1
+ − 1 <?php
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 2
1
+ − 3 /*
+ − 4 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 5 * Version 1.1.6 (Caoineag beta 1)
1
+ − 6 * pageprocess.php - intelligent retrieval of pages
536
+ − 7 * Copyright (C) 2006-2008 Dan Fuhry
1
+ − 8 *
+ − 9 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 10 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 11 *
+ − 12 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 13 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 14 */
+ − 15
+ − 16 /**
+ − 17 * Class to handle fetching page text (possibly from a cache) and formatting it.
322
+ − 18 * As of 1.0.4, this also handles the fetching and editing of certain data for pages.
1
+ − 19 * @package Enano
+ − 20 * @subpackage UI
+ − 21 * @copyright 2007 Dan Fuhry
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 22 * @license GNU General Public License <http://www.gnu.org/licenses/gpl-2.0.html>
1
+ − 23 */
+ − 24
+ − 25 class PageProcessor
+ − 26 {
+ − 27
+ − 28 /**
+ − 29 * Page ID and namespace of the page handled by this instance
+ − 30 * @var string
+ − 31 */
+ − 32
+ − 33 var $page_id;
+ − 34 var $namespace;
+ − 35
+ − 36 /**
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 37 * The instance of the namespace processor for the namespace we're doing.
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 38 * @var object
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 39 */
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 40
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 41 var $ns;
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 42
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 43 /**
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 44 * The title of the page sent to the template parser
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 45 * @var string
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 46 */
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 47
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 48 var $title = '';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 49
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 50 /**
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 51 * The information about the page(s) we were redirected from
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 52 * @var array
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 53 */
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 54
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 55 var $redirect_stack = array();
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 56
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 57 /**
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 58 * The revision ID (history entry) to send. If set to 0 (the default) then the most recent revision will be sent.
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 59 * @var int
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 60 */
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 61
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 62 var $revision_id = 0;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 63
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 64 /**
468
+ − 65 * The time this revision was saved, as a UNIX timestamp
+ − 66 * @var int
+ − 67 */
+ − 68
+ − 69 var $revision_time = 0;
+ − 70
+ − 71 /**
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 72 * Unsanitized page ID.
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 73 * @var string
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 74 */
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 75
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 76 var $page_id_unclean;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 77
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 78 /**
1
+ − 79 * Tracks if the page we're loading exists in the database or not.
+ − 80 * @var bool
+ − 81 */
+ − 82
+ − 83 var $page_exists = false;
+ − 84
+ − 85 /**
+ − 86 * Permissions!
+ − 87 * @var object
+ − 88 */
+ − 89
+ − 90 var $perms = null;
+ − 91
+ − 92 /**
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 93 * The SHA1 hash of the user-inputted password for the page
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 94 * @var string
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 95 */
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 96
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 97 var $password = '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 98
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 99 /**
1
+ − 100 * Switch to track if redirects are allowed. Defaults to true.
+ − 101 * @var bool
+ − 102 */
+ − 103
+ − 104 var $allow_redir = true;
+ − 105
+ − 106 /**
+ − 107 * If this is set to true, this will call the header and footer funcs on $template when render() is called.
+ − 108 * @var bool
+ − 109 */
+ − 110
+ − 111 var $send_headers = false;
+ − 112
+ − 113 /**
+ − 114 * Cache the fetched text so we don't fetch it from the DB twice.
+ − 115 * @var string
+ − 116 */
+ − 117
+ − 118 var $text_cache = '';
+ − 119
+ − 120 /**
+ − 121 * Debugging information to track errors. You can set enable to false to disable sending debug information.
+ − 122 * @var array
+ − 123 */
+ − 124
+ − 125 var $debug = array(
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 126 'enable' => false,
1
+ − 127 'works' => false
+ − 128 );
+ − 129
+ − 130 /**
322
+ − 131 * The list of errors raised in the class.
+ − 132 * @var array
+ − 133 */
+ − 134
+ − 135 var $_errors = array();
+ − 136
+ − 137 /**
1
+ − 138 * Constructor.
+ − 139 * @param string The page ID (urlname) of the page
+ − 140 * @param string The namespace of the page
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 141 * @param int Optional. The revision ID to send.
1
+ − 142 */
+ − 143
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 144 function __construct( $page_id, $namespace, $revision_id = 0 )
1
+ − 145 {
+ − 146 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 147
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 148 profiler_log("PageProcessor [{$namespace}:{$page_id}]: Started constructor");
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 149
1
+ − 150 // See if we can get some debug info
+ − 151 if ( function_exists('debug_backtrace') && $this->debug['enable'] )
+ − 152 {
+ − 153 $this->debug['works'] = true;
+ − 154 $this->debug['backtrace'] = enano_debug_print_backtrace(true);
+ − 155 }
+ − 156
+ − 157 // First things first - check page existence and permissions
+ − 158
+ − 159 if ( !isset($paths->nslist[$namespace]) )
+ − 160 {
+ − 161 $this->send_error('The namespace "' . htmlspecialchars($namespace) . '" does not exist.');
+ − 162 }
+ − 163
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 164 if ( !is_int($revision_id) )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 165 $revision_id = 0;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 166
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 167 $this->_setup( $page_id, $namespace, $revision_id );
1
+ − 168 }
+ − 169
+ − 170 /**
61
+ − 171 * The main method to send the page content. Also responsible for checking permissions and calling the statistics counter.
+ − 172 * @param bool If true, the stat counter is called. Defaults to false.
1
+ − 173 */
+ − 174
61
+ − 175 function send( $do_stats = false )
1
+ − 176 {
+ − 177 global $db, $session, $paths, $template, $plugins; // Common objects
314
+ − 178 global $lang;
+ − 179
592
+ − 180 profiler_log('PageProcessor: send() called');
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 181
1
+ − 182 if ( !$this->perms->get_permissions('read') )
+ − 183 {
570
+ − 184 if ( $this->send_headers )
+ − 185 {
+ − 186 $template->init_vars($this);
+ − 187 }
511
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 188 // Permission denied to read page. Is this one of our core pages that must always be allowed?
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 189 // NOTE: Not even the administration panel will work if ACLs deny access to it.
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 190 if ( $this->namespace == 'Special' && in_array($this->page_id, array('Login', 'Logout', 'LangExportJSON', 'CSS')) )
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 191 {
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 192 // Do nothing; allow execution to continue
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 193 }
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 194 else
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 195 {
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 196 // Page isn't whitelisted, behave as normal
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 197 $this->err_access_denied();
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 198 return false;
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 199 }
1
+ − 200 }
825
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 201 if ( $this->revision_id > 0 && !$this->perms->get_permissions('history_view') )
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 202 {
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 203 $this->err_access_denied();
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 204 return false;
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 205 }
571
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 206
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 207 // Is there a custom function registered for handling this namespace?
