1
+ − 1
<?php
166
+ − 2
1
+ − 3
/*
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 5
* Version 1.1.6 (Caoineag beta 1)
536
+ − 6
* Copyright (C) 2006-2008 Dan Fuhry
1
+ − 7
* pageutils.php - a class that handles raw page manipulations, used mostly by AJAX requests or their old-fashioned form-based counterparts
+ − 8
*
+ − 9
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 10
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 11
*
+ − 12
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 13
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 14
*/
+ − 15
+ − 16
class PageUtils {
+ − 17
+ − 18
/**
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 19
* Tell if a username is used or not.
1
+ − 20
* @param $name the name to check for
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 21
* @return string
1
+ − 22
*/
+ − 23
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 24
public static function checkusername($name)
1
+ − 25
{
+ − 26
global $db, $session, $paths, $template, $plugins; // Common objects
270
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 27
$name = str_replace('_', ' ', $name);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 28
$q = $db->sql_query('SELECT username FROM ' . table_prefix.'users WHERE username=\'' . $db->escape(rawurldecode($name)) . '\'');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 29
if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 30
{
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 31
die($db->get_error());
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 32
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 33
if ( $db->numrows() < 1)
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 34
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 35
$db->free_result(); return('good');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 36
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 37
else
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 38
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 39
$db->free_result(); return('bad');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 40
}
1
+ − 41
}
+ − 42
+ − 43
/**
+ − 44
* Get the wiki formatting source for a page
+ − 45
* @param $page the full page id (Namespace:Pagename)
+ − 46
* @return string
+ − 47
* @todo (DONE) Make it require a password (just for security purposes)
+ − 48
*/
+ − 49
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 50
public static function getsource($page, $password = false)
1
+ − 51
{
+ − 52
global $db, $session, $paths, $template, $plugins; // Common objects
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 53
if ( !isPage($page) )
1
+ − 54
{
+ − 55
return '';
+ − 56
}
+ − 57
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 58
list($page_id, $namespace) = RenderMan::strToPageID($page);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 59
$ns = namespace_factory($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 60
$cdata = $ns->get_cdata();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 61
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 62
if ( strlen($cdata['password']) == 40 )
1
+ − 63
{
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 64
if(!$password || ( $password != $cdata['password']))
1
+ − 65
{
+ − 66
return 'invalid_password';
+ − 67
}
+ − 68
}
+ − 69
+ − 70
if(!$session->get_permissions('view_source')) // Dependencies handle this for us - this also checks for read privileges
+ − 71
return 'access_denied';
+ − 72
$pid = RenderMan::strToPageID($page);
+ − 73
if($pid[1] == 'Special' || $pid[1] == 'Admin')
+ − 74
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 75
die('This type of page (' . $paths->nslist[$pid[1]] . ') cannot be edited because the page source code is not stored in the database.');
1
+ − 76
}
+ − 77
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 78
$e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $pid[0] . '\' AND namespace=\'' . $pid[1] . '\'');
1
+ − 79
if ( !$e )
+ − 80
{
+ − 81
$db->_die('The page text could not be selected.');
+ − 82
}
+ − 83
if( $db->numrows() < 1 )
+ − 84
{
+ − 85
return ''; //$db->_die('There were no rows in the text table that matched the page text query.');
+ − 86
}
+ − 87
+ − 88
$r = $db->fetchrow();
+ − 89
$db->free_result();
+ − 90
$message = $r['page_text'];
+ − 91
+ − 92
return htmlspecialchars($message);
+ − 93
}
+ − 94
+ − 95
/**
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
diff
changeset
+ − 96
* DEPRECATED. Previously returned the full rendered contents of a page.
1
+ − 97
* @param $page the full page id (Namespace:Pagename)
+ − 98
* @param $send_headers true if the theme headers should be sent (still dependent on current page settings), false otherwise
+ − 99
* @return string
+ − 100
*/
+ − 101
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 102
public static function getpage($page, $send_headers = false, $hist_id = false)
1
+ − 103
{
+ − 104
die('PageUtils->getpage is deprecated.');
+ − 105
}
+ − 106
+ − 107
/**
+ − 108
* Writes page data to the database, after verifying permissions and running the XSS filter
+ − 109
* @param $page_id the page ID
+ − 110
* @param $namespace the namespace
+ − 111
* @param $message the text to save
+ − 112
* @return string
+ − 113
*/
+ − 114
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 115
public static function savepage($page_id, $namespace, $message, $summary = 'No edit summary given', $minor = false)
1
+ − 116
{
+ − 117
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 118
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 119
$page = new PageProcessor($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 120
$cdata = $page->ns->get_cdata();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 121
return $page->update_page($message, $summary, $minor, $cdata['page_format']);
1
+ − 122
}
+ − 123
+ − 124
/**
+ − 125
* Creates a page, both in memory and in the database.
+ − 126
* @param string $page_id
+ − 127
* @param string $namespace
+ − 128
* @return bool true on success, false on failure
+ − 129
*/
+ − 130
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 131
public static function createPage($page_id, $namespace, $name = false, $visible = 1)
1
+ − 132
{
+ − 133
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 134
if(in_array($namespace, Array('Special', 'Admin')))
+ − 135
{
+ − 136
// echo '<b>Notice:</b> PageUtils::createPage: You can\'t create a special page in the database<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 137
return 'You can\'t create a special page in the database';
1
+ − 138
}
+ − 139
+ − 140
if(!isset($paths->nslist[$namespace]))
+ − 141
{
+ − 142
// echo '<b>Notice:</b> PageUtils::createPage: Couldn\'t look up the namespace<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 143
return 'Couldn\'t look up the namespace';
1
+ − 144
}
+ − 145
+ − 146
$pname = $paths->nslist[$namespace] . $page_id;
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 147
if(isPage($pname))
1
+ − 148
{
+ − 149
// echo '<b>Notice:</b> PageUtils::createPage: Page already exists<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 150
return 'Page already exists';
1
+ − 151
}
+ − 152
+ − 153
if(!$session->get_permissions('create_page'))
+ − 154
{
+ − 155
// echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create pages<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 156
return 'Not authorized to create pages';
1
+ − 157
}
+ − 158
+ − 159
if($session->user_level < USER_LEVEL_ADMIN && $namespace == 'System')
+ − 160
{
+ − 161
// echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 162
return 'Not authorized to create system messages';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 163
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 164
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 165
if ( substr($page_id, 0, 8) == 'Project:' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 166
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 167
// echo '<b>Notice:</b> PageUtils::createPage: Prefix "Project:" is reserved<br />';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 168
return 'The prefix "Project:" is reserved for a parser shortcut; if a page was created using this prefix, it would not be possible to link to it.';
1
+ − 169
}
+ − 170
361
+ − 171
/*
+ − 172
// Dunno why this was here. Enano can handle more flexible names than this...
1
+ − 173
$regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is';
320
112debff64bd
SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
diff
changeset
+ − 174
if(!preg_match($regex, $name))
1
+ − 175
{
+ − 176
//echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 177
return 'Name contains invalid characters';
1
+ − 178
}
361
+ − 179
*/
+ − 180
+ − 181
$page_id = dirtify_page_id($page_id);
+ − 182
+ − 183
if ( !$name )
+ − 184
$name = str_replace('_', ' ', $page_id);
1
+ − 185
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 186
$page_id = sanitize_page_id( $page_id );
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 187
1
+ − 188
$prot = ( $namespace == 'System' ) ? 1 : 0;
+ − 189
112
+ − 190
$ips = array(
+ − 191
'ip' => array(),
+ − 192
'u' => array()
+ − 193
);
+ − 194
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 195
$page_data = Array(
1
+ − 196
'name'=>$name,
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 197
'urlname'=>$page_id,
1
+ − 198
'namespace'=>$namespace,
112
+ − 199
'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>$prot,'delvotes'=>0,'delvote_ips'=>serialize($ips),'wiki_mode'=>2,
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 200
);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 201
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 202
// die('PageUtils::createpage: Creating page with this data:<pre>' . print_r($page_data, true) . '</pre>');
1
+ − 203
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 204
$paths->add_page($page_data);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 205
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 206
$qa = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\'' . $db->escape($name) . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\', '. ( $visible ? '1' : '0' ) .', ' . $prot . ', \'' . $db->escape(serialize($ips)) . '\');');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 207
$qb = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace) VALUES(\'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 208
$qc = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.enano_date('d M Y h:i a').'\', \'page\', \'create\', \'' . $session->username . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
1
+ − 209
+ − 210
if($qa && $qb && $qc)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 211
return 'good';
1
+ − 212
else
+ − 213
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 214
return $db->get_error();
1
+ − 215
}
+ − 216
}
+ − 217
+ − 218
/**
+ − 219
* Sets the protection level on a page.
+ − 220
* @param $page_id string the page ID
+ − 221
* @param $namespace string the namespace
+ − 222
* @param $level int level of protection - 0 is off, 1 is full, 2 is semi
+ − 223
* @param $reason string why the page is being (un)protected
+ − 224
* @return string - "good" on success, in all other cases, an error string (on query failure, calls $db->_die() )
+ − 225
*/
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 226
public static function protect($page_id, $namespace, $level, $reason)
1
+ − 227
{
+ − 228
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 229
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 230
$page = new PageProcessor($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 231
return $page->protect_page($level, $reason);
1
+ − 232
}
+ − 233
+ − 234
/**
+ − 235
* Generates an HTML table with history information in it.
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 236
* @param string the page ID
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 237
* @param string the namespace
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 238
* @param string page password
1
+ − 239
* @return string
+ − 240
*/
+ − 241
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 242
public static function histlist($page_id, $namespace, $password = false)
1
+ − 243
{
+ − 244
global $db, $session, $paths, $template, $plugins; // Common objects
213
+ − 245
global $lang;
1
+ − 246
+ − 247
if(!$session->get_permissions('history_view'))
+ − 248
return 'Access denied';
+ − 249
+ − 250
ob_start();
+ − 251
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 252
$pname = $paths->get_pathskey($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 253
$ns = namespace_factory($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 254
$cdata = $ns->get_cdata();
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 255
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 256
if ( !isPage($pname) )
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 257
{
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 258
return 'DNE';
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 259
}
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 260
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 261
if ( isPage($pname['password']) )
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 262
{
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 263
$password_exists = ( !empty($cdata['password']) && $cdata['password'] !== sha1('') );
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 264
if ( $password_exists && $password !== $cdata['password'] )
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 265
{
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 266
return '<p>' . $lang->get('history_err_wrong_password') . '</p>';
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 267
}
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 268
}
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 269
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 270
$wiki = ( ( $cdata['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $cdata['wiki_mode'] == 1) ? true : false;
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 271
$prot = ( ( $cdata['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $cdata['protected'] == 1) ? true : false;
1
+ − 272
468
+ − 273
$q = 'SELECT log_id,time_id,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND is_draft != 1 ORDER BY time_id DESC;';
980
d13fad911955
Fixed some bugs with history viewing and log display (wrong row counts, failing to provide result resource, etc.); added "view" button to edits in log display; fixed underscores in auto generated titles
Dan
diff
changeset
+ − 274
if ( !($q = $db->sql_query($q)) )
d13fad911955
Fixed some bugs with history viewing and log display (wrong row counts, failing to provide result resource, etc.); added "view" button to edits in log display; fixed underscores in auto generated titles
Dan
diff
changeset
+ − 275
$db->_die('The history data for the page "' . $paths->cpage['name'] . '" could not be selected.');
d13fad911955
Fixed some bugs with history viewing and log display (wrong row counts, failing to provide result resource, etc.); added "view" button to edits in log display; fixed underscores in auto generated titles
Dan
diff
changeset
+ − 276
213
+ − 277
echo $lang->get('history_page_subtitle') . '
+ − 278
<h3>' . $lang->get('history_heading_edits') . '</h3>';
1
+ − 279
$numrows = $db->numrows();
213
+ − 280
if ( $numrows < 1 )
+ − 281
{
+ − 282
echo $lang->get('history_no_entries');
+ − 283
}
1
+ − 284
else
+ − 285
{
+ − 286
echo '<form action="'.makeUrlNS($namespace, $page_id, 'do=diff').'" onsubmit="ajaxHistDiff(); return false;" method="get">
213
+ − 287
<input type="submit" value="' . $lang->get('history_btn_compare') . '" />
115
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 288
' . ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars($paths->nslist[$namespace] . $page_id) . '" />' : '' ) . '
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 289
' . ( $session->sid_super ? '<input type="hidden" name="auth" value="' . $session->sid_super . '" />' : '') . '
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 290
<input type="hidden" name="do" value="diff" />
1
+ − 291
<br /><span> </span>
+ − 292
<div class="tblholder">
+ − 293
<table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 294
<tr>
213
+ − 295
<th colspan="2">' . $lang->get('history_col_diff') . '</th>
+ − 296
<th>' . $lang->get('history_col_datetime') . '</th>
+ − 297
<th>' . $lang->get('history_col_user') . '</th>
+ − 298
<th>' . $lang->get('history_col_summary') . '</th>
+ − 299
<th>' . $lang->get('history_col_minor') . '</th>
+ − 300
<th colspan="3">' . $lang->get('history_col_actions') . '</th>
1
+ − 301
</tr>'."\n"."\n";
+ − 302
$cls = 'row2';
+ − 303
$ticker = 0;
+ − 304
980
d13fad911955
Fixed some bugs with history viewing and log display (wrong row counts, failing to provide result resource, etc.); added "view" button to edits in log display; fixed underscores in auto generated titles
Dan
diff
changeset
+ − 305
while ( $r = $db->fetchrow($q) )
213
+ − 306
{
1
+ − 307
+ − 308
$ticker++;
+ − 309
+ − 310
if($cls == 'row2') $cls = 'row1';
+ − 311
else $cls = 'row2';
+ − 312
+ − 313
echo '<tr>'."\n";
+ − 314
+ − 315
// Diff selection
+ − 316
if($ticker == 1)
+ − 317
{
+ − 318
$s1 = '';
+ − 319
$s2 = 'checked="checked" ';
+ − 320
}
+ − 321
elseif($ticker == 2)
+ − 322
{
+ − 323
$s1 = 'checked="checked" ';
+ − 324
$s2 = '';
+ − 325
}
+ − 326
else
+ − 327
{
+ − 328
$s1 = '';
+ − 329
$s2 = '';
+ − 330
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 331
if($ticker > 1) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s1 . 'name="diff1" type="radio" value="' . $r['time_id'] . '" id="diff1_' . $r['time_id'] . '" class="clsDiff1Radio" onclick="selectDiff1Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 332
if($ticker < $numrows) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s2 . 'name="diff2" type="radio" value="' . $r['time_id'] . '" id="diff2_' . $r['time_id'] . '" class="clsDiff2Radio" onclick="selectDiff2Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';
1
+ − 333
+ − 334
// Date and time
401
6ae6e387a0e3
Implemented a new CAPTCHA API; the frontend ($session->{make,get}_captcha) is API-compatible but the backend (the captcha class) is deprecated.
