
* Send an error message and die. For debugging or critical technical errors only - nothing that would under normal circumstances be shown to the user.
468
+ − 1171
* @param string Error message
+ − 1172
* @param bool If true, send DBAL's debugging information as well
1
+ − 1173
*/
+ − 1174
+ − 1175
function send_error($message, $sql = false)
+ − 1176
{
+ − 1177
global $db, $session, $paths, $template, $plugins; // Common objects
369
+ − 1178
global $lang;
1
+ − 1179
+ − 1180
$content = "<p>$message</p>";
369
+ − 1181
$template->tpl_strings['PAGE_NAME'] = $lang->get('page_msg_general_error');
1
+ − 1182
+ − 1183
if ( $this->debug['works'] )
+ − 1184
{
+ − 1185
$content .= $this->debug['backtrace'];
+ − 1186
}
+ − 1187
+ − 1188
header('HTTP/1.1 500 Internal Server Error');
+ − 1189
+ − 1190
$template->header();
+ − 1191
echo $content;
+ − 1192
$template->footer();
+ − 1193
+ − 1194
$db->close();
+ − 1195
+ − 1196
exit;
+ − 1197
+ − 1198
}
+ − 1199
322
+ − 1200
/**
+ − 1201
* Raises an error.
+ − 1202
* @param string Error string
+ − 1203
*/
+ − 1204
+ − 1205
function raise_error($string)
+ − 1206
{
+ − 1207
if ( !is_string($string) )
+ − 1208
return false;
+ − 1209
$this->_errors[] = $string;
+ − 1210
}
+ − 1211
+ − 1212
/**
+ − 1213
* Retrieves the latest error from the error stack and returns it ('pops' the error stack)
+ − 1214
* @return string
+ − 1215
*/
+ − 1216
+ − 1217
function pop_error()
+ − 1218
{
+ − 1219
if ( count($this->_errors) < 1 )
+ − 1220
return false;
+ − 1221
return array_pop($this->_errors);
+ − 1222
}
+ − 1223
1
+ − 1224
} // class PageProcessor
+ − 1225
+ − 1226
?>