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 208 // DEPRECATED (even though it only saw its way into one alpha release.)
571
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 209 if ( $proc = $paths->get_namespace_processor($this->namespace) )
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 210 {
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 211 // yes, just call that
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 212 // this is protected aggressively by the PathManager against overriding critical namespaces
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 213 return call_user_func($proc, $this);
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 214 }
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 215
24
+ − 216 $pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
+ − 217 $strict_no_headers = false;
793
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 218 $admin_fail = false;
329
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 219 if ( $this->namespace == 'Admin' && strstr($this->page_id, '/') )
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 220 {
570
+ − 221 if ( $this->send_headers )
+ − 222 {
+ − 223 $template->init_vars($this);
+ − 224 }
329
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 225 $this->page_id = substr($this->page_id, 0, strpos($this->page_id, '/'));
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 226 $funcname = "page_{$this->namespace}_{$this->page_id}";
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 227 if ( function_exists($funcname) )
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 228 {
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 229 $this->page_exists = true;
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 230 }
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 231 }
24
+ − 232 if ( isset($paths->pages[$pathskey]) )
+ − 233 {
570
+ − 234 if ( $this->send_headers )
+ − 235 {
+ − 236 $template->init_vars($this);
+ − 237 }
24
+ − 238 if ( $paths->pages[$pathskey]['special'] == 1 )
+ − 239 {
+ − 240 $this->send_headers = false;
+ − 241 $strict_no_headers = true;
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 242 $GLOBALS['output'] = new Output_Naked();
24
+ − 243 }
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 244 if ( isset($paths->pages[$pathskey]['password']) )
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 245 {
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 246 if ( $paths->pages[$pathskey]['password'] != '' && $paths->pages[$pathskey]['password'] != sha1('') )
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 247 {
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 248 $password =& $paths->pages[$pathskey]['password'];
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 249 if ( $this->password != $password )
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 250 {
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 251 $this->err_wrong_password();
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 252 return false;
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 253 }
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 254 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 255 }
793
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 256 if ( isset($paths->pages[$pathskey]['require_admin']) && $paths->pages[$pathskey]['require_admin'] )
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 257 {
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 258 if ( $session->auth_level < USER_LEVEL_ADMIN )
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 259 {
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 260 $admin_fail = true;
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 261 }
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 262 }
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 263 }
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 264 else if ( $this->namespace === $paths->namespace && $this->page_id == $paths->page_id )
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 265 {
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 266 if ( isset($paths->cpage['require_admin']) && $paths->cpage['require_admin'] )
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 267 {
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 268 if ( $session->auth_level < USER_LEVEL_ADMIN )
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 269 {
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 270 $admin_fail = true;
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 271 }
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 272 }
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 273 }
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 274 if ( $admin_fail )
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 275 {
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 276 header('Content-type: text/javascript');
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 277 echo enano_json_encode(array(
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 278 'mode' => 'error',
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 279 'error' => 'need_auth_to_admin'
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 280 ));
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 281 return true;
24
+ − 282 }
61
+ − 283 if ( $this->page_exists && $this->namespace != 'Special' && $this->namespace != 'Admin' && $do_stats )
+ − 284 {
592
+ − 285 require_once(ENANO_ROOT.'/includes/stats.php');
61
+ − 286 doStats($this->page_id, $this->namespace);
+ − 287 }
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 288
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 289 // We are all done. Ship off the page.
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 290
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 291 if ( $this->send_headers )
1
+ − 292 {
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 293 $template->init_vars($this);
1
+ − 294 }
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 295
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 296 $this->ns->send();
741
+ − 297 }
+ − 298
+ − 299 /**
+ − 300 * Sends the page through by fetching it from the database.
+ − 301 */
+ − 302
+ − 303 function send_from_db($strict_no_headers = false)
+ − 304 {
+ − 305 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 306 global $lang;
+ − 307
+ − 308 // Send as regular page
+ − 309 if ( $this->send_headers )
+ − 310 {
+ − 311 $template->init_vars($this);
+ − 312 }
+ − 313
+ − 314 $text = $this->fetch_text();
+ − 315
+ − 316 if ( $text == 'err_no_text_rows' )
+ − 317 {
+ − 318 $this->err_no_rows();
+ − 319 return false;
+ − 320 }
+ − 321 else
+ − 322 {
+ − 323 $redirect = ( isset($_GET['redirect']) ) ? $_GET['redirect'] : 'YES YOU IDIOT';
+ − 324 if ( preg_match('/^#redirect \[\[([^\]]+)\]\]/i', $text, $match) && $redirect != 'no' )
570
+ − 325 {
741
+ − 326 // Redirect page!
+ − 327 $page_to = sanitize_page_id($match[1]);
+ − 328 $page_id_data = RenderMan::strToPageID($page_to);
+ − 329 if ( count($this->redirect_stack) >= 3 )
+ − 330 {
+ − 331 $this->render( (!$strict_no_headers), '<div class="usermessage"><b>' . $lang->get('page_err_redirects_exceeded') . '</b></div>' );
+ − 332 }
+ − 333 else
+ − 334 {
+ − 335 $result = $this->_handle_redirect($page_id_data[0], $page_id_data[1]);
+ − 336 if ( $result !== true )
+ − 337 {
+ − 338 // There was some error during the redirect process - usually an infinite redirect
+ − 339 $this->render( (!$strict_no_headers), '<div class="usermessage"><b>' . $result . '</b></div>' );
+ − 340 }
+ − 341 }
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 342 }
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 343 else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 344 {
741
+ − 345 $this->render( (!$strict_no_headers) );
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 346 }
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 347 }
1
+ − 348 }
+ − 349
+ − 350 /**
322
+ − 351 * Fetches the wikitext or HTML source for the page.
+ − 352 * @return string
+ − 353 */
+ − 354
+ − 355 function fetch_source()
+ − 356 {
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 357 global $db, $session, $paths, $template, $plugins; // Common objects
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 358
322
+ − 359 if ( !$this->perms->get_permissions('view_source') )
+ − 360 {
+ − 361 return false;
+ − 362 }
325
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 363 if ( !$this->page_exists )
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 364 {
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 365 return '';
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 366 }
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 367 $pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 368 if ( isset($paths->pages[$pathskey]) )
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 369 {
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 370 if ( isset($paths->pages[$pathskey]['password']) )
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 371 {
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 372 if ( $paths->pages[$pathskey]['password'] != sha1('') && $paths->pages[$pathskey]['password'] !== $this->password && !empty($paths->pages[$pathskey]['password']) )
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 373 {
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 374 return false;
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 375 }
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 376 }
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 377 }
322
+ − 378 return $this->fetch_text();
+ − 379 }
+ − 380
+ − 381 /**
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 382 * Updates (saves/changes/edits) the content of the page.