Dan
diff
changeset
+ − 335
echo '<td class="' . $cls . '" style="white-space: nowrap;">' . enano_date('d M Y h:i a', intval($r['time_id'])) . '</td class="' . $cls . '">'."\n";
1
+ − 336
+ − 337
// User
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 338
if ( $session->get_permissions('mod_misc') && is_valid_ip($r['author']) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 339
{
213
+ − 340
$rc = ' style="cursor: pointer;" title="' . $lang->get('history_tip_rdns') . '" onclick="ajaxReverseDNS(this, \'' . $r['author'] . '\');"';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 341
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 342
else
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 343
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 344
$rc = '';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 345
}
285
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 346
echo '<td class="' . $cls . '"' . $rc . '><a href="'.makeUrlNS('User', sanitize_page_id($r['author'])).'" ';
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 347
if ( !isPage($paths->nslist['User'] . sanitize_page_id($r['author'])) )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 348
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 349
echo 'class="wikilink-nonexistent"';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 350
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 351
echo '>' . $r['author'] . '</a></td class="' . $cls . '">'."\n";
1
+ − 352
+ − 353
// Edit summary
213
+ − 354
if ( $r['edit_summary'] == 'Automatic backup created when logs were purged' )
+ − 355
{
+ − 356
$r['edit_summary'] = $lang->get('history_summary_clearlogs');
+ − 357
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 358
echo '<td class="' . $cls . '">' . $r['edit_summary'] . '</td>'."\n";
1
+ − 359
+ − 360
// Minor edit
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 361
echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'."\n";
1
+ − 362
+ − 363
// Actions!
468
+ − 364
echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrlNS($namespace, $page_id, 'oldid=' . $r['log_id']) . '" onclick="ajaxHistView(\'' . $r['log_id'] . '\'); return false;">' . $lang->get('history_action_view') . '</a></td>'."\n";
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 365
echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">' . $lang->get('history_action_contrib') . '</a></td>'."\n";
468
+ − 366
echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrlNS($namespace, $page_id, 'do=edit&revid=' . $r['log_id']) . '" onclick="ajaxEditor(\'' . $r['log_id'] . '\'); return false;">' . $lang->get('history_action_restore') . '</a></td>'."\n";
1
+ − 367
+ − 368
echo '</tr>'."\n"."\n";
+ − 369
+ − 370
}
+ − 371
echo '</table>
+ − 372
</div>
+ − 373
<br />
+ − 374
<input type="hidden" name="do" value="diff" />
213
+ − 375
<input type="submit" value="' . $lang->get('history_btn_compare') . '" />
1
+ − 376
</form>
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 377
<script type="text/javascript">if ( !KILL_SWITCH ) { buildDiffList(); }</script>';
1
+ − 378
}
+ − 379
$db->free_result();
213
+ − 380
echo '<h3>' . $lang->get('history_heading_other') . '</h3>';
468
+ − 381
$q = 'SELECT log_id,time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action!=\'edit\' AND page_id=\'' . $paths->page_id . '\' AND namespace=\'' . $paths->namespace . '\' ORDER BY time_id DESC;';
213
+ − 382
if ( !$db->sql_query($q) )
+ − 383
{
+ − 384
$db->_die('The history data for the page "' . htmlspecialchars($paths->cpage['name']) . '" could not be selected.');
+ − 385
}
+ − 386
if ( $db->numrows() < 1 )
+ − 387
{
+ − 388
echo $lang->get('history_no_entries');
+ − 389
}
+ − 390
else
+ − 391
{
1
+ − 392
213
+ − 393
echo '<div class="tblholder">
+ − 394
<table border="0" width="100%" cellspacing="1" cellpadding="4"><tr>
+ − 395
<th>' . $lang->get('history_col_datetime') . '</th>
+ − 396
<th>' . $lang->get('history_col_user') . '</th>
+ − 397
<th>' . $lang->get('history_col_minor') . '</th>
+ − 398
<th>' . $lang->get('history_col_action_taken') . '</th>
+ − 399
<th>' . $lang->get('history_col_extra') . '</th>
+ − 400
<th colspan="2"></th>
+ − 401
</tr>';
1
+ − 402
$cls = 'row2';
+ − 403
while($r = $db->fetchrow()) {
+ − 404
+ − 405
if($cls == 'row2') $cls = 'row1';
+ − 406
else $cls = 'row2';
+ − 407
+ − 408
echo '<tr>';
+ − 409
+ − 410
// Date and time
351
+ − 411
echo '<td class="' . $cls . '">' . enano_date('d M Y h:i a', intval($r['time_id'])) . '</td class="' . $cls . '">';
1
+ − 412
+ − 413
// User
285
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 414
echo '<td class="' . $cls . '"><a href="'.makeUrlNS('User', sanitize_page_id($r['author'])).'" ';
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 415
if(!isPage($paths->nslist['User'] . sanitize_page_id($r['author']))) echo 'class="wikilink-nonexistent"';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 416
echo '>' . $r['author'] . '</a></td class="' . $cls . '">';
1
+ − 417
+ − 418
+ − 419
// Minor edit
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 420
echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>';
1
+ − 421
+ − 422
// Action taken
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 423
echo '<td class="' . $cls . '">';
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 424
// Some of these are sanitized at insert-time. Others follow the newer Enano policy of stripping HTML at runtime.
468
+ − 425
if ($r['action']=='prot') echo $lang->get('history_log_protect') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . ( $r['edit_summary'] === '__REVERSION__' ? $lang->get('history_extra_protection_reversion') : htmlspecialchars($r['edit_summary']) );
+ − 426
elseif($r['action']=='unprot') echo $lang->get('history_log_unprotect') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . ( $r['edit_summary'] === '__REVERSION__' ? $lang->get('history_extra_protection_reversion') : htmlspecialchars($r['edit_summary']) );
+ − 427
elseif($r['action']=='semiprot') echo $lang->get('history_log_semiprotect') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . ( $r['edit_summary'] === '__REVERSION__' ? $lang->get('history_extra_protection_reversion') : htmlspecialchars($r['edit_summary']) );
213
+ − 428
elseif($r['action']=='rename') echo $lang->get('history_log_rename') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_oldtitle') . ' '.htmlspecialchars($r['edit_summary']);
+ − 429
elseif($r['action']=='create') echo $lang->get('history_log_create') . '</td><td class="' . $cls . '">';
+ − 430
elseif($r['action']=='delete') echo $lang->get('history_log_delete') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $r['edit_summary'];
481
+ − 431
elseif($r['action']=='reupload') echo $lang->get('history_log_uploadnew') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . ( $r['edit_summary'] === '__ROLLBACK__' ? $lang->get('history_extra_upload_reversion') : htmlspecialchars($r['edit_summary']) );
913
+ − 432
elseif($r['action']=='votereset')echo $lang->get('history_log_votereset') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_numvotes') . ' ' . $r['edit_summary'];
1
+ − 433
echo '</td>';
+ − 434
+ − 435
// Actions!
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 436
echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">' . $lang->get('history_action_contrib') . '</a></td>';
468
+ − 437
echo '<td class="' . $cls . '" style="text-align: center;"><a rel="nofollow" href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id=' . $r['log_id']) . '" onclick="ajaxRollback(\'' . $r['log_id'] . '\'); return false;">' . $lang->get('history_action_revert') . '</a></td>';
1
+ − 438
+ − 439
echo '</tr>';
+ − 440
}
+ − 441
echo '</table></div>';
+ − 442
}
+ − 443
$db->free_result();
+ − 444
$ret = ob_get_contents();
+ − 445
ob_end_clean();
+ − 446
return $ret;
+ − 447
}
+ − 448
+ − 449
/**
+ − 450
* Rolls back a logged action
+ − 451
* @param $id the time ID, a.k.a. the primary key in the logs table
+ − 452
* @return string
+ − 453
*/
+ − 454
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 455
public static function rollback($id)
1
+ − 456
{
+ − 457
global $db, $session, $paths, $template, $plugins; // Common objects
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 458
global $lang;
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 459
481
+ − 460
// placeholder
+ − 461
return 'PageUtils->rollback() is deprecated - use PageProcessor instead.';
1
+ − 462
}
+ − 463
+ − 464
/**
+ − 465
* Posts a comment.