322
+ − 383 * @param string The new text for the page
+ − 384 * @param string A summary of edits made to the page.
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 385 * @param bool If true, the edit is marked as a minor revision
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 386 * @return bool True on success, false on failure. When returning false, it will push errors to the PageProcessor error stack; read with $page->pop_error()
322
+ − 387 */
+ − 388
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 389 function update_page($text, $edit_summary = false, $minor_edit = false)
322
+ − 390 {
+ − 391 global $db, $session, $paths, $template, $plugins; // Common objects
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 392 global $lang;
322
+ − 393
+ − 394 // Create the page if it doesn't exist
+ − 395 if ( !$this->page_exists )
+ − 396 {
+ − 397 if ( !$this->create_page() )
+ − 398 {
+ − 399 return false;
+ − 400 }
+ − 401 }
+ − 402
+ − 403 //
+ − 404 // Validation
+ − 405 //
+ − 406
+ − 407 $page_id = $db->escape($this->page_id);
+ − 408 $namespace = $db->escape($this->namespace);
+ − 409
+ − 410 $q = $db->sql_query('SELECT protected FROM ' . table_prefix . "pages WHERE urlname='$page_id' AND namespace='$namespace';");
+ − 411 if ( !$q )
+ − 412 $db->_die('PageProcess updating page content');
+ − 413 if ( $db->numrows() < 1 )
+ − 414 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 415 $this->raise_error($lang->get('editor_err_no_rows'));
322
+ − 416 return false;
+ − 417 }
+ − 418
+ − 419 // Do we have permission to edit the page?
+ − 420 if ( !$this->perms->get_permissions('edit_page') )
+ − 421 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 422 $this->raise_error($lang->get('editor_err_no_permission'));
322
+ − 423 return false;
+ − 424 }
+ − 425
+ − 426 list($protection) = $db->fetchrow_num();
+ − 427 $db->free_result();
+ − 428
+ − 429 if ( $protection == 1 )
+ − 430 {
+ − 431 // The page is protected - do we have permission to edit protected pages?
+ − 432 if ( !$this->perms->get_permissions('even_when_protected') )
+ − 433 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 434 $this->raise_error($lang->get('editor_err_page_protected'));
322
+ − 435 return false;
+ − 436 }
+ − 437 }
+ − 438 else if ( $protection == 2 )
+ − 439 {
+ − 440 // The page is semi-protected.
+ − 441 if (
+ − 442 ( !$session->user_logged_in || // Is the user logged in?
+ − 443 ( $session->user_logged_in && $session->reg_time + ( 4 * 86400 ) >= time() ) ) // If so, have they been registered for 4 days?
+ − 444 && !$this->perms->get_permissions('even_when_protected') ) // And of course, is there an ACL that overrides semi-protection?
+ − 445 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 446 $this->raise_error($lang->get('editor_err_page_protected'));
322
+ − 447 return false;
+ − 448 }
+ − 449 }
+ − 450
825
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 451 // Spam check
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 452 if ( !spamalyze($text) )
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 453 {
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 454 $this->raise_error($lang->get('editor_err_spamcheck_failed'));
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 455 return false;
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 456 }
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 457
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 458 //
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 459 // Protection validated; update page content
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 460 //
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 461
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 462 $text_undb = RenderMan::preprocess_text($text, false, false);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 463 $text = $db->escape($text_undb);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 464 $author = $db->escape($session->username);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 465 $time = time();
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 466 $edit_summary = ( strval($edit_summary) === $edit_summary ) ? $db->escape($edit_summary) : '';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 467 $minor_edit = ( $minor_edit ) ? '1' : '0';
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 468 $date_string = enano_date('d M Y h:i a');
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 469
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 470 // Insert log entry
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 471 $sql = 'INSERT INTO ' . table_prefix . "logs ( time_id, date_string, log_type, action, page_id, namespace, author, page_text, edit_summary, minor_edit )\n"
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 472 . " VALUES ( $time, '$date_string', 'page', 'edit', '{$this->page_id}', '{$this->namespace}', '$author', '$text', '$edit_summary', $minor_edit );";
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 473 if ( !$db->sql_query($sql) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 474 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 475 $this->raise_error($db->get_error());
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 476 return false;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 477 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 478
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 479 // Update the master text entry
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 480 $sql = 'UPDATE ' . table_prefix . "page_text SET page_text = '$text' WHERE page_id = '{$this->page_id}' AND namespace = '{$this->namespace}';";
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 481 if ( !$db->sql_query($sql) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 482 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 483 $this->raise_error($db->get_error());
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 484 return false;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 485 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 486
468
+ − 487 // If there's an identical draft copy, delete it
+ − 488 $sql = 'DELETE FROM ' . table_prefix . "logs WHERE is_draft = 1 AND page_id = '{$this->page_id}' AND namespace = '{$this->namespace}' AND page_text = '{$text}';";
+ − 489 if ( !$db->sql_query($sql) )
+ − 490 {
+ − 491 $this->raise_error($db->get_error());
+ − 492 return false;
+ − 493 }
+ − 494
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 495 // Rebuild the search index
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 496 $paths->rebuild_page_index($this->page_id, $this->namespace);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 497
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 498 $this->text_cache = $text;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 499
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 500 return true;
322
+ − 501
+ − 502 }
+ − 503
+ − 504 /**
+ − 505 * Creates the page if it doesn't already exist.
426
+ − 506 * @param string Optional page title.
821
a64c56a1a6a4
PageProcessor: fix not setting page_exists to true after create_page() success (todo: move to Namespace_*?); add $visible parameter to create_page()
Dan
diff
changeset
+ − 507 * @param bool Visibility (allow indexing) flag
322
+ − 508 * @return bool True on success, false on failure.
+ − 509 */
+ − 510
821
a64c56a1a6a4
PageProcessor: fix not setting page_exists to true after create_page() success (todo: move to Namespace_*?); add $visible parameter to create_page()
Dan
diff
changeset
+ − 511 function create_page($title = false, $visible = true)
322
+ − 512 {
+ − 513 global $db, $session, $paths, $template, $plugins; // Common objects
426
+ − 514 global $lang;
322
+ − 515
+ − 516 // Do we have permission to create the page?
+ − 517 if ( !$this->perms->get_permissions('create_page') )
+ − 518 {
426
+ − 519 $this->raise_error($lang->get('pagetools_create_err_no_permission'));
322
+ − 520 return false;
+ − 521 }
+ − 522
+ − 523 // Does it already exist?
+ − 524 if ( $this->page_exists )
+ − 525 {
426
+ − 526 $this->raise_error($lang->get('pagetools_create_err_already_exists'));
322
+ − 527 return false;
+ − 528 }
+ − 529
+ − 530 // It's not in there. Perform validation.
+ − 531
+ − 532 // We can't create special, admin, or external pages.
692
78473351a6c9
Changed namespace properties (including core identifier) for external pages that load the Enano API to be a uniform "API" namespace and "SystemAPI:" prefix.
Dan
diff
changeset
+ − 533 if ( $this->namespace == 'Special' || $this->namespace == 'Admin' || $this->namespace == 'API' )
322
+ − 534 {
426
+ − 535 $this->raise_error($lang->get('pagetools_create_err_nodb_namespace'));
322
+ − 536 return false;
+ − 537 }
+ − 538
+ − 539 // Guess the proper title
481
+ − 540 $name = ( !empty($title) ) ? $title : str_replace('_', ' ', dirtify_page_id($this->page_id));
322
+ − 541
+ − 542 // Check for the restricted Project: prefix
+ − 543 if ( substr($this->page_id, 0, 8) == 'Project:' )
+ − 544 {
426
+ − 545 $this->raise_error($lang->get('pagetools_create_err_reserved_prefix'));
322
+ − 546 return false;
+ − 547 }
+ − 548
+ − 549 // Validation successful - insert the page
+ − 550
+ − 551 $metadata = array(
+ − 552 'urlname' => $this->page_id,
+ − 553 'namespace' => $this->namespace,
+ − 554 'name' => $name,
+ − 555 'special' => 0,
821
a64c56a1a6a4
PageProcessor: fix not setting page_exists to true after create_page() success (todo: move to Namespace_*?); add $visible parameter to create_page()
Dan
diff
changeset
+ − 556 'visible' => $visible ? 1 : 0,
322
+ − 557 'comments_on' => 1,
+ − 558 'protected' => ( $this->namespace == 'System' ? 1 : 0 ),
+ − 559 'delvotes' => 0,
+ − 560 'delvote_ips' => serialize(array()),
+ − 561 'wiki_mode' => 2
+ − 562 );
+ − 563
+ − 564 $paths->add_page($metadata);
+ − 565
+ − 566 $page_id = $db->escape($this->page_id);
+ − 567 $namespace = $db->escape($this->namespace);
+ − 568 $name = $db->escape($name);
+ − 569 $protect = ( $this->namespace == 'System' ) ? '1' : '0';
+ − 570 $blank_array = $db->escape(serialize(array()));
+ − 571
+ − 572 // Query 1: Metadata entry
821
a64c56a1a6a4
PageProcessor: fix not setting page_exists to true after create_page() success (todo: move to Namespace_*?); add $visible parameter to create_page()
Dan
diff
changeset
+ − 573 $q = $db->sql_query('INSERT INTO ' . table_prefix . "pages(name, urlname, namespace, visible, protected, delvotes, delvote_ips, wiki_mode)\n"
a64c56a1a6a4
PageProcessor: fix not setting page_exists to true after create_page() success (todo: move to Namespace_*?); add $visible parameter to create_page()
Dan
diff
changeset
+ − 574 . " VALUES ( '$name', '$page_id', '$namespace', {$metadata['visible']}, $protect, 0, '$blank_array', 2 );");
322
+ − 575 if ( !$q )
+ − 576 $db->_die('PageProcessor page creation - metadata stage');
+ − 577
+ − 578 // Query 2: Text insertion
+ − 579 $q = $db->sql_query('INSERT INTO ' . table_prefix . "page_text(page_id, namespace, page_text)\n"
+ − 580 . "VALUES ( '$page_id', '$namespace', '' );");
+ − 581 if ( !$q )
+ − 582 $db->_die('PageProcessor page creation - text stage');
+ − 583
426
+ − 584 // Query 3: Log entry
+ − 585 $db->sql_query('INSERT INTO ' . table_prefix."logs(time_id, date_string, log_type, action, author, page_id, namespace)\n"
+ − 586 . " VALUES ( " . time() . ", '" . enano_date('d M Y h:i a') . "', 'page', 'create', \n"
+ − 587 . " '" . $db->escape($session->username) . "', '" . $db->escape($this->page_id) . "', '" . $this->namespace . "');");
+ − 588 if ( !$q )
+ − 589 $db->_die('PageProcessor page creation - logging stage');
+ − 590
593
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 591 // Update the cache
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 592 $paths->update_metadata_cache();
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 593
821
a64c56a1a6a4
PageProcessor: fix not setting page_exists to true after create_page() success (todo: move to Namespace_*?); add $visible parameter to create_page()
Dan
diff
changeset
+ − 594 // Make sure that when/if we save the page later in this instance it doesn't get re-created
a64c56a1a6a4
PageProcessor: fix not setting page_exists to true after create_page() success (todo: move to Namespace_*?); add $visible parameter to create_page()
Dan
diff
changeset
+ − 595 $this->page_exists = true;
a64c56a1a6a4
PageProcessor: fix not setting page_exists to true after create_page() success (todo: move to Namespace_*?); add $visible parameter to create_page()
Dan
diff
changeset
+ − 596
322
+ − 597 // Page created. We're good!
+ − 598 return true;
+ − 599 }
+ − 600
+ − 601 /**
468
+ − 602 * Rolls back a non-edit action in the logs
+ − 603 * @param int Log entry (log_id) to roll back
+ − 604 * @return array Standard Enano error/success protocol
+ − 605 */
+ − 606
+ − 607 function rollback_log_entry($log_id)
+ − 608 {
+ − 609 global $db, $session, $paths, $template, $plugins; // Common objects
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 610 global $cache;
468
+ − 611
+ − 612 // Verify permissions
+ − 613 if ( !$this->perms->get_permissions('history_rollback') )
+ − 614 {
+ − 615 return array(
+ − 616 'success' => false,
+ − 617 'error' => 'access_denied'
+ − 618 );
+ − 619 }
+ − 620
+ − 621 // Check input
+ − 622 $log_id = intval($log_id);
+ − 623 if ( empty($log_id) )
+ − 624 {
+ − 625 return array(
+ − 626 'success' => false,
+ − 627 'error' => 'invalid_parameter'
+ − 628 );
+ − 629 }
+ − 630
+ − 631 // Fetch the log entry
+ − 632 $q = $db->sql_query('SELECT * FROM ' . table_prefix . "logs WHERE log_type = 'page' AND page_id='{$this->page_id}' AND namespace='{$this->namespace}' AND log_id = $log_id;");
+ − 633 if ( !$q )
+ − 634 $db->_die();
+ − 635
+ − 636 // Is this even a valid log entry for this context?