+ − 466
* @param $page_id the page ID
+ − 467
* @param $namespace the namespace
+ − 468
* @param $name the name of the person posting, defaults to current username/IP
+ − 469
* @param $subject the subject line of the comment
+ − 470
* @param $text the comment text
+ − 471
* @return string javascript code
+ − 472
*/
+ − 473
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 474
public static function addcomment($page_id, $namespace, $name, $subject, $text, $captcha_code = false, $captcha_id = false)
1
+ − 475
{
+ − 476
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 477
$_ob = '';
+ − 478
if(!$session->get_permissions('post_comments'))
+ − 479
return 'Access denied';
+ − 480
if(getConfig('comments_need_login') == '2' && !$session->user_logged_in) _die('Access denied to post comments: you need to be logged in first.');
+ − 481
if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
+ − 482
{
+ − 483
if(!$captcha_code || !$captcha_id) _die('BUG: PageUtils::addcomment: no CAPTCHA data passed to method');
+ − 484
$result = $session->get_captcha($captcha_id);
456
+ − 485
if(strtolower($captcha_code) != strtolower($result)) _die('The confirmation code you entered was incorrect.');
1
+ − 486
}
+ − 487
$text = RenderMan::preprocess_text($text);
+ − 488
$name = $session->user_logged_in ? RenderMan::preprocess_text($session->username) : RenderMan::preprocess_text($name);
+ − 489
$subj = RenderMan::preprocess_text($subject);
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 490
if(getConfig('approve_comments', '0')=='1') $appr = '0'; else $appr = '1';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 491
$q = 'INSERT INTO ' . table_prefix.'comments(page_id,namespace,subject,comment_data,name,user_id,approved,time) VALUES(\'' . $page_id . '\',\'' . $namespace . '\',\'' . $subj . '\',\'' . $text . '\',\'' . $name . '\',' . $session->user_id . ',' . $appr . ','.time().')';
1
+ − 492
$e = $db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 493
if(!$e) die('alert(unescape(\''.rawurlencode('Error inserting comment data: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'))');
1
+ − 494
else $_ob .= '<div class="info-box">Your comment has been posted.</div>';
+ − 495
return PageUtils::comments($page_id, $namespace, false, Array(), $_ob);
+ − 496
}
+ − 497
+ − 498
/**
+ − 499
* Generates partly-compiled HTML/Javascript code to be eval'ed by the user's browser to display comments
+ − 500
* @param $page_id the page ID
+ − 501
* @param $namespace the namespace
+ − 502
* @param $action administrative action to perform, default is false
+ − 503
* @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 504
* @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 505
* @return array
+ − 506
* @access private
+ − 507
*/
+ − 508
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 509
public static function comments_raw($page_id, $namespace, $action = false, $flags = Array(), $_ob = '')
1
+ − 510
{
+ − 511
global $db, $session, $paths, $template, $plugins; // Common objects
213
+ − 512
global $lang;
1
+ − 513
+ − 514
$pname = $paths->nslist[$namespace] . $page_id;
1016
6d32d80b2192
Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
diff
changeset
+ − 515
$template->init_vars();
1
+ − 516
+ − 517
ob_start();
+ − 518
+ − 519
if($action && $session->get_permissions('mod_comments')) // Nip hacking attempts in the bud
+ − 520
{
+ − 521
switch($action) {
+ − 522
case "delete":
+ − 523
if(isset($flags['id']))
+ − 524
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 525
$q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id='.intval($flags['id']).' LIMIT 1;';
1
+ − 526
} else {
+ − 527
$n = $db->escape($flags['name']);
+ − 528
$s = $db->escape($flags['subj']);
+ − 529
$t = $db->escape($flags['text']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 530
$q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;';
1
+ − 531
}
+ − 532
$e=$db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 533
if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 534
break;
+ − 535
case "approve":
+ − 536
if(isset($flags['id']))
+ − 537
{
+ − 538
$where = 'comment_id='.intval($flags['id']);
+ − 539
} else {
+ − 540
$n = $db->escape($flags['name']);
+ − 541
$s = $db->escape($flags['subj']);
+ − 542
$t = $db->escape($flags['text']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 543
$where = 'name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\'';
1
+ − 544
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 545
$q = 'SELECT approved FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ' LIMIT 1;';
1
+ − 546
$e = $db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 547
if(!$e) die('alert(unesape(\''.rawurlencode('Error selecting approval status: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 548
$r = $db->fetchrow();
+ − 549
$db->free_result();
+ − 550
$a = ( $r['approved'] ) ? '0' : '1';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 551
$q = 'UPDATE ' . table_prefix.'comments SET approved=' . $a . ' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ';';
1
+ − 552
$e=$db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 553
if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
213
+ − 554
if($a=='1') $v = $lang->get('comment_btn_mod_unapprove');
+ − 555
else $v = $lang->get('comment_btn_mod_approve');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 556
echo 'document.getElementById("mdgApproveLink'.intval($_GET['id']).'").innerHTML="' . $v . '";';
1
+ − 557
break;
+ − 558
}
+ − 559
}
+ − 560
+ − 561
if(!defined('ENANO_TEMPLATE_LOADED'))
+ − 562
{
+ − 563
$template->load_theme($session->theme, $session->style);
+ − 564
}
+ − 565
+ − 566
$tpl = $template->makeParser('comment.tpl');
+ − 567
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 568
$e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=0;');
1
+ − 569
if(!$e) $db->_die('The comment text data could not be selected.');
+ − 570
$num_unapp = $db->numrows();
+ − 571
$db->free_result();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 572
$e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=1;');
1
+ − 573
if(!$e) $db->_die('The comment text data could not be selected.');
+ − 574
$num_app = $db->numrows();
+ − 575
$db->free_result();
621
+ − 576
$lq = $db->sql_query('SELECT c.comment_id,c.subject,c.name,c.comment_data,c.approved,c.time,c.user_id,c.ip_address,u.user_level,u.email,u.signature,u.user_has_avatar,u.avatar_type
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 577
FROM ' . table_prefix.'comments AS c
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 578
LEFT JOIN ' . table_prefix.'users AS u
1
+ − 579
ON c.user_id=u.user_id
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 580
WHERE page_id=\'' . $page_id . '\'
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 581
AND namespace=\'' . $namespace . '\' ORDER BY c.time ASC;');
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 582
if(!$lq) _die('The comment text data could not be selected. '.$db->get_error());
213
+ − 583
$_ob .= '<h3>' . $lang->get('comment_heading') . '</h3>';
+ − 584
1
+ − 585
$n = ( $session->get_permissions('mod_comments')) ? $db->numrows() : $num_app;
213
+ − 586
+ − 587
$subst = array(
+ − 588
'num_comments' => $n,
226
0e6478521004
Fixed the one FIXME in PageUtils regarding static HTML comment system's greeting line; fixed parsing of external links in template->tplWikiFormat
Dan
diff
changeset
+ − 589
'page_type' => $template->namespace_string
213
+ − 590
);
+ − 591
+ − 592
$_ob .= '<p>';
+ − 593
$_ob .= ( $n == 0 ) ? $lang->get('comment_msg_count_zero', $subst) : ( $n == 1 ? $lang->get('comment_msg_count_one', $subst) : $lang->get('comment_msg_count_plural', $subst) );
+ − 594
+ − 595
if ( $session->get_permissions('mod_comments') && $num_unapp > 0 )
1
+ − 596
{
213
+ − 597
$_ob .= ' <span style="color: #D84308">' . $lang->get('comment_msg_count_unapp_mod', array( 'num_unapp' => $num_unapp )) . '</span>';
+ − 598
}
+ − 599
else if ( !$session->get_permissions('mod_comments') && $num_unapp > 0 )
+ − 600
{
+ − 601
$ls = ( $num_unapp == 1 ) ? 'comment_msg_count_unapp_one' : 'comment_msg_count_unapp_plural';
+ − 602
$_ob .= ' <span>' . $lang->get($ls, array( 'num_unapp' => $num_unapp )) . '</span>';
+ − 603
}
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 604
$_ob .= '</p>';
1
+ − 605
$list = 'list = { ';
+ − 606
// _die(htmlspecialchars($ttext));
+ − 607
$i = -1;
213
+ − 608
while ( $row = $db->fetchrow($lq) )
1
+ − 609
{
+ − 610
$i++;
+ − 611
$strings = Array();
+ − 612
$bool = Array();
825
9d5c04c1414f
Added (very basic) spam filtering plugin support. Plugins can mark a message as spam by hooking into the spam check API, which is documented in functions.php. No spam checking functionality is built-in.
Dan
diff
changeset
+ − 613
if ( $session->get_permissions('mod_comments') || $row['approved'] == COMMENT_APPROVED )
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 614
{
1
+ − 615
$list .= $i . ' : { \'comment\' : unescape(\''.rawurlencode($row['comment_data']).'\'), \'name\' : unescape(\''.rawurlencode($row['name']).'\'), \'subject\' : unescape(\''.rawurlencode($row['subject']).'\'), }, ';
+ − 616
+ − 617
// Comment ID (used in the Javascript apps)
+ − 618
$strings['ID'] = (string)$i;
+ − 619
+ − 620
// Determine the name, and whether to link to the user page or not
+ − 621
$name = '';
304
+ − 622
if($row['user_id'] > 1) $name .= '<a href="'.makeUrlNS('User', sanitize_page_id(' ', '_', $row['name'])).'">';
1
+ − 623
$name .= $row['name'];
213
+ − 624
if($row['user_id'] > 1) $name .= '</a>';
1
+ − 625
$strings['NAME'] = $name; unset($name);
+ − 626
+ − 627
// Subject
+ − 628
$s = $row['subject'];
213
+ − 629
if(!$row['approved']) $s .= ' <span style="color: #D84308">' . $lang->get('comment_msg_note_unapp') . '</span>';
1
+ − 630
$strings['SUBJECT'] = $s;
+ − 631
+ − 632
// Date and time
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 633
$strings['DATETIME'] = enano_date('F d, Y h:i a', $row['time']);
1
+ − 634
+ − 635
// User level
+ − 636
switch($row['user_level'])
+ − 637
{
+ − 638
default:
+ − 639
case USER_LEVEL_GUEST:
213
+ − 640
$l = $lang->get('user_type_guest');
1
+ − 641
break;
+ − 642
case USER_LEVEL_MEMBER:
213
+ − 643
case USER_LEVEL_CHPREF:
+ − 644
$l = $lang->get('user_type_member');
1
+ − 645
break;
+ − 646
case USER_LEVEL_MOD:
213
+ − 647
$l = $lang->get('user_type_mod');
1
+ − 648
break;
+ − 649
case USER_LEVEL_ADMIN:
213
+ − 650
$l = $lang->get('user_type_admin');
1
+ − 651
break;
+ − 652
}
+ − 653
$strings['USER_LEVEL'] = $l; unset($l);
+ − 654
+ − 655
// The actual comment data
+ − 656
$strings['DATA'] = RenderMan::render($row['comment_data']);
+ − 657
+ − 658
if($session->get_permissions('edit_comments'))
+ − 659
{
+ − 660
// Edit link
213
+ − 661
$strings['EDIT_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=editcomment&id=' . $row['comment_id']) . '" id="editbtn_' . $i . '">' . $lang->get('comment_btn_edit') . '</a>';
1
+ − 662
+ − 663
// Delete link
213
+ − 664
$strings['DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=deletecomment&id=' . $row['comment_id']) . '">' . $lang->get('comment_btn_delete') . '</a>';
1
+ − 665
}
+ − 666
else
+ − 667
{
+ − 668
// Edit link
+ − 669
$strings['EDIT_LINK'] = '';
+ − 670
+ − 671
// Delete link
+ − 672
$strings['DELETE_LINK'] = '';
+ − 673
}
+ − 674
+ − 675
// Send PM link
213
+ − 676
$strings['SEND_PM_LINK'] = ( $session->user_logged_in && $row['user_id'] > 1 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/To/' . $row['name']) . '">' . $lang->get('comment_btn_send_privmsg') . '</a><br />' : '';
1
+ − 677
+ − 678
// Add Buddy link
213
+ − 679
$strings['ADD_BUDDY_LINK'] = ( $session->user_logged_in && $row['user_id'] > 1 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add/' . $row['name']) . '">' . $lang->get('comment_btn_add_buddy') . '</a>' : '';
1
+ − 680
+ − 681
// Mod links
+ − 682
$applink = '';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 683
$applink .= '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=approve&id=' . $row['comment_id']) . '" id="mdgApproveLink' . $i . '">';
213
+ − 684
if($row['approved']) $applink .= $lang->get('comment_btn_mod_unapprove');
+ − 685
else $applink .= $lang->get('comment_btn_mod_approve');
1
+ − 686
$applink .= '</a>';
+ − 687
$strings['MOD_APPROVE_LINK'] = $applink; unset($applink);
213
+ − 688
$strings['MOD_DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=delete&id=' . $row['comment_id']) . '">' . $lang->get('comment_btn_mod_delete') . '</a>';
360
+ − 689
$strings['MOD_IP_LINK'] = '<span style="opacity: 0.5; filter: alpha(opacity=50);">' . ( ( empty($row['ip_address']) ) ? $lang->get('comment_btn_mod_ip_missing') : $lang->get('comment_btn_mod_ip_notimplemented') ) . '</span>';
1
+ − 690
+ − 691
// Signature
+ − 692
$strings['SIGNATURE'] = '';
+ − 693
if($row['signature'] != '') $strings['SIGNATURE'] = RenderMan::render($row['signature']);
+ − 694
328
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 695
// Avatar
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 696
if ( $row['user_has_avatar'] == 1 )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 697
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 698
$bool['user_has_avatar'] = true;
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 699
$strings['AVATAR_ALT'] = $lang->get('usercp_avatar_image_alt', array('username' => $row['name']));
621
+ − 700
$strings['AVATAR_URL'] = make_avatar_url(intval($row['user_id']), $row['avatar_type'], $row['email']);
328
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 701
$strings['USERPAGE_LINK'] = makeUrlNS('User', $row['name']);
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 702
}
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 703
1
+ − 704
$bool['auth_mod'] = ($session->get_permissions('mod_comments')) ? true : false;
+ − 705
$bool['can_edit'] = ( ( $session->user_logged_in && $row['name'] == $session->username && $session->get_permissions('edit_comments') ) || $session->get_permissions('mod_comments') ) ? true : false;
+ − 706
$bool['signature'] = ( $strings['SIGNATURE'] == '' ) ? false : true;
+ − 707
+ − 708
// Done processing and compiling, now let's cook it into HTML
+ − 709
$tpl->assign_vars($strings);
+ − 710
$tpl->assign_bool($bool);
+ − 711
$_ob .= $tpl->run();
+ − 712
}
+ − 713
}
+ − 714
if(getConfig('comments_need_login') != '2' || $session->user_logged_in)
+ − 715
{
213
+ − 716
if($session->get_permissions('post_comments'))
1
+ − 717
{
213
+ − 718
$_ob .= '<h3>' . $lang->get('comment_postform_title') . '</h3>';
+ − 719
$_ob .= $lang->get('comment_postform_blurb');
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 720
if(getConfig('approve_comments', '0')=='1') $_ob .= ' ' . $lang->get('comment_postform_blurb_unapp');
213
+ − 721
if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
+ − 722
{
+ − 723
$_ob .= ' ' . $lang->get('comment_postform_blurb_captcha');
+ − 724
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 725
$sn = $session->user_logged_in ? $session->username . '<input name="name" id="mdgScreenName" type="hidden" value="' . $session->username . '" />' : '<input name="name" id="mdgScreenName" type="text" size="35" />';
213
+ − 726
$_ob .= ' <a href="#" id="mdgCommentFormLink" style="display: none;" onclick="document.getElementById(\'mdgCommentForm\').style.display=\'block\';this.style.display=\'none\';return false;">' . $lang->get('comment_postform_blurb_link') . '</a>
1
+ − 727
<div id="mdgCommentForm">
+ − 728
<form action="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=postcomment').'" method="post" style="margin-left: 1em">
+ − 729
<table border="0">
213
+ − 730
<tr><td>' . $lang->get('comment_postform_field_name') . '</td><td>' . $sn . '</td></tr>
+ − 731
<tr><td>' . $lang->get('comment_postform_field_subject') . '</td><td><input name="subj" id="mdgSubject" type="text" size="35" /></td></tr>';
1
+ − 732
if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
+ − 733
{
+ − 734
$session->kill_captcha();
+ − 735
$captcha = $session->make_captcha();
213
+ − 736
$_ob .= '<tr><td>' . $lang->get('comment_postform_field_captcha_title') . '<br /><small>' . $lang->get('comment_postform_field_captcha_blurb') . '</small></td><td><img src="'.makeUrlNS('Special', 'Captcha/' . $captcha) . '" alt="Visual confirmation" style="cursor: pointer;" onclick="this.src = \''.makeUrlNS("Special", "Captcha/".$captcha).'/\'+Math.floor(Math.random() * 100000);" /><input name="captcha_id" id="mdgCaptchaID" type="hidden" value="' . $captcha . '" /><br />' . $lang->get('comment_postform_field_captcha_label') . ' <input name="captcha_input" id="mdgCaptchaInput" type="text" size="10" /><br /><small><script type="text/javascript">document.write("' . $lang->get('comment_postform_field_captcha_cantread_js') . '");</script><noscript>' . $lang->get('comment_postform_field_captcha_cantread_nojs') . '</noscript></small></td></tr>';
1
+ − 737
}
+ − 738
$_ob .= '
213
+ − 739
<tr><td valign="top">' . $lang->get('comment_postform_field_comment') . '</td><td><textarea name="text" id="mdgCommentArea" rows="10" cols="40"></textarea></td></tr>
+ − 740
<tr><td colspan="2" style="text-align: center;"><input type="submit" value="' . $lang->get('comment_postform_btn_submit') . '" /></td></tr>
1
+ − 741
</table>
+ − 742
</form>
+ − 743
</div>';
+ − 744
}
+ − 745
} else {
1016
6d32d80b2192
Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
diff
changeset
+ − 746
// FIXME: l10n
6d32d80b2192
Comments: SECURITY: Fixed IP not recorded in non-JSON submit and a few other non-security issues
Dan
diff
changeset
+ − 747
$_ob .= '<h3>' . $lang->get('comment_postform_title') . '</h3><p>You need to be logged in to post comments. <a href="'.makeUrlNS('Special', 'Login/' . $pname . '%2523comments').'">Log in</a></p>';
1
+ − 748
}
+ − 749
$list .= '};';
+ − 750
echo 'document.getElementById(\'ajaxEditContainer\').innerHTML = unescape(\''. rawurlencode($_ob) .'\');
+ − 751
' . $list;
+ − 752
echo 'Fat.fade_all(); document.getElementById(\'mdgCommentForm\').style.display = \'none\'; document.getElementById(\'mdgCommentFormLink\').style.display="inline";';
+ − 753
+ − 754
$ret = ob_get_contents();
+ − 755
ob_end_clean();
+ − 756
return Array($ret, $_ob);
+ − 757
+ − 758
}
+ − 759
+ − 760
/**
+ − 761
* Generates ready-to-execute Javascript code to be eval'ed by the user's browser to display comments
+ − 762
* @param $page_id the page ID
+ − 763
* @param $namespace the namespace
+ − 764
* @param $action administrative action to perform, default is false
+ − 765
* @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 766
* @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 767
* @return string
+ − 768
*/
+ − 769
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 770
public static function comments($page_id, $namespace, $action = false, $id = -1, $_ob = '')
1
+ − 771
{
+ − 772
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 773
$r = PageUtils::comments_raw($page_id, $namespace, $action, $id, $_ob);
+ − 774
return $r[0];
+ − 775
}
+ − 776
+ − 777
/**
+ − 778
* Generates HTML code for comments - used in browser compatibility mode
+ − 779
* @param $page_id the page ID
+ − 780
* @param $namespace the namespace
+ − 781
* @param $action administrative action to perform, default is false
+ − 782
* @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 783
* @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 784
* @return string
+ − 785
*/
+ − 786
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 787
public static function comments_html($page_id, $namespace, $action = false, $id = -1, $_ob = '')
1
+ − 788
{
+ − 789
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 790
$r = PageUtils::comments_raw($page_id, $namespace, $action, $id, $_ob);
+ − 791
return $r[1];
+ − 792
}
+ − 793
+ − 794
/**
+ − 795
* Updates comment data.