+ − 637 if ( $db->numrows() < 1 )
+ − 638 {
+ − 639 return array(
+ − 640 'success' => false,
+ − 641 'error' => 'entry_not_found'
+ − 642 );
+ − 643 }
+ − 644
+ − 645 // All good, fetch and free the result
+ − 646 $log_entry = $db->fetchrow();
+ − 647 $db->free_result();
+ − 648
481
+ − 649 $dateline = enano_date('d M Y h:i a', $log_entry['time_id']);
+ − 650
468
+ − 651 // Let's see, what do we have here...
+ − 652 switch ( $log_entry['action'] )
+ − 653 {
+ − 654 case 'rename':
+ − 655 // Page was renamed, let the rename method handle this
481
+ − 656 return array_merge($this->rename($log_entry['edit_summary']), array('dateline' => $dateline, 'action' => $log_entry['action']));
468
+ − 657 break;
+ − 658 case 'prot':
+ − 659 case 'unprot':
+ − 660 case 'semiprot':
481
+ − 661 return array_merge($this->protect_page(intval($log_entry['page_text']), '__REVERSION__'), array('dateline' => $dateline, 'action' => $log_entry['action']));
+ − 662 break;
+ − 663 case 'delete':
+ − 664
+ − 665 // Raising a previously dead page has implications...
+ − 666
+ − 667 // FIXME: l10n
+ − 668 // rollback_extra is required because usually only moderators can undo page deletion AND restore the content.
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 669 // potential flaw here - once recreated, can past revisions be restored by users without rollback_extra? should
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 670 // probably modify editor routine to deny revert access if the timestamp < timestamp of last deletion if any.
481
+ − 671 if ( !$this->perms->get_permissions('history_rollback_extra') )
+ − 672 return 'Administrative privileges are required for page undeletion.';
+ − 673
+ − 674 // Rolling back the deletion of a page that was since created?
+ − 675 $pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
+ − 676 if ( isset($paths->pages[$pathskey]) )
+ − 677 return array(
+ − 678 'success' => false,
+ − 679 // This is a clean Christian in-joke.
+ − 680 'error' => 'seeking_living_among_dead'
+ − 681 );
+ − 682
+ − 683 // Generate a crappy page name
+ − 684 $name = $db->escape( str_replace('_', ' ', dirtify_page_id($this->page_id)) );
+ − 685
+ − 686 // Stage 1 - re-insert page
+ − 687 $e = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace) VALUES( \'' . $name . '\', \'' . $this->page_id . '\',\'' . $this->namespace . '\' )');
+ − 688 if ( !$e )
+ − 689 $db->die_json();
+ − 690
+ − 691 // Select the latest published revision
+ − 692 $q = $db->sql_query('SELECT page_text FROM ' . table_prefix . "logs WHERE\n"
+ − 693 . " log_type = 'page'\n"
+ − 694 . " AND action = 'edit'\n"
+ − 695 . " AND page_id = '$this->page_id'\n"
+ − 696 . " AND namespace = '$this->namespace'\n"
+ − 697 . " AND is_draft != 1\n"
+ − 698 . "ORDER BY time_id DESC LIMIT 1;");
+ − 699 if ( !$q )
+ − 700 $db->die_json();
+ − 701 list($page_text) = $db->fetchrow_num();
+ − 702 $db->free_result($q);
+ − 703
+ − 704 // Apply the latest revision as the current page text
+ − 705 $page_text = $db->escape($page_text);
+ − 706 $e = $db->sql_query('INSERT INTO ' . table_prefix."page_text(page_id, namespace, page_text) VALUES\n"
+ − 707 . " ( '$this->page_id', '$this->namespace', '$page_text' );");
+ − 708 if ( !$e )
+ − 709 $db->die_json();
+ − 710
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 711 $cache->purge('page_meta');
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 712
481
+ − 713 return array(
+ − 714 'success' => true,
+ − 715 'dateline' => $dateline,
+ − 716 'action' => $log_entry['action']
+ − 717 );
+ − 718
+ − 719 break;
+ − 720 case 'reupload':
+ − 721
+ − 722 // given a log id and some revision info, restore the old file.
+ − 723 // get the timestamp of the file before this one
+ − 724 $q = $db->sql_query('SELECT time_id, file_key, file_extension, filename, size, mimetype FROM ' . table_prefix . "files WHERE time_id < {$log_entry['time_id']} ORDER BY time_id DESC LIMIT 1;");
+ − 725 if ( !$q )
+ − 726 $db->_die();
+ − 727
+ − 728 $row = $db->fetchrow();
+ − 729 $db->free_result();
+ − 730
+ − 731 // If the file hasn't been renamed to the new format (omitting timestamp), do that now.
+ − 732 $fname = ENANO_ROOT . "/files/{$row['file_key']}_{$row['time_id']}{$row['file_extension']}";
+ − 733 if ( @file_exists($fname) )
+ − 734 {
+ − 735 // it's stored in the old format - rename
+ − 736 $fname_new = ENANO_ROOT . "/files/{$row['file_key']}{$row['file_extension']}";
+ − 737 if ( !@rename($fname, $fname_new) )
+ − 738 {
+ − 739 return array(
+ − 740 'success' => false,
+ − 741 'error' => 'rb_file_rename_failed',
+ − 742 'action' => $log_entry['action']
+ − 743 );
+ − 744 }
+ − 745 }
+ − 746
+ − 747 // Insert a new file entry
+ − 748 $time = time();
+ − 749 $filename = $db->escape($row['filename']);
+ − 750 $mimetype = $db->escape($row['mimetype']);
+ − 751 $ext = $db->escape($row['file_extension']);
+ − 752 $key = $db->escape($row['file_key']);
+ − 753
+ − 754 $q = $db->sql_query('INSERT INTO ' . table_prefix . "files ( time_id, page_id, filename, size, mimetype, file_extension, file_key ) VALUES\n"
+ − 755 . " ( $time, '$this->page_id', '$filename', {$row['size']}, '$mimetype', '$ext', '$key' );");
+ − 756 if ( !$q )
+ − 757 $db->die_json();
+ − 758
+ − 759 // add reupload log entry
+ − 760 $username = $db->escape($session->username);
+ − 761 $q = $db->sql_query('INSERT INTO ' . table_prefix . "logs ( log_type, action, time_id, page_id, namespace, author, edit_summary ) VALUES\n"
+ − 762 . " ( 'page', 'reupload', $time, '$this->page_id', '$this->namespace', '$username', '__ROLLBACK__' )");
+ − 763 if ( !$q )
+ − 764 $db->die_json();
+ − 765
+ − 766 return array(
+ − 767 'success' => true,
+ − 768 'dateline' => $dateline,
+ − 769 'action' => $log_entry['action']
+ − 770 );
+ − 771
468
+ − 772 break;
+ − 773 default:
481
+ − 774
+ − 775 return array(
+ − 776 'success' => false,
+ − 777 'error' => 'rb_action_not_supported',
+ − 778 'action' => $log_entry['action']
+ − 779 );
+ − 780
468
+ − 781 break;
+ − 782 }
+ − 783 }
+ − 784
+ − 785 /**
+ − 786 * Renames the page
+ − 787 * @param string New name
+ − 788 * @return array Standard Enano error/success protocol
+ − 789 */
+ − 790
+ − 791 function rename_page($new_name)
+ − 792 {
+ − 793 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 794
+ − 795 // Check permissions
+ − 796 if ( !$this->perms->get_permissions('rename') )
+ − 797 {
+ − 798 return array(
+ − 799 'success' => false,
+ − 800 'error' => 'access_denied'
+ − 801 );
+ − 802 }
+ − 803
+ − 804 // If this is the same as the current name, return success
+ − 805 $page_name = get_page_title_ns($this->page_id, $this->namespace);
+ − 806 if ( $page_name === $new_name )
+ − 807 {
+ − 808 return array(
+ − 809 'success' => true
+ − 810 );
+ − 811 }
+ − 812
+ − 813 // Make sure the name is valid
+ − 814 $new_name = trim($new_name);
+ − 815 if ( empty($new_name) )
+ − 816 {
+ − 817 return array(
+ − 818 'success' => false,
+ − 819 'error' => 'invalid_parameter'
+ − 820 );
+ − 821 }
+ − 822
+ − 823 // Log the action
+ − 824 $username = $db->escape($session->username);
+ − 825 $page_name = $db->escape($page_name);
+ − 826 $time = time();
+ − 827
+ − 828 $q = $db->sql_query('INSERT INTO ' . table_prefix . "logs ( log_type, action, page_id, namespace, author, edit_summary, time_id, date_string ) VALUES\n"
+ − 829 . " ( 'page', 'rename', '{$this->page_id}', '{$this->namespace}', '$username', '$page_name', '$time', 'DATE_STRING COLUMN OBSOLETE, USE time_id' );");
+ − 830 if ( !$q )
+ − 831 $db->_die();
+ − 832
+ − 833 // Not much to do but to rename it now
+ − 834 $new_name = $db->escape($new_name);
+ − 835 $q = $db->sql_query('UPDATE ' . table_prefix . "pages SET name = '$new_name' WHERE urlname = '{$this->page_id}' AND namespace = '{$this->namespace}';");
+ − 836 if ( !$q )
+ − 837 $db->_die();
+ − 838
600
46abecc238e7
Fixed missing require() on stats.php in pageprocess; made pageprocess update the metadata cache on page rename
Dan
diff
changeset
+ − 839 // Update the cache
46abecc238e7
Fixed missing require() on stats.php in pageprocess; made pageprocess update the metadata cache on page rename
Dan
diff
changeset
+ − 840 $paths->update_metadata_cache();
46abecc238e7
Fixed missing require() on stats.php in pageprocess; made pageprocess update the metadata cache on page rename
Dan
diff
changeset
+ − 841
468
+ − 842 return array(
+ − 843 'success' => true
+ − 844 );
+ − 845 }
+ − 846
+ − 847 /**
+ − 848 * Sets the protection level of the page
+ − 849 * @param int Protection level, one of PROTECT_{FULL,SEMI,NONE}
+ − 850 * @param string Reason for protection - required
+ − 851 */
+ − 852
+ − 853 function protect_page($protection_level, $reason)
+ − 854 {
+ − 855 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 856
+ − 857 // Validate permissions
+ − 858 if ( !$this->perms->get_permissions('protect') )
+ − 859 {
+ − 860 return array(
+ − 861 'success' => false,
+ − 862 'error' => 'access_denied'
+ − 863 );
+ − 864 }
+ − 865
+ − 866 // Validate input
+ − 867 $reason = trim($reason);
+ − 868 if ( !in_array($protection_level, array(PROTECT_NONE, PROTECT_FULL, PROTECT_SEMI)) || empty($reason) )
+ − 869 {
+ − 870 return array(
+ − 871 'success' => false,
+ − 872 'error' => 'invalid_parameter'
+ − 873 );
+ − 874 }
+ − 875
+ − 876 // Retrieve page metadata
+ − 877 $pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
+ − 878 if ( !isset($paths->pages[$pathskey]) )
+ − 879 {
+ − 880 return array(
+ − 881 'success' => false,
+ − 882 'error' => 'page_metadata_not_found'
+ − 883 );
+ − 884 }
+ − 885 $metadata =& $paths->pages[$pathskey];
+ − 886
+ − 887 // Log the action
+ − 888 $username = $db->escape($session->username);
+ − 889 $time = time();
+ − 890 $existing_protection = intval($metadata['protected']);
+ − 891 $reason = $db->escape($reason);
+ − 892
481
+ − 893 if ( $existing_protection == $protection_level )
+ − 894 {
+ − 895 return array(
+ − 896 'success' => false,
+ − 897 'error' => 'protection_already_there'
+ − 898 );
+ − 899 }
+ − 900
468
+ − 901 $action = '[ insanity ]';
+ − 902 switch($protection_level)
+ − 903 {
+ − 904 case PROTECT_FULL: $action = 'prot'; break;
+ − 905 case PROTECT_NONE: $action = 'unprot'; break;
+ − 906 case PROTECT_SEMI: $action = 'semiprot'; break;
+ − 907 }
+ − 908
+ − 909 $sql = 'INSERT INTO ' . table_prefix . "logs ( log_type, action, page_id, namespace, author, edit_summary, time_id, page_text, date_string ) VALUES\n"
+ − 910 . " ( 'page', '$action', '{$this->page_id}', '{$this->namespace}', '$username', '$reason', '$time', '$existing_protection', 'DATE_STRING COLUMN OBSOLETE, USE time_id' );";
+ − 911 if ( !$db->sql_query($sql) )
+ − 912 {
481
+ − 913 $db->die_json();
468
+ − 914 }
+ − 915
+ − 916 // Perform the actual protection
+ − 917 $q = $db->sql_query('UPDATE ' . table_prefix . "pages SET protected = $protection_level WHERE urlname = '{$this->page_id}' AND namespace = '{$this->namespace}';");
+ − 918 if ( !$q )
481
+ − 919 $db->die_json();
468
+ − 920
+ − 921 return array(
+ − 922 'success' => true
+ − 923 );
+ − 924 }
+ − 925
+ − 926 /**
1
+ − 927 * Sets internal variables.