+ − 796
* @param $page_id the page ID
+ − 797
* @param $namespace the namespace
+ − 798
* @param $subject new subject
+ − 799
* @param $text new text
+ − 800
* @param $old_subject the old subject, unprocessed and identical to the value in the DB
+ − 801
* @param $old_text the old text, unprocessed and identical to the value in the DB
+ − 802
* @param $id the javascript list ID, used internally by the client-side app
+ − 803
* @return string
+ − 804
*/
+ − 805
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 806
public static function savecomment($page_id, $namespace, $subject, $text, $old_subject, $old_text, $id = -1)
1
+ − 807
{
+ − 808
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 809
if(!$session->get_permissions('edit_comments'))
+ − 810
return 'result="BAD";error="Access denied"';
+ − 811
// Avoid SQL injection
+ − 812
$old_text = $db->escape($old_text);
+ − 813
$old_subject = $db->escape($old_subject);
+ − 814
// Safety check - username/login
+ − 815
if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
+ − 816
{
+ − 817
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 818
$q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 819
$s = $db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 820
if(!$s) _die('SQL error during safety check: '.$db->get_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
1
+ − 821
$r = $db->fetchrow($s);
+ − 822
$db->free_result();
+ − 823
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 824
}
+ − 825
$s = RenderMan::preprocess_text($subject);
+ − 826
$t = RenderMan::preprocess_text($text);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 827
$sql = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 828
$result = $db->sql_query($sql);
+ − 829
if($result)
+ − 830
{
+ − 831
return 'result="GOOD";
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 832
list[' . $id . '][\'subject\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $s))))).'\');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 833
list[' . $id . '][\'comment\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t))))).'\'); id = ' . $id . ';
1
+ − 834
s = unescape(\''.rawurlencode($s).'\');
+ − 835
t = unescape(\''.str_replace('%5Cn', '<br \\/>', rawurlencode(RenderMan::render(str_replace('{{EnAnO:Newline}}', "\n", stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t)))))).'\');';
+ − 836
}
+ − 837
else
+ − 838
{
+ − 839
return 'result="BAD"; error=unescape("'.rawurlencode('Enano encountered a problem whilst saving the comment.
+ − 840
Performed SQL:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 841
' . $sql . '
1
+ − 842
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 843
Error returned by MySQL: '.$db->get_error()).'");';
1
+ − 844
}
+ − 845
}
+ − 846
+ − 847
/**
+ − 848
* Updates comment data using the comment_id column instead of the old, messy way
+ − 849
* @param $page_id the page ID
+ − 850
* @param $namespace the namespace
+ − 851
* @param $subject new subject
+ − 852
* @param $text new text
+ − 853
* @param $id the comment ID (primary key in enano_comments table)
+ − 854
* @return string
+ − 855
*/
+ − 856
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 857
public static function savecomment_neater($page_id, $namespace, $subject, $text, $id)
1
+ − 858
{
+ − 859
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 860
if(!is_int($id)) die('PageUtils::savecomment: $id is not an integer, aborting for safety');
+ − 861
if(!$session->get_permissions('edit_comments'))
+ − 862
return 'Access denied';
+ − 863
// Safety check - username/login
+ − 864
if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
+ − 865
{
+ − 866
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 867
$q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 868
$s = $db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 869
if(!$s) _die('SQL error during safety check: '.$db->get_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
1
+ − 870
$r = $db->fetchrow($s);
+ − 871
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 872
$db->free_result();
+ − 873
}
+ − 874
$s = RenderMan::preprocess_text($subject);
+ − 875
$t = RenderMan::preprocess_text($text);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 876
$sql = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 877
$result = $db->sql_query($sql);
+ − 878
if($result)
+ − 879
return 'good';
+ − 880
else return 'Enano encountered a problem whilst saving the comment.
+ − 881
Performed SQL:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 882
' . $sql . '
1
+ − 883
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 884
Error returned by MySQL: '.$db->get_error();
1
+ − 885
}
+ − 886
+ − 887
/**
+ − 888
* Deletes a comment.
+ − 889
* @param $page_id the page ID
+ − 890
* @param $namespace the namespace
+ − 891
* @param $name the name the user posted under
+ − 892
* @param $subj the subject of the comment to be deleted
+ − 893
* @param $text the text of the comment to be deleted
+ − 894
* @param $id the javascript list ID, used internally by the client-side app
+ − 895
* @return string
+ − 896
*/
+ − 897
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 898
public static function deletecomment($page_id, $namespace, $name, $subj, $text, $id)
1
+ − 899
{
+ − 900
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 901
+ − 902
if(!$session->get_permissions('edit_comments'))
+ − 903
return 'alert("Access to delete/edit comments is denied");';
+ − 904
+ − 905
if(!preg_match('#^([0-9]+)$#', (string)$id)) die('$_GET[id] is improperly formed.');
+ − 906
$n = $db->escape($name);
+ − 907
$s = $db->escape($subj);
+ − 908
$t = $db->escape($text);
+ − 909
+ − 910
// Safety check - username/login
+ − 911
if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
+ − 912
{
+ − 913
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 914
$q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $t . '\' AND subject=\'' . $s . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 915
$s = $db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 916
if(!$s) _die('SQL error during safety check: '.$db->get_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
1
+ − 917
$r = $db->fetchrow($s);
+ − 918
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 919
$db->free_result();
+ − 920
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 921
$q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;';
1
+ − 922
$e=$db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 923
if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 924
return('good');
+ − 925
}
+ − 926
+ − 927
/**
+ − 928
* Deletes a comment in a cleaner fashion.
+ − 929
* @param $page_id the page ID
+ − 930
* @param $namespace the namespace
+ − 931
* @param $id the comment ID (primary key)
+ − 932
* @return string
+ − 933
*/
+ − 934
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 935
public static function deletecomment_neater($page_id, $namespace, $id)
1
+ − 936
{
+ − 937
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 938
+ − 939
if(!preg_match('#^([0-9]+)$#', (string)$id)) die('$_GET[id] is improperly formed.');
+ − 940
+ − 941
if(!$session->get_permissions('edit_comments'))
+ − 942
return 'alert("Access to delete/edit comments is denied");';
+ − 943
+ − 944
// Safety check - username/login
+ − 945
if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
+ − 946
{
+ − 947
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 948
$q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 949
$s = $db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 950
if(!$s) _die('SQL error during safety check: '.$db->get_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
1
+ − 951
$r = $db->fetchrow($s);
+ − 952
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 953
$db->free_result();
+ − 954
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 955
$q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id=' . $id . ' LIMIT 1;';
1
+ − 956
$e=$db->sql_query($q);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 957
if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 958
return('good');
+ − 959
}
+ − 960
+ − 961
/**
+ − 962
* Renames a page.
+ − 963
* @param $page_id the page ID
+ − 964
* @param $namespace the namespace
+ − 965
* @param $name the new name for the page
+ − 966
* @return string error string or success message
+ − 967
*/
+ − 968
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 969
public static function rename($page_id, $namespace, $name)
1
+ − 970
{
+ − 971
global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 972
global $lang;
1
+ − 973
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 974
$page = new PageProcessor($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 975
return $page->rename_page($name);
1
+ − 976
}
+ − 977
+ − 978
/**
+ − 979
* Flushes (clears) the action logs for a given page
+ − 980
* @param $page_id the page ID
+ − 981
* @param $namespace the namespace
+ − 982
* @return string error/success string
+ − 983
*/
+ − 984
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 985
public static function flushlogs($page_id, $namespace)
1
+ − 986
{
+ − 987
global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 988
global $lang;
240
f0149a27df5f
Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
diff
changeset
+ − 989
if ( !is_object($lang) && defined('IN_ENANO_INSTALL') )
f0149a27df5f
Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
diff
changeset
+ − 990
{
f0149a27df5f
Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
diff
changeset
+ − 991
// This is a special exception for the Enano installer, which doesn't init languages yet.
f0149a27df5f
Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
diff
changeset
+ − 992
$lang = new Language('eng');
f0149a27df5f
Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
diff
changeset
+ − 993
}
351
+ − 994
if(!$session->get_permissions('clear_logs') && !defined('IN_ENANO_INSTALL'))
214
+ − 995
{
+ − 996
return $lang->get('etc_access_denied');
+ − 997
}
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 998
if ( !$session->sid_super )
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 999
{
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1000
return $lang->get('etc_access_denied_need_reauth');
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1001
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1002
$e = $db->sql_query('DELETE FROM ' . table_prefix.'logs WHERE page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';');
1
+ − 1003
if(!$e) $db->_die('The log entries could not be deleted.');
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1004
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1005
// If the page exists, make a backup of it in case it gets spammed/vandalized
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1006
// If not, the admin's probably deleting a trash page
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1007
if ( isPage($paths->get_pathskey($page_id, $namespace)) )
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1008
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1009
$e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1010
if(!$e) $db->_die('The current page text could not be selected; as a result, creating the backup of the page failed. Please make a backup copy of the page by clicking Edit this page and then clicking Save Changes.');
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1011
$row = $db->fetchrow();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1012
$db->free_result();
320
112debff64bd
SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
diff
changeset
+ − 1013
$minor_edit = ( ENANO_DBLAYER == 'MYSQL' ) ? 'false' : '0';
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1014
$q='INSERT INTO ' . table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.enano_date('d M Y h:i a').'\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape($row['page_text']) . '\', \'' . $row['char_tag'] . '\', \'' . $session->username . '\', \''."Automatic backup created when logs were purged".'\', '.$minor_edit.');';
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1015
if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1016
}
214
+ − 1017
return $lang->get('ajax_clearlogs_success');
1
+ − 1018
}
+ − 1019
+ − 1020
/**
+ − 1021
* Deletes a page.