+ − 928 * @access private
+ − 929 */
+ − 930
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 931 function _setup($page_id, $namespace, $revision_id)
1
+ − 932 {
+ − 933 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 934
+ − 935 $page_id_cleaned = sanitize_page_id($page_id);
+ − 936
+ − 937 $this->page_id = $page_id_cleaned;
+ − 938 $this->namespace = $namespace;
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 939 $this->revision_id = $revision_id;
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 940 $this->page_id_unclean = dirtify_page_id($page_id);
1
+ − 941
+ − 942 $this->perms = $session->fetch_page_acl( $page_id, $namespace );
+ − 943
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 944 // resolve namespace
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 945 $this->ns = namespace_factory($this->page_id, $this->namespace, $this->revision_id);
426
+ − 946
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 947 $this->page_exists = $this->ns->exists();
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 948 $this->title = get_page_title_ns($this->page_id, $this->namespace);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 949
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 950 profiler_log("PageProcessor [{$this->namespace}:{$this->page_id}]: Ran _setup()");
1
+ − 951 }
+ − 952
+ − 953 /**
+ − 954 * Renders it all in one go, and echoes it out. This assumes that the text is in the DB.
+ − 955 * @access private
+ − 956 */
+ − 957
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 958 function render($incl_inner_headers = true, $_errormsg = false)
1
+ − 959 {
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 960 global $db, $session, $paths, $template, $plugins; // Common objects
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 961 global $output, $lang;
592
+ − 962
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 963 if ( count($this->redirect_stack) > 0 )
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 964 {
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 965 $stack = array_reverse($this->redirect_stack);
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 966 foreach ( $stack as $oldtarget )
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 967 {
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 968 $url = makeUrlNS($oldtarget[1], $oldtarget[0], 'redirect=no', true);
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 969 $page_id_key = $paths->nslist[ $oldtarget[1] ] . $oldtarget[0];
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 970 $page_data = $paths->pages[$page_id_key];
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 971 $title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$oldtarget[1]] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $oldtarget[0] ) ) );
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 972 $a = '<a href="' . $url . '">' . $title . '</a>';
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 973 $output->add_after_header('<small>' . $lang->get('page_msg_redirected_from', array('from' => $a)) . '<br /></small>');
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 974 }
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 975 }
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 976 $this->ns->send($incl_inner_headers, $_errormsg);
1
+ − 977 }
+ − 978
+ − 979 /**
+ − 980 * Sends the page header, dependent on, of course, whether we're supposed to.
+ − 981 */
+ − 982
+ − 983 function header()
+ − 984 {
+ − 985 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 986 if ( $this->send_headers )
+ − 987 $template->header();
+ − 988 }
+ − 989
+ − 990 /**
+ − 991 * Sends the page footer, dependent on, of course, whether we're supposed to.
+ − 992 */
+ − 993
+ − 994 function footer()
+ − 995 {
+ − 996 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 997 if ( $this->send_headers )
+ − 998 $template->footer();
+ − 999 }
+ − 1000
+ − 1001 /**
+ − 1002 * Fetches the raw, unfiltered page text.
+ − 1003 * @access public
+ − 1004 */
+ − 1005
+ − 1006 function fetch_text()
+ − 1007 {
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 1008 return $this->ns->fetch_text();
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1009 }
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1010
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1011 /**
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1012 * Pushes to the redirect stack and resets the instance. This depends on the page ID and namespace already being validated and sanitized, and does not check the size of the redirect stack.
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1013 * @param string Page ID to redirect to
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1014 * @param string Namespace to redirect to
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1015 * @access private
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1016 */
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1017
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1018 function _handle_redirect($page_id, $namespace)
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1019 {
92
+ − 1020 global $db, $session, $paths, $template, $plugins; // Common objects
314
+ − 1021 global $lang;
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1022 $arr_pid = array($this->page_id, $this->namespace);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1023 if ( $namespace == 'Special' || $namespace == 'Admin' )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1024 {
314
+ − 1025 return $lang->get('page_err_redirect_to_special');
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1026 }
314
+ − 1027 $looped = false;
+ − 1028 foreach ( $this->redirect_stack as $page )
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1029 {
314
+ − 1030 if ( $page[0] == $arr_pid[0] && $page[1] == $arr_pid[1] )
+ − 1031 {
+ − 1032 $looped = true;
+ − 1033 break;
+ − 1034 }
+ − 1035 }
+ − 1036 if ( $looped )
+ − 1037 {
+ − 1038 return $lang->get('page_err_redirect_infinite_loop');
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1039 }
92
+ − 1040 $page_id_key = $paths->nslist[ $namespace ] . sanitize_page_id($page_id);
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1041 if ( !isset($paths->pages[$page_id_key]) )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1042 {
314
+ − 1043 return $lang->get('page_err_redirect_to_nonexistent');
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1044 }
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1045 $this->redirect_stack[] = $arr_pid;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1046
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1047
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1048 // Nuke the text cache to avoid infinite loops, gah...
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1049 $this->text_cache = '';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1050 $this->_setup($page_id, $namespace, 0);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1051 $this->send();
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1052 return true;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1053 }
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1054
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1055 /**
1
+ − 1056 * Send the error message to the user that the access to this page is denied.