28
+ − 1022
* @param string $page_id the condemned page ID
+ − 1023
* @param string $namespace the condemned namespace
+ − 1024
* @param string The reason for deleting the page in question
1
+ − 1025
* @return string
+ − 1026
*/
+ − 1027
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1028
public static function deletepage($page_id, $namespace, $reason)
1
+ − 1029
{
+ − 1030
global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 1031
global $lang;
609
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
diff
changeset
+ − 1032
global $cache;
1
+ − 1033
$perms = $session->fetch_page_acl($page_id, $namespace);
28
+ − 1034
$x = trim($reason);
+ − 1035
if ( empty($x) )
+ − 1036
{
214
+ − 1037
return $lang->get('ajax_delete_need_reason');
28
+ − 1038
}
+ − 1039
if(!$perms->get_permissions('delete_page')) return('Administrative privileges are required to delete pages, you loser.');
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1040
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1041
if ( !$session->sid_super )
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1042
{
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1043
return $lang->get('etc_access_denied_need_reauth');
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1044
}
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1045
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1046
$e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.enano_date('d M Y h:i a').'\', \'page\', \'delete\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\')');
1
+ − 1047
if(!$e) $db->_die('The page log entry could not be inserted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1048
$e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1049
if(!$e) $db->_die('The page categorization entries could not be deleted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1050
$e = $db->sql_query('DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1051
if(!$e) $db->_die('The page comments could not be deleted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1052
$e = $db->sql_query('DELETE FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1053
if(!$e) $db->_die('The page text entry could not be deleted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1054
$e = $db->sql_query('DELETE FROM ' . table_prefix.'pages WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1055
if(!$e) $db->_die('The page entry could not be deleted.');
609
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
diff
changeset
+ − 1056
if ( $namespace == 'File' )
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
diff
changeset
+ − 1057
{
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
diff
changeset
+ − 1058
$e = $db->sql_query('DELETE FROM ' . table_prefix.'files WHERE page_id=\'' . $page_id . '\'');
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
diff
changeset
+ − 1059
if(!$e) $db->_die('The file entry could not be deleted.');
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
diff
changeset
+ − 1060
}
ffa5decbb305
Fixed a few places where page metadata cache should have been purged (there may be a few more commits like this)
Dan
diff
changeset
+ − 1061
$cache->purge('page_meta');
214
+ − 1062
return $lang->get('ajax_delete_success');
1
+ − 1063
}
+ − 1064
+ − 1065
/**
898
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1066
* Deletes files associated with a File page.
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1067
* @param string Page ID
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1068
*/
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1069
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1070
public static function delete_page_files($page_id)
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1071
{
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1072
global $db, $session, $paths, $template, $plugins; // Common objects
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1073
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1074
$q = $db->sql_query('SELECT file_id, filename, file_key, time_id, file_extension FROM ' . table_prefix . "files WHERE page_id = '{$db->escape($page_id)}';");
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1075
if ( !$q )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1076
$db->_die();
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1077
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1078
while ( $row = $db->fetchrow() )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1079
{
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1080
// wipe original file
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1081
foreach ( array(
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1082
ENANO_ROOT . "/files/{$row['file_key']}_{$row['time_id']}{$row['file_extension']}",
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1083
ENANO_ROOT . "/files/{$row['file_key']}{$row['file_extension']}"
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1084
) as $orig_file )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1085
{
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1086
if ( file_exists($orig_file) )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1087
@unlink($orig_file);
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1088
}
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1089
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1090
// wipe cached files
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1091
if ( $dr = @opendir(ENANO_ROOT . '/cache/') )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1092
{
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1093
// lol404.jpg-1217958283-200x320.jpg
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1094
while ( $dh = @readdir($dr) )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1095
{
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1096
$regexp = ':^' . preg_quote("{$row['filename']}-{$row['time_id']}-") . '[0-9]+x[0-9]+\.' . ltrim($row['file_extension'], '.') . '$:';
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1097
if ( preg_match($regexp, $dh) )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1098
{
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1099
@unlink(ENANO_ROOT . "/cache/$dh");
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1100
}
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1101
}
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1102
@closedir($dr);
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1103
}
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1104
}
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1105
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1106
$q = $db->sql_query('DELETE FROM ' . table_prefix . "files WHERE page_id = '{$db->escape($page_id)}';");
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1107
if ( !$q )
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1108
$db->die();
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1109
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1110
return true;
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1111
}
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1112
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1113
/**
1
+ − 1114
* Increments the deletion votes for a page by 1, and adds the current username/IP to the list of users that have voted for the page to prevent dual-voting
+ − 1115
* @param $page_id the page ID
+ − 1116
* @param $namespace the namespace
+ − 1117
* @return string
+ − 1118
*/
+ − 1119
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1120
public static function delvote($page_id, $namespace)
1
+ − 1121
{
+ − 1122
global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 1123
global $lang;
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1124
global $cache;
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1125
112
+ − 1126
if ( !$session->get_permissions('vote_delete') )
+ − 1127
{
214
+ − 1128
return $lang->get('etc_access_denied');
112
+ − 1129
}
+ − 1130
+ − 1131
if ( $namespace == 'Admin' || $namespace == 'Special' || $namespace == 'System' )
+ − 1132
{
+ − 1133
return 'Special pages and system messages can\'t be voted for deletion.';
+ − 1134
}
+ − 1135
+ − 1136
$pname = $paths->nslist[$namespace] . sanitize_page_id($page_id);
+ − 1137
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 1138
if ( !isPage($pname) )
112
+ − 1139
{
+ − 1140
return 'The page does not exist.';
+ − 1141
}
+ − 1142
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1143
$ns = namespace_factory($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1144
$cdata = $ns->get_cdata();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1145
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1146
$cv =& $cdata['delvotes'];
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1147
$ips =& $cdata['delvote_ips'];
112
+ − 1148
+ − 1149
if ( empty($ips) )
+ − 1150
{
+ − 1151
$ips = array(
+ − 1152
'ip' => array(),
+ − 1153
'u' => array()
+ − 1154
);
+ − 1155
}
+ − 1156
else
+ − 1157
{
+ − 1158
$ips = @unserialize($ips);
+ − 1159
if ( !$ips )
+ − 1160
{
+ − 1161
$ips = array(
+ − 1162
'ip' => array(),
+ − 1163
'u' => array()
+ − 1164
);
+ − 1165
}
+ − 1166
}
+ − 1167
+ − 1168
if ( in_array($session->username, $ips['u']) || in_array($_SERVER['REMOTE_ADDR'], $ips['ip']) )
+ − 1169
{
214
+ − 1170
return $lang->get('ajax_delvote_already_voted');
112
+ − 1171
}
+ − 1172
+ − 1173
$ips['u'][] = $session->username;
+ − 1174
$ips['ip'][] = $_SERVER['REMOTE_ADDR'];
+ − 1175
$ips = $db->escape( serialize($ips) );
+ − 1176
1
+ − 1177
$cv++;
112
+ − 1178
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1179
$q = 'UPDATE ' . table_prefix.'pages SET delvotes=' . $cv . ',delvote_ips=\'' . $ips . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 1180
$w = $db->sql_query($q);
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1181
if ( !$w )
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1182
$db->_die();
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1183
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1184
// all done, flush page cache to mark it up
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1185
$cache->purge('page_meta');
112
+ − 1186
214
+ − 1187
return $lang->get('ajax_delvote_success');
1
+ − 1188
}
+ − 1189
+ − 1190
/**
+ − 1191
* Resets the number of votes against a page to 0.
+ − 1192
* @param $page_id the page ID
+ − 1193
* @param $namespace the namespace
+ − 1194
* @return string
+ − 1195
*/
+ − 1196
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1197
public static function resetdelvotes($page_id, $namespace)
1
+ − 1198
{
+ − 1199
global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 1200
global $lang;
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1201
global $cache;
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1202
913
+ − 1203
if ( !$session->get_permissions('vote_reset') )
214
+ − 1204
{
+ − 1205
return $lang->get('etc_access_denied');
+ − 1206
}
913
+ − 1207
+ − 1208
$page_id = $db->escape($page_id);
+ − 1209
$namespace = $db->escape($namespace);
+ − 1210
+ − 1211
// pull existing info
+ − 1212
$q = $db->sql_query('SELECT delvotes, delvote_ips FROM ' . table_prefix . "pages WHERE urlname = '$page_id' AND namespace = '$namespace'");
+ − 1213
if ( !$q )
+ − 1214
$db->_die();
+ − 1215
if ( $db->numrows() < 1 )
+ − 1216
return $lang->get('page_err_page_not_exist');
+ − 1217
+ − 1218
list($delvotes, $delvote_ips) = $db->fetchrow_num();
+ − 1219
$db->free_result();
+ − 1220
$delvote_ips = $db->escape($delvote_ips);
+ − 1221
$username = $db->escape($session->username);
+ − 1222
+ − 1223
// log action
+ − 1224
$time = time();
+ − 1225
$q = $db->sql_query('INSERT INTO ' . table_prefix . "logs (time_id, log_type, action, edit_summary, page_text, author, page_id, namespace) VALUES\n"
+ − 1226
. " ( $time, 'page', 'votereset', '$delvotes', '$delvote_ips', '$username', '$page_id', '$namespace' )");
+ − 1227
if ( !$q )
+ − 1228
$db->_die();
+ − 1229
+ − 1230
// reset votes
+ − 1231
$empty_vote_record = $db->escape(serialize(array('ip'=>array(),'u'=>array())));
+ − 1232
$q = 'UPDATE ' . table_prefix.'pages SET delvotes=0,delvote_ips=\'' . $empty_vote_record . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 1233
$e = $db->sql_query($q);
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1234
if ( !$e )
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1235
{
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1236
$db->_die('The number of delete votes was not reset.');
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1237
}
214
+ − 1238
else
+ − 1239
{
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 1240
$cache->purge('page_meta');
214
+ − 1241
return $lang->get('ajax_delvote_reset_success');
+ − 1242
}
1
+ − 1243
}
+ − 1244
+ − 1245
/**
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1246
* Gets a list of styles for a given theme name. As of Banshee, this returns JSON.
1
+ − 1247
* @param $id the name of the directory for the theme
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1248
* @return string JSON string with an array containing a list of themes
1
+ − 1249
*/
+ − 1250
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1251
public static function getstyles()
1
+ − 1252
{
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1253
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1254
if ( !preg_match('/^([a-z0-9_-]+)$/', $_GET['id']) )
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 1255
return enano_json_encode(false);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1256
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1257
$dir = './themes/' . $_GET['id'] . '/css/';
1
+ − 1258
$list = Array();
+ − 1259
// Open a known directory, and proceed to read its contents
+ − 1260
if (is_dir($dir)) {
+ − 1261
if ($dh = opendir($dir)) {
+ − 1262
while (($file = readdir($dh)) !== false) {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1263
if ( preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css' ) // _printable.css should be included with every theme
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1264
{ // it should be a copy of the original style, but
1
+ − 1265
// mostly black and white
+ − 1266
// Note to self: document this
+ − 1267
$list[] = substr($file, 0, strlen($file)-4);
+ − 1268
}
+ − 1269
}
+ − 1270
closedir($dh);
+ − 1271
}
+ − 1272
}
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1273
else
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1274
{
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 1275
return(enano_json_encode(Array('mode' => 'error', 'error' => $dir.' is not a dir')));
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1276
}
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1277
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 1278
return enano_json_encode($list);
1
+ − 1279
}
+ − 1280
+ − 1281
/**
+ − 1282
* Assembles a Javascript app with category information
+ − 1283
* @param $page_id the page ID
+ − 1284
* @param $namespace the namespace
+ − 1285
* @return string Javascript code
+ − 1286
*/
+ − 1287
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1288
public static function catedit($page_id, $namespace)
1
+ − 1289
{
+ − 1290
$d = PageUtils::catedit_raw($page_id, $namespace);
+ − 1291
return $d[0] . ' /* BEGIN CONTENT */ document.getElementById("ajaxEditContainer").innerHTML = unescape(\''.rawurlencode($d[1]).'\');';
+ − 1292
}
+ − 1293
+ − 1294
/**
+ − 1295
* Does the actual HTML/javascript generation for cat editing, but returns an array
+ − 1296
* @access private
+ − 1297
*/
+ − 1298
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1299
public static function catedit_raw($page_id, $namespace)
1
+ − 1300
{
+ − 1301
global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 1302
global $lang;
+ − 1303
1
+ − 1304
ob_start();
+ − 1305
$_ob = '';
322
+ − 1306
$e = $db->sql_query('SELECT category_id FROM ' . table_prefix.'categories WHERE page_id=\'' . $paths->page_id . '\' AND namespace=\'' . $paths->namespace . '\'');
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1307
if(!$e) jsdie('Error selecting category information for current page: '.$db->get_error());
1
+ − 1308
$cat_current = Array();
+ − 1309
while($r = $db->fetchrow())
+ − 1310
{
+ − 1311
$cat_current[] = $r;
+ − 1312
}
+ − 1313
$db->free_result();
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1314
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1315
$cat_all = array();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1316
$q = $db->sql_query('SELECT * FROM ' . table_prefix . 'pages WHERE namespace = \'Category\';');
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1317
if ( !$q )
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1318
$db->_die();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1319
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1320
while ( $row = $db->fetchrow() )
1
+ − 1321
{
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1322
$cat_all[] = Namespace_Default::bake_cdata($row);
1
+ − 1323
}
+ − 1324
+ − 1325
// Make $cat_all an associative array, like $paths->pages
+ − 1326
$sz = sizeof($cat_all);
+ − 1327
for($i=0;$i<$sz;$i++)
+ − 1328
{
+ − 1329
$cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i];
+ − 1330
}
+ − 1331
// Now, the "zipper" function - join the list of categories with the list of cats that this page is a part of
+ − 1332
$cat_info = $cat_all;
+ − 1333
for($i=0;$i<sizeof($cat_current);$i++)
+ − 1334
{
+ − 1335
$un = $cat_current[$i]['category_id'];
+ − 1336
$cat_info[$un]['member'] = true;
+ − 1337
}
+ − 1338
// Now copy the information we just set into the numerically named keys
+ − 1339
for($i=0;$i<sizeof($cat_info)/2;$i++)
+ − 1340
{
+ − 1341
$un = $cat_info[$i]['urlname_nons'];
+ − 1342
$cat_info[$i] = $cat_info[$un];
+ − 1343
}
+ − 1344
+ − 1345
echo 'catlist = new Array();'; // Initialize the client-side category list
214
+ − 1346
$_ob .= '<h3>' . $lang->get('catedit_title') . '</h3>
1
+ − 1347
<form name="mdgCatForm" action="'.makeUrlNS($namespace, $page_id, 'do=catedit').'" method="post">';
+ − 1348
if ( sizeof($cat_info) < 1 )
+ − 1349
{
214
+ − 1350
$_ob .= '<p>' . $lang->get('catedit_no_categories') . '</p>';
1
+ − 1351
}
+ − 1352
for ( $i = 0; $i < sizeof($cat_info) / 2; $i++ )
+ − 1353
{
+ − 1354
// Protection code added 1/3/07
+ − 1355
// Updated 3/4/07
+ − 1356
$is_prot = false;
+ − 1357
$perms = $session->fetch_page_acl($cat_info[$i]['urlname_nons'], 'Category');
+ − 1358
if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
+ − 1359
( $cat_info[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) )
+ − 1360
$is_prot = true;
+ − 1361
$prot = ( $is_prot ) ? ' disabled="disabled" ' : '';
+ − 1362
$prottext = ( $is_prot ) ? ' <img alt="(protected)" width="16" height="16" src="'.scriptPath.'/images/lock16.png" />' : '';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1363
echo 'catlist[' . $i . '] = \'' . $cat_info[$i]['urlname_nons'] . '\';';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1364
$_ob .= '<span class="catCheck"><input ' . $prot . ' name="' . $cat_info[$i]['urlname_nons'] . '" id="mdgCat_' . $cat_info[$i]['urlname_nons'] . '" type="checkbox"';
1
+ − 1365
if(isset($cat_info[$i]['member'])) $_ob .= ' checked="checked"';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1366
$_ob .= '/> <label for="mdgCat_' . $cat_info[$i]['urlname_nons'] . '">' . $cat_info[$i]['name'].$prottext.'</label></span><br />';
1
+ − 1367
}
+ − 1368
+ − 1369
$disabled = ( sizeof($cat_info) < 1 ) ? 'disabled="disabled"' : '';
+ − 1370
214
+ − 1371
$_ob .= '<div style="border-top: 1px solid #CCC; padding-top: 5px; margin-top: 10px;"><input name="__enanoSaveButton" ' . $disabled . ' style="font-weight: bold;" type="submit" onclick="ajaxCatSave(); return false;" value="' . $lang->get('etc_save_changes') . '" /> <input name="__enanoCatCancel" type="submit" onclick="ajaxReset(); return false;" value="' . $lang->get('etc_cancel') . '" /></div></form>';
1
+ − 1372
+ − 1373
$cont = ob_get_contents();
+ − 1374
ob_end_clean();
+ − 1375
return Array($cont, $_ob);
+ − 1376
}
+ − 1377
+ − 1378
/**
+ − 1379
* Saves category information
+ − 1380
* WARNING: If $which_cats is empty, all the category information for the selected page will be nuked!
+ − 1381
* @param $page_id string the page ID
+ − 1382
* @param $namespace string the namespace
+ − 1383
* @param $which_cats array associative array of categories to put the page in
+ − 1384
* @return string "GOOD" on success, error string on failure
+ − 1385
*/
+ − 1386
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1387
public static function catsave($page_id, $namespace, $which_cats)
1
+ − 1388
{
+ − 1389
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1390
if(!$session->get_permissions('edit_cat')) return('Insufficient privileges to change category information');
+ − 1391
+ − 1392
$page_perms = $session->fetch_page_acl($page_id, $namespace);
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1393
$ns = namespace_factory($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1394
$page_data = $ns->get_cdata();
1
+ − 1395
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1396
$cat_all = array();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1397
$q = $db->sql_query('SELECT * FROM ' . table_prefix . 'pages WHERE namespace = \'Category\';');
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1398
if ( !$q )
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1399
$db->_die();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1400
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1401
while ( $row = $db->fetchrow() )
1
+ − 1402
{
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1403
$cat_all[] = Namespace_Default::bake_cdata($row);
1
+ − 1404
}
+ − 1405
+ − 1406
// Make $cat_all an associative array, like $paths->pages
+ − 1407
$sz = sizeof($cat_all);
+ − 1408
for($i=0;$i<$sz;$i++)
+ − 1409
{
+ − 1410
$cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i];
+ − 1411
}
+ − 1412
+ − 1413
$rowlist = Array();
+ − 1414
+ − 1415
for($i=0;$i<sizeof($cat_all)/2;$i++)
+ − 1416
{
+ − 1417
$auth = true;
+ − 1418
$perms = $session->fetch_page_acl($cat_all[$i]['urlname_nons'], 'Category');
+ − 1419
if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
+ − 1420
( $cat_all[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) ||
+ − 1421
( !$page_perms->get_permissions('even_when_protected') && $page_data['protected'] == '1' ) )
+ − 1422
$auth = false;
+ − 1423
if(!$auth)
+ − 1424
{
+ − 1425
// Find out if the page is currently in the category
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1426
$q = $db->sql_query('SELECT * FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
+ − 1427
if(!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1428
return 'MySQL error: ' . $db->get_error();
1
+ − 1429
if($db->numrows() > 0)
+ − 1430
{
+ − 1431
$auth = true;
+ − 1432
$which_cats[$cat_all[$i]['urlname_nons']] = true; // Force the category to stay in its current state
+ − 1433
}
+ − 1434
$db->free_result();
+ − 1435
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1436
if(isset($which_cats[$cat_all[$i]['urlname_nons']]) && $which_cats[$cat_all[$i]['urlname_nons']] == true /* for clarity ;-) */ && $auth ) $rowlist[] = '(\'' . $page_id . '\', \'' . $namespace . '\', \'' . $cat_all[$i]['urlname_nons'] . '\')';
1
+ − 1437
}
+ − 1438
if(sizeof($rowlist) > 0)
+ − 1439
{
+ − 1440
$val = implode(',', $rowlist);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1441
$q = 'INSERT INTO ' . table_prefix.'categories(page_id,namespace,category_id) VALUES' . $val . ';';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1442
$e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
+ − 1443
if(!$e) $db->_die('The old category data could not be deleted.');
+ − 1444
$e = $db->sql_query($q);
+ − 1445
if(!$e) $db->_die('The new category data could not be inserted.');
+ − 1446
return('GOOD');
+ − 1447
}
+ − 1448
else
+ − 1449
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1450
$e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
+ − 1451
if(!$e) $db->_die('The old category data could not be deleted.');
+ − 1452
return('GOOD');
+ − 1453
}
+ − 1454
}
+ − 1455
+ − 1456
/**
+ − 1457
* Sets the wiki mode level for a page.
+ − 1458
* @param $page_id string the page ID
+ − 1459
* @param $namespace string the namespace
+ − 1460
* @param $level int 0 for off, 1 for on, 2 for use global setting
+ − 1461
* @return string "GOOD" on success, error string on failure
+ − 1462
*/
+ − 1463
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1464
public static function setwikimode($page_id, $namespace, $level)
1
+ − 1465
{
+ − 1466
global $db, $session, $paths, $template, $plugins; // Common objects
913
+ − 1467
global $cache;
+ − 1468
1
+ − 1469
if(!$session->get_permissions('set_wiki_mode')) return('Insufficient access rights');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1470
if ( !isset($level) || ( isset($level) && !preg_match('#^([0-2]){1}$#', (string)$level) ) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1471
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1472
return('Invalid mode string');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1473
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1474
$q = $db->sql_query('UPDATE ' . table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1475
if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1476
{
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1477
return('Error during update query: '.$db->get_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1478
}
913
+ − 1479
+ − 1480
$cache->purge('page_meta');
1
+ − 1481
return('GOOD');
+ − 1482
}
+ − 1483
+ − 1484
/**
+ − 1485
* Sets the access password for a page.
+ − 1486
* @param $page_id string the page ID
+ − 1487
* @param $namespace string the namespace
+ − 1488
* @param $pass string the SHA1 hash of the password - if the password doesn't match the regex ^([0-9a-f]*){40,40}$ it will be sha1'ed
+ − 1489
* @return string
+ − 1490
*/
+ − 1491
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1492
public static function setpass($page_id, $namespace, $pass)
1
+ − 1493
{
+ − 1494
global $db, $session, $paths, $template, $plugins; // Common objects
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 1495
global $lang, $cache;
1
+ − 1496
// Determine permissions
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1497
$ns = namespace_factory($page_id, $namespace);
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1498
$cdata = $ns->get_cdata();
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1499
if ( $cdata['password'] != '' )
1
+ − 1500
$a = $session->get_permissions('password_reset');
+ − 1501
else
+ − 1502
$a = $session->get_permissions('password_set');
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1503
if ( !$a )
214
+ − 1504
return $lang->get('etc_access_denied');
953
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1505
if ( !isset($pass) )
323c4cd1aa37
Made some more changes to the way namespaces are handled, for optimization purposes. This is a bit of a structural reorganization: $paths->pages is obsoleted in its entirety; calculating page existence and metadata is now the job of the Namespace_* backend class. There are many things in PageProcessor that should be reorganized, and page actions in general should really be rethought. This is probably the beginning of a long process that will be taking place over the course of the betas.
Dan
diff
changeset
+ − 1506
return('Password was not set on URL');
1
+ − 1507
$p = $pass;
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1508
if ( !preg_match('#([0-9a-f]){40,40}#', $p) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1509
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1510
$p = sha1($p);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1511
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1512
if ( $p == 'da39a3ee5e6b4b0d3255bfef95601890afd80709' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1513
// sha1('') = da39a3ee5e6b4b0d3255bfef95601890afd80709
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1514
$p = '';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1515
$e = $db->sql_query('UPDATE ' . table_prefix.'pages SET password=\'' . $p . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1516
if ( !$e )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1517
{
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1518
die('PageUtils::setpass(): Error during update query: '.$db->get_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1519
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1520
// Is the new password blank?
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1521
if ( $p == '' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1522
{
214
+ − 1523
return $lang->get('ajax_password_disable_success');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1524
}
214
+ − 1525
else
+ − 1526
{
+ − 1527
return $lang->get('ajax_password_success');
+ − 1528
}
1
+ − 1529
}
+ − 1530
+ − 1531
/**
+ − 1532
* Generates some preview HTML
+ − 1533
* @param $text string the wikitext to use
+ − 1534
* @return string
+ − 1535
*/
+ − 1536
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1537
public static function genPreview($text)
1
+ − 1538
{
214
+ − 1539
global $lang;
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 1540
$ret = '<div class="info-box">' . $lang->get('editor_preview_blurb') . '</div><div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: 250px; overflow: auto; margin: 10px 0;">';
102
+ − 1541
$text = RenderMan::render(RenderMan::preprocess_text($text, false, false));
+ − 1542
ob_start();
+ − 1543
eval('?>' . $text);
+ − 1544
$text = ob_get_contents();
+ − 1545
ob_end_clean();
+ − 1546
$ret .= $text;
+ − 1547
$ret .= '</div>';
+ − 1548
return $ret;
1
+ − 1549
}
+ − 1550
+ − 1551
/**
+ − 1552
* Makes a scrollable box
+ − 1553
* @param string $text the inner HTML
+ − 1554
* @param int $height Optional - the maximum height. Defaults to 250.
+ − 1555
* @return string
+ − 1556
*/
+ − 1557
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1558
public static function scrollBox($text, $height = 250)
1
+ − 1559
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1560
return '<div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: '.(string)intval($height).'px; overflow: auto; margin: 1em 0 1em 1em;">' . $text . '</div>';
1
+ − 1561
}
+ − 1562
+ − 1563
/**
+ − 1564
* Generates a diff summary between two page revisions.