+ − 1057 * @access private
+ − 1058 */
+ − 1059
+ − 1060 function err_access_denied()
+ − 1061 {
+ − 1062 global $db, $session, $paths, $template, $plugins; // Common objects
314
+ − 1063 global $lang;
+ − 1064 global $email;
1
+ − 1065
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1066 // Log it for crying out loud
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1067 $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'illegal_page\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$db->escape($session->username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(serialize(array($this->page_id, $this->namespace))) . '\')');
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1068
1
+ − 1069 $ob = '';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1070 //$template->tpl_strings['PAGE_NAME'] = 'Access denied';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1071 $template->tpl_strings['PAGE_NAME'] = htmlspecialchars( $this->title );
1
+ − 1072
+ − 1073 if ( $this->send_headers )
+ − 1074 {
+ − 1075 $ob .= $template->getHeader();
+ − 1076 }
+ − 1077
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1078 if ( count($this->redirect_stack) > 0 )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1079 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1080 $stack = array_reverse($this->redirect_stack);
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1081 foreach ( $stack as $oldtarget )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1082 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1083 $url = makeUrlNS($oldtarget[1], $oldtarget[0], 'redirect=no', true);
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1084 $page_id_key = $paths->nslist[ $oldtarget[1] ] . $oldtarget[0];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1085 $page_data = $paths->pages[$page_id_key];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1086 $title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$oldtarget[1]] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $oldtarget[0] ) ) );
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1087 $a = '<a href="' . $url . '">' . $title . '</a>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1088
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1089 $url = makeUrlNS($this->namespace, $this->page_id, 'redirect=no', true);
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1090 $page_id_key = $paths->nslist[ $this->namespace ] . $this->page_id;
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1091 $page_data = $paths->pages[$page_id_key];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1092 $title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$this->namespace] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $this->page_id ) ) );
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1093 $b = '<a href="' . $url . '">' . $title . '</a>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1094
369
+ − 1095 $ob .= '<small>' . $lang->get('page_msg_redirected_from_to', array('from' => $a, 'to' => $b)) . '<br /></small>';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1096 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1097 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1098
314
+ − 1099 $email_link = $email->encryptEmail(getConfig('contact_email'), '', '', $lang->get('page_err_access_denied_siteadmin'));
+ − 1100
+ − 1101 $ob .= "<h3>" . $lang->get('page_err_access_denied_title') . "</h3>";
+ − 1102 $ob .= "<p>" . $lang->get('page_err_access_denied_body', array('site_administration' => $email_link)) . "</p>";
1
+ − 1103
+ − 1104 if ( $this->send_headers )
+ − 1105 {
+ − 1106 $ob .= $template->getFooter();
+ − 1107 }
+ − 1108 echo $ob;
+ − 1109 }
+ − 1110
+ − 1111 /**
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1112 * Inform the user of an incorrect or absent password
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1113 * @access private
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1114 */
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1115
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1116 function err_wrong_password()
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1117 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1118 global $db, $session, $paths, $template, $plugins; // Common objects
369
+ − 1119 global $lang;
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1120
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 1121 $title = $lang->get('page_msg_passrequired_title');
369
+ − 1122 $message = ( empty($this->password) ) ?
+ − 1123 '<p>' . $lang->get('page_msg_passrequired') . '</p>' :
+ − 1124 '<p>' . $lang->get('page_msg_pass_wrong') . '</p>';
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1125 $message .= '<form action="' . makeUrlNS($this->namespace, $this->page_id) . '" method="post">
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1126 <p>
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 1127 <label>' . $lang->get('page_lbl_password') . ' <input name="pagepass" type="password" /></label> <input type="submit" value="' . $lang->get('page_btn_password_submit') . '" />
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1128 </p>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1129 </form>';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1130 if ( $this->send_headers )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1131 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1132 $template->tpl_strings['PAGE_NAME'] = $title;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1133 $template->header();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1134 echo "$message";
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1135 $template->footer();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1136 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1137 else
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1138 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1139 echo "<h2>$title</h2>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1140 $message";
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1141 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1142 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1143
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1144 /**
1
+ − 1145 * Send the error message to the user complaining that there weren't any rows.
+ − 1146 * @access private
+ − 1147 */
+ − 1148
+ − 1149 function err_no_rows()
+ − 1150 {
+ − 1151 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1152
+ − 1153 $title = 'No text rows';
+ − 1154 $message = 'While the page\'s existence was verified, there were no rows in the database that matched the query for the text. This may indicate a bug with the software; ask the webmaster for more information. The offending query was:<pre>' . $db->latest_query . '</pre>';
+ − 1155 if ( $this->send_headers )
+ − 1156 {
+ − 1157 $template->tpl_strings['PAGE_NAME'] = $title;
+ − 1158 $template->header();
+ − 1159 echo "<p>$message</p>";
+ − 1160 $template->footer();
+ − 1161 }
+ − 1162 else
+ − 1163 {
+ − 1164 echo "<h2>$title</h2>
+ − 1165 <p>$message</p>";
+ − 1166 }
+ − 1167 }
+ − 1168
+ − 1169 /**
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1170 * Send an error message and die. For debugging or critical technical errors only - nothing that would under normal circumstances be shown to the user.
468
+ − 1171 * @param string Error message
+ − 1172 * @param bool If true, send DBAL's debugging information as well
1
+ − 1173 */
+ − 1174
+ − 1175 function send_error($message, $sql = false)
+ − 1176 {
+ − 1177 global $db, $session, $paths, $template, $plugins; // Common objects
369
+ − 1178 global $lang;
1
+ − 1179
+ − 1180 $content = "<p>$message</p>";
369
+ − 1181 $template->tpl_strings['PAGE_NAME'] = $lang->get('page_msg_general_error');
1
+ − 1182
+ − 1183 if ( $this->debug['works'] )
+ − 1184 {
+ − 1185 $content .= $this->debug['backtrace'];
+ − 1186 }
+ − 1187
+ − 1188 header('HTTP/1.1 500 Internal Server Error');
+ − 1189
+ − 1190 $template->header();
+ − 1191 echo $content;
+ − 1192 $template->footer();
+ − 1193
+ − 1194 $db->close();
+ − 1195
+ − 1196 exit;
+ − 1197
+ − 1198 }
+ − 1199
322
+ − 1200 /**
+ − 1201 * Raises an error.
+ − 1202 * @param string Error string
+ − 1203 */
+ − 1204
+ − 1205 function raise_error($string)
+ − 1206 {
+ − 1207 if ( !is_string($string) )
+ − 1208 return false;
+ − 1209 $this->_errors[] = $string;
+ − 1210 }
+ − 1211
+ − 1212 /**
+ − 1213 * Retrieves the latest error from the error stack and returns it ('pops' the error stack)
+ − 1214 * @return string
+ − 1215 */
+ − 1216
+ − 1217 function pop_error()
+ − 1218 {
+ − 1219 if ( count($this->_errors) < 1 )
+ − 1220 return false;
+ − 1221 return array_pop($this->_errors);
+ − 1222 }
+ − 1223
1
+ − 1224 } // class PageProcessor
+ − 1225
+ − 1226 ?>