+ − 1565
* @param $page_id the page ID
+ − 1566
* @param $namespace the namespace
+ − 1567
* @param $id1 the time ID of the first revision
+ − 1568
* @param $id2 the time ID of the second revision
+ − 1569
* @return string XHTML-formatted diff
+ − 1570
*/
+ − 1571
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1572
public static function pagediff($page_id, $namespace, $id1, $id2)
1
+ − 1573
{
+ − 1574
global $db, $session, $paths, $template, $plugins; // Common objects
213
+ − 1575
global $lang;
898
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1576
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1577
if ( !$session->get_permissions('history_view') )
214
+ − 1578
return $lang->get('etc_access_denied');
898
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1579
1
+ − 1580
if(!preg_match('#^([0-9]+)$#', (string)$id1) ||
+ − 1581
!preg_match('#^([0-9]+)$#', (string)$id2 )) return 'SQL injection attempt';
+ − 1582
// OK we made it through security
+ − 1583
// Safest way to make sure we don't end up with the revisions in wrong columns is to make 2 queries
898
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1584
if ( !$q1 = $db->sql_query('SELECT time_id,page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE log_id = ' . $id1 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: ' . $db->get_error();
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1585
if ( !$q2 = $db->sql_query('SELECT time_id,page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE log_id = ' . $id2 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: ' . $db->get_error();
1
+ − 1586
$row1 = $db->fetchrow($q1);
+ − 1587
$db->free_result($q1);
+ − 1588
$row2 = $db->fetchrow($q2);
+ − 1589
$db->free_result($q2);
909
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1590
if(sizeof($row1) < 1 || sizeof($row2) < 2)
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1591
{
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1592
if ( !$q1 = $db->sql_query('SELECT time_id,page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id = ' . $id1 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: ' . $db->get_error();
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1593
if ( !$q2 = $db->sql_query('SELECT time_id,page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id = ' . $id2 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: ' . $db->get_error();
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1594
$row1 = $db->fetchrow($q1);
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1595
$db->free_result($q1);
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1596
$row2 = $db->fetchrow($q2);
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1597
$db->free_result($q2);
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1598
if(sizeof($row1) < 1 || sizeof($row2) < 2)
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1599
return 'Couldn\'t find any rows that matched the query. The time ID probably doesn\'t exist in the logs table.';
94c1ff984286
Finished core of log display interface including filter management. There is still a bit of a to-do list, especially regarding rollbacks and reuploads.
Dan
diff
changeset
+ − 1600
}
1
+ − 1601
$text1 = $row1['page_text'];
+ − 1602
$text2 = $row2['page_text'];
898
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1603
$time1 = enano_date('F d, Y h:i a', $row1['time_id']);
c75754f5b1da
When changing namespace of a File: page, associated files are now deleted. Also fixed some issues with image scaling.
Dan
diff
changeset
+ − 1604
$time2 = enano_date('F d, Y h:i a', $row2['time_id']);
1
+ − 1605
$_ob = "
213
+ − 1606
<p>" . $lang->get('history_lbl_comparingrevisions') . " {$time1} → {$time2}</p>
1
+ − 1607
";
+ − 1608
// Free some memory
+ − 1609
unset($row1, $row2, $q1, $q2);
+ − 1610
+ − 1611
$_ob .= RenderMan::diff($text1, $text2);
+ − 1612
return $_ob;
+ − 1613
}
+ − 1614
+ − 1615
/**
+ − 1616
* Gets ACL information about the selected page for target type X and target ID Y.
+ − 1617
* @param array $parms What to select. This is an array purely for JSON compatibility. It should be an associative array with keys target_type and target_id.
+ − 1618
* @return array
+ − 1619
*/
+ − 1620
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1621
public static function acl_editor($parms = Array())
1
+ − 1622
{
+ − 1623
global $db, $session, $paths, $template, $plugins; // Common objects
218
+ − 1624
global $lang;
+ − 1625
511
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 1626
if(!$session->get_permissions('edit_acl') && ( $session->user_level < USER_LEVEL_ADMIN || !defined('ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL')) )
40
+ − 1627
{
+ − 1628
return Array(
+ − 1629
'mode' => 'error',
218
+ − 1630
'error' => $lang->get('acl_err_access_denied')
40
+ − 1631
);
+ − 1632
}
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1633
if ( !$session->sid_super )
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1634
{
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1635
return Array(
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1636
'mode' => 'error',
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1637
'error' => $lang->get('etc_access_denied_need_reauth')
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1638
);
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 1639
}
1
+ − 1640
$parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false;
+ − 1641
$parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false;
+ − 1642
$page_id =& $parms['page_id'];
+ − 1643
$namespace =& $parms['namespace'];
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1644
$page_where_clause = ( empty($page_id) || empty($namespace) ) ? 'AND a.page_id IS NULL AND a.namespace IS NULL' : 'AND a.page_id=\'' . $db->escape($page_id) . '\' AND a.namespace=\'' . $db->escape($namespace) . '\'';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1645
$page_where_clause_lite = ( empty($page_id) || empty($namespace) ) ? 'AND page_id IS NULL AND namespace IS NULL' : 'AND page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\'';
1
+ − 1646
//die(print_r($page_id,true));
+ − 1647
$template->load_theme();
+ − 1648
// $perms_obj = $session->fetch_page_acl($page_id, $namespace);
+ − 1649
$perms_obj =& $session;
+ − 1650
$return = Array();
+ − 1651
if ( !file_exists(ENANO_ROOT . '/themes/' . $session->theme . '/acledit.tpl') )
+ − 1652
{
+ − 1653
return Array(
+ − 1654
'mode' => 'error',
218
+ − 1655
'error' => $lang->get('acl_err_missing_template'),
1
+ − 1656
);
+ − 1657
}
+ − 1658
$return['template'] = $template->extract_vars('acledit.tpl');
+ − 1659
$return['page_id'] = $page_id;
+ − 1660
$return['namespace'] = $namespace;
+ − 1661
if(isset($parms['mode']))
+ − 1662
{
+ − 1663
switch($parms['mode'])
+ − 1664
{
+ − 1665
case 'listgroups':
+ − 1666
$return['groups'] = Array();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1667
$q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups ORDER BY group_name ASC;');
1
+ − 1668
while($row = $db->fetchrow())
+ − 1669
{
+ − 1670
$return['groups'][] = Array(
+ − 1671
'id' => $row['group_id'],
+ − 1672
'name' => $row['group_name'],
+ − 1673
);
+ − 1674
}
+ − 1675
$db->free_result();
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1676
$return['page_groups'] = Array();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1677
$q = $db->sql_query('SELECT pg_id,pg_name FROM ' . table_prefix.'page_groups ORDER BY pg_name ASC;');
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1678
if ( !$q )
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1679
return Array(
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1680
'mode' => 'error',
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1681
'error' => $db->get_error()
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1682
);
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1683
while ( $row = $db->fetchrow() )
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1684
{
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1685
$return['page_groups'][] = Array(
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1686
'id' => $row['pg_id'],
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1687
'name' => $row['pg_name']
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1688
);
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1689
}
1
+ − 1690
break;
512
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1691
case 'seltarget_id':
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1692
if ( !is_int($parms['target_id']) )
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1693
{
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1694
return Array(
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1695
'mode' => 'error',
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1696
'error' => 'Expected parameter target_id type int'
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1697
);
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1698
}
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1699
$q = $db->sql_query('SELECT target_id, target_type, page_id, namespace, rules FROM ' . table_prefix . "acl WHERE rule_id = {$parms['target_id']};");
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1700
if ( !$q )
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1701
return Array(
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1702
'mode' => 'error',
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1703
'error' => $db->get_error()
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1704
);
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1705
if ( $db->numrows() < 1 )
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1706
return Array(
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1707
'mode' => 'error',
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1708
'error' => "No rule with ID {$parms['target_id']} found"
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1709
);
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1710
$parms = $db->fetchrow();
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1711
$db->free_result();
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1712
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1713
// regenerate page selection
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1714
$parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false;
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1715
$parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false;
513
+ − 1716
$parms['mode'] = 'seltarget_id';
512
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1717
$page_id =& $parms['page_id'];
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1718
$namespace =& $parms['namespace'];
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1719
$page_where_clause = ( empty($page_id) || empty($namespace) ) ? 'AND a.page_id IS NULL AND a.namespace IS NULL' : 'AND a.page_id=\'' . $db->escape($page_id) . '\' AND a.namespace=\'' . $db->escape($namespace) . '\'';
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1720
$page_where_clause_lite = ( empty($page_id) || empty($namespace) ) ? 'AND page_id IS NULL AND namespace IS NULL' : 'AND page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\'';
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1721
513
+ − 1722
$return['page_id'] = $parms['page_id'];
+ − 1723
$return['namespace'] = $parms['namespace'];
+ − 1724
512
13532b0a223f
ACL: Added API call to edit rule based only on numeric rule ID; to be used later with lister for existing rules and effective permissions viewer
Dan
diff
changeset
+ − 1725
// From here, let the seltarget handler take over
1
+ − 1726
case 'seltarget':
+ − 1727
$return['mode'] = 'seltarget';
+ − 1728
$return['acl_types'] = $perms_obj->acl_types;
+ − 1729
$return['acl_deps'] = $perms_obj->acl_deps;
+ − 1730
$return['acl_descs'] = $perms_obj->acl_descs;
+ − 1731
$return['target_type'] = $parms['target_type'];
+ − 1732
$return['target_id'] = $parms['target_id'];
+ − 1733
switch($parms['target_type'])
+ − 1734
{
+ − 1735
case ACL_TYPE_USER:
513
+ − 1736
$user_col = ( $parms['mode'] == 'seltarget_id' ) ? 'user_id' : 'username';
+ − 1737
$q = $db->sql_query('SELECT a.rules,u.user_id,u.username FROM ' . table_prefix.'users AS u
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1738
LEFT JOIN ' . table_prefix.'acl AS a
1
+ − 1739
ON a.target_id=u.user_id
+ − 1740
WHERE a.target_type='.ACL_TYPE_USER.'
513
+ − 1741
AND u.' . $user_col . ' = \'' . $db->escape($parms['target_id']) . '\'
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1742
' . $page_where_clause . ';');
1
+ − 1743
if(!$q)
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1744
return(Array('mode'=>'error','error'=>$db->get_error()));
1
+ − 1745
if($db->numrows() < 1)
+ − 1746
{
+ − 1747
$return['type'] = 'new';
513
+ − 1748
$q = $db->sql_query('SELECT user_id,username FROM ' . table_prefix.'users WHERE username=\'' . $db->escape($parms['target_id']) . '\';');
1
+ − 1749
if(!$q)
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1750
return(Array('mode'=>'error','error'=>$db->get_error()));
1
+ − 1751
if($db->numrows() < 1)
513
+ − 1752
return Array('mode'=>'error','error'=>$lang->get('acl_err_user_not_found'),'debug' => $db->sql_backtrace());
1
+ − 1753
$row = $db->fetchrow();
513
+ − 1754
$return['target_name'] = $row['username'];
1
+ − 1755
$return['target_id'] = intval($row['user_id']);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1756
$return['current_perms'] = array();
1
+ − 1757
}
+ − 1758
else
+ − 1759
{
+ − 1760
$return['type'] = 'edit';
+ − 1761
$row = $db->fetchrow();
513
+ − 1762
$return['target_name'] = $row['username'];
1
+ − 1763
$return['target_id'] = intval($row['user_id']);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1764
$return['current_perms'] = $session->string_to_perm($row['rules']);
1
+ − 1765
}
+ − 1766
$db->free_result();
+ − 1767
// Eliminate types that don't apply to this namespace
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1768
if ( $namespace && $namespace != '__PageGroup' )
1
+ − 1769
{
+ − 1770
foreach ( $return['current_perms'] AS $i => $perm )
+ − 1771
{
+ − 1772
if ( ( $page_id != null && $namespace != null ) && ( !in_array ( $namespace, $session->acl_scope[$i] ) && !in_array('All', $session->acl_scope[$i]) ) )
+ − 1773
{
+ − 1774
// echo "// SCOPE CONTROL: eliminating: $i\n";
+ − 1775
unset($return['current_perms'][$i]);
+ − 1776
unset($return['acl_types'][$i]);
+ − 1777
unset($return['acl_descs'][$i]);
+ − 1778
unset($return['acl_deps'][$i]);
+ − 1779
}
+ − 1780
}
+ − 1781
}
+ − 1782
break;
+ − 1783
case ACL_TYPE_GROUP:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1784
$q = $db->sql_query('SELECT a.rules,g.group_name,g.group_id FROM ' . table_prefix.'groups AS g
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1785
LEFT JOIN ' . table_prefix.'acl AS a
1
+ − 1786
ON a.target_id=g.group_id
+ − 1787
WHERE a.target_type='.ACL_TYPE_GROUP.'
+ − 1788
AND g.group_id=\''.intval($parms['target_id']).'\'
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1789
' . $page_where_clause . ';');
1
+ − 1790
if(!$q)
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1791
return(Array('mode'=>'error','error'=>$db->get_error()));
1
+ − 1792
if($db->numrows() < 1)
+ − 1793
{
+ − 1794
$return['type'] = 'new';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1795
$q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups WHERE group_id=\''.intval($parms['target_id']).'\';');
1
+ − 1796
if(!$q)
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1797
return(Array('mode'=>'error','error'=>$db->get_error()));
1
+ − 1798
if($db->numrows() < 1)
218
+ − 1799
return Array('mode'=>'error','error'=>$lang->get('acl_err_bad_group_id'));
1
+ − 1800
$row = $db->fetchrow();
+ − 1801
$return['target_name'] = $row['group_name'];
+ − 1802
$return['target_id'] = intval($row['group_id']);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1803
$return['current_perms'] = array();
1
+ − 1804
}
+ − 1805
else
+ − 1806
{
+ − 1807
$return['type'] = 'edit';
+ − 1808
$row = $db->fetchrow();
+ − 1809
$return['target_name'] = $row['group_name'];
+ − 1810
$return['target_id'] = intval($row['group_id']);
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1811
$return['current_perms'] = $session->string_to_perm($row['rules']);
1
+ − 1812
}
+ − 1813
$db->free_result();
+ − 1814
// Eliminate types that don't apply to this namespace
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1815
if ( $namespace && $namespace != '__PageGroup' )
1
+ − 1816
{
+ − 1817
foreach ( $return['current_perms'] AS $i => $perm )
+ − 1818
{
+ − 1819
if ( ( $page_id != false && $namespace != false ) && ( !in_array ( $namespace, $session->acl_scope[$i] ) && !in_array('All', $session->acl_scope[$i]) ) )
+ − 1820
{
+ − 1821
// echo "// SCOPE CONTROL: eliminating: $i\n"; //; ".print_r($namespace,true).":".print_r($page_id,true)."\n";
+ − 1822
unset($return['current_perms'][$i]);
+ − 1823
unset($return['acl_types'][$i]);
+ − 1824
unset($return['acl_descs'][$i]);
+ − 1825
unset($return['acl_deps'][$i]);
+ − 1826
}
+ − 1827
}
+ − 1828
}
+ − 1829
//return Array('mode'=>'debug','text'=>print_r($return, true));
+ − 1830
break;
+ − 1831
default:
+ − 1832
return Array('mode'=>'error','error','Invalid ACL type ID');
+ − 1833
break;
+ − 1834
}
+ − 1835
return $return;
+ − 1836
break;
+ − 1837
case 'save_new':
+ − 1838
case 'save_edit':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1839
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1840
{
218
+ − 1841
return Array('mode'=>'error','error'=>$lang->get('acl_err_demo'));
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1842
}
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1843
$q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1844
' . $page_where_clause_lite . ';');
1
+ − 1845
if(!$q)
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1846
return Array('mode'=>'error','error'=>$db->get_error());
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1847
if ( sizeof ( $parms['perms'] ) < 1 )
1
+ − 1848
{
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1849
// As of 1.1.x, this returns success because the rule length is zero if the user selected "inherit" in all columns
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1850
return Array(
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1851
'mode' => 'success',
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1852
'target_type' => $parms['target_type'],
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1853
'target_id' => $parms['target_id'],
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1854
'target_name' => $parms['target_name'],
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1855
'page_id' => $page_id,
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1856
'namespace' => $namespace,
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1857
);
1
+ − 1858
}
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1859
$rules = $session->perm_to_string($parms['perms']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1860
$q = ($page_id && $namespace) ? 'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, page_id, namespace, rules )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1861
VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($page_id) . '\', \'' . $db->escape($namespace) . '\', \'' . $db->escape($rules) . '\' )' :
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1862
'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, rules )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1863
VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($rules) . '\' )';
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1864
if(!$db->sql_query($q)) return Array('mode'=>'error','error'=>$db->get_error());
1
+ − 1865
return Array(
+ − 1866
'mode' => 'success',
+ − 1867
'target_type' => $parms['target_type'],
+ − 1868
'target_id' => $parms['target_id'],
+ − 1869
'target_name' => $parms['target_name'],
+ − 1870
'page_id' => $page_id,
+ − 1871
'namespace' => $namespace,
+ − 1872
);
+ − 1873
break;
+ − 1874
case 'delete':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1875
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1876
{
218
+ − 1877
return Array('mode'=>'error','error'=>$lang->get('acl_err_demo'));
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1878
}
513
+ − 1879
$sql = 'DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
+ − 1880
' . $page_where_clause_lite . ';';
+ − 1881
$q = $db->sql_query($sql);
1
+ − 1882
if(!$q)
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1883
return Array('mode'=>'error','error'=>$db->get_error());
1
+ − 1884
return Array(
+ − 1885
'mode' => 'delete',
+ − 1886
'target_type' => $parms['target_type'],
+ − 1887
'target_id' => $parms['target_id'],
+ − 1888
'target_name' => $parms['target_name'],
+ − 1889
'page_id' => $page_id,
+ − 1890
'namespace' => $namespace,
+ − 1891
);
+ − 1892
break;
513
+ − 1893
case 'list_existing':
+ − 1894
+ − 1895
$return = array(
+ − 1896
'mode' => 'list_existing',
+ − 1897
'key' => acl_list_draw_key(),
+ − 1898
'rules' => array()
+ − 1899
);
+ − 1900
+ − 1901
$q = $db->sql_query("SELECT a.rule_id, u.username, g.group_name, a.target_type, a.target_id, a.page_id, a.namespace, a.rules, p.pg_name\n"
+ − 1902
. " FROM " . table_prefix . "acl AS a\n"
+ − 1903
. " LEFT JOIN " . table_prefix . "users AS u\n"
+ − 1904
. " ON ( (a.target_type = " . ACL_TYPE_USER . " AND a.target_id = u.user_id) OR (u.user_id IS NULL) )\n"
+ − 1905
. " LEFT JOIN " . table_prefix . "groups AS g\n"
+ − 1906
. " ON ( (a.target_type = " . ACL_TYPE_GROUP . " AND a.target_id = g.group_id) OR (g.group_id IS NULL) )\n"
+ − 1907
. " LEFT JOIN " . table_prefix . "page_groups as p\n"
+ − 1908
. " ON ( (a.namespace = '__PageGroup' AND a.page_id = p.pg_id) OR (p.pg_id IS NULL) )\n"
690
+ − 1909
. " WHERE ( a.target_type = " . ACL_TYPE_USER . " OR a.target_type = " . ACL_TYPE_GROUP . " )\n"
513
+ − 1910
. " GROUP BY a.rule_id\n"
+ − 1911
. " ORDER BY a.target_type ASC, a.rule_id ASC;"
+ − 1912
);
+ − 1913
+ − 1914
if ( !$q )
+ − 1915
$db->_die();
+ − 1916
+ − 1917
while ( $row = $db->fetchrow($q) )
+ − 1918
{
+ − 1919
if ( $row['target_type'] == ACL_TYPE_USER && empty($row['username']) )
+ − 1920
{
+ − 1921
// This is only done if we have an ACL affecting a user that doesn't exist.
+ − 1922
// Nice little bit of maintenance to have.
+ − 1923
if ( !$db->sql_query("DELETE FROM " . table_prefix . "acl WHERE rule_id = {$row['rule_id']};") )
+ − 1924
$db->_die();
+ − 1925
continue;
+ − 1926
}
+ − 1927
$score = get_acl_rule_score($row['rules']);
+ − 1928
$deep_limit = ACL_SCALE_MINIMAL_SHADE;
+ − 1929
// Determine background color of cell by score
+ − 1930
if ( $score > 5 )
+ − 1931
{
+ − 1932
// high score, show in green
+ − 1933
$color = 2.5 * $score;
+ − 1934
if ( $color > 255 )
+ − 1935
$color = 255;
+ − 1936
$color = round($color);
+ − 1937
// blend with the colordepth limit
+ − 1938
$color = $deep_limit + ( ( 0xFF - $deep_limit ) - ( ( $color / 0xFF ) * ( 0xFF - $deep_limit ) ) );
+ − 1939
$color = dechex($color);
+ − 1940
$color = "{$color}ff{$color}";
+ − 1941
}
+ − 1942
else if ( $score < -5 )
+ − 1943
{
+ − 1944
// low score, show in red
+ − 1945
$color = 0 - $score;
+ − 1946
$color = 2.5 * $color;
+ − 1947
if ( $color > 255 )
+ − 1948
$color = 255;
+ − 1949
$color = round($color);
+ − 1950
// blend with the colordepth limit
+ − 1951
$color = $deep_limit + ( ( 0xFF - $deep_limit ) - ( ( $color / 0xFF ) * ( 0xFF - $deep_limit ) ) );
+ − 1952
$color = dechex($color);
+ − 1953
$color = "ff{$color}{$color}";
+ − 1954
}
+ − 1955
else
+ − 1956
{
+ − 1957
$color = 'efefef';
+ − 1958
}
+ − 1959
+ − 1960
// Rate rule textually based on its score
+ − 1961
if ( $score >= 70 )
+ − 1962
$desc = $lang->get('acl_msg_scale_allow');
+ − 1963
else if ( $score >= 50 )
+ − 1964
$desc = $lang->get('acl_msg_scale_mostly_allow');
+ − 1965
else if ( $score >= 25 )
+ − 1966
$desc = $lang->get('acl_msg_scale_some_allow');
+ − 1967
else if ( $score >= -25 )
+ − 1968
$desc = $lang->get('acl_msg_scale_mixed');
+ − 1969
else if ( $score <= -70 )
+ − 1970
$desc = $lang->get('acl_msg_scale_deny');
+ − 1971
else if ( $score <= -50 )
+ − 1972
$desc = $lang->get('acl_msg_scale_mostly_deny');
+ − 1973
else if ( $score <= -25 )
+ − 1974
$desc = $lang->get('acl_msg_scale_some_deny');
+ − 1975
+ − 1976
// group and user target info
+ − 1977
$info = '';
+ − 1978
if ( $row['target_type'] == ACL_TYPE_USER )
+ − 1979
$info = $lang->get('acl_msg_list_user', array( 'username' => $row['username'] )); // "(User: {$row['username']})";
+ − 1980
else if ( $row['target_type'] == ACL_TYPE_GROUP )
+ − 1981
$info = $lang->get('acl_msg_list_group', array( 'group' => $row['group_name'] ));
+ − 1982
+ − 1983
// affected pages info
+ − 1984
if ( $row['page_id'] && $row['namespace'] && $row['namespace'] != '__PageGroup' )
+ − 1985
$info .= $lang->get('acl_msg_list_on_page', array( 'page_name' => "{$row['namespace']}:{$row['page_id']}" ));
+ − 1986
else if ( $row['page_id'] && $row['namespace'] && $row['namespace'] == '__PageGroup' )
+ − 1987
$info .= $lang->get('acl_msg_list_on_page_group', array( 'page_group' => $row['pg_name'] ));
+ − 1988
else
+ − 1989
$info .= $lang->get('acl_msg_list_entire_site');
+ − 1990
+ − 1991
$score_string = $lang->get('acl_msg_list_score', array
+ − 1992
(
+ − 1993
'score' => $score,
+ − 1994
'desc' => $desc,
+ − 1995
'info' => $info
+ − 1996
));
+ − 1997
$return['rules'][] = array(
+ − 1998
'score_string' => $score_string,
+ − 1999
'rule_id' => $row['rule_id'],
+ − 2000
'color' => $color
+ − 2001
);
+ − 2002
}
+ − 2003
+ − 2004
break;
679
+ − 2005
case 'list_presets':
+ − 2006
$presets = array();
+ − 2007
$q = $db->sql_query('SELECT page_id AS preset_name, rule_id, rules FROM ' . table_prefix . "acl WHERE target_type = " . ACL_TYPE_PRESET . ";");
+ − 2008
if ( !$q )
+ − 2009
$db->die_json();
+ − 2010
+ − 2011
while ( $row = $db->fetchrow() )
+ − 2012
{
+ − 2013
$row['rules'] = $session->string_to_perm($row['rules']);
+ − 2014
$presets[] = $row;
+ − 2015
}
+ − 2016
+ − 2017
return array(
+ − 2018
'mode' => 'list_existing',
+ − 2019
'presets' => $presets
+ − 2020
);
+ − 2021
break;
+ − 2022
case 'save_preset':
+ − 2023
if ( empty($parms['preset_name']) )
+ − 2024
{
+ − 2025
return array(
+ − 2026
'mode' => 'error',
+ − 2027
'error' => $lang->get('acl_err_preset_name_empty')
+ − 2028
);
+ − 2029
}
+ − 2030
$preset_name = $db->escape($parms['preset_name']);
+ − 2031
$q = $db->sql_query('DELETE FROM ' . table_prefix . "acl WHERE target_type = " . ACL_TYPE_PRESET . " AND page_id = '$preset_name';");
+ − 2032
if ( !$q )
+ − 2033
$db->die_json();
+ − 2034
+ − 2035
$perms = $session->perm_to_string($parms['perms']);
+ − 2036
if ( !$perms )
+ − 2037
{
+ − 2038
return array(
+ − 2039
'mode' => 'error',
+ − 2040
'error' => $lang->get('acl_err_preset_is_blank')
+ − 2041
);
+ − 2042
}
+ − 2043
+ − 2044
$perms = $db->escape($perms);
+ − 2045
$q = $db->sql_query('INSERT INTO ' . table_prefix . "acl(page_id, target_type, rules) VALUES\n"
+ − 2046
. " ( '$preset_name', " . ACL_TYPE_PRESET . ", '$perms' );");
+ − 2047
if ( !$q )
+ − 2048
$db->die_json();
+ − 2049
+ − 2050
return array(
+ − 2051
'mode' => 'success'
+ − 2052
);
+ − 2053
break;
729
+ − 2054
case 'trace':
+ − 2055
list($targetpid, $targetns) = RenderMan::strToPageID($parms['page']);
737
+ − 2056
try
+ − 2057
{
+ − 2058
$perms = $session->fetch_page_acl_user($parms['user'], $targetpid, $targetns);
+ − 2059
$perm_table = array(
+ − 2060
AUTH_ALLOW => 'acl_lbl_field_allow',
+ − 2061
AUTH_WIKIMODE => 'acl_lbl_field_wikimode',
+ − 2062
AUTH_DISALLOW => 'acl_lbl_field_disallow',
+ − 2063
AUTH_DENY => 'acl_lbl_field_deny'
+ − 2064
);
+ − 2065
+ − 2066
$return = array(
+ − 2067
'mode' => 'trace',
+ − 2068
'perms' => array()
729
+ − 2069
);
+ − 2070
737
+ − 2071
foreach ( $perms->perm_resolve_table as $perm_type => $lookup_data )
+ − 2072
{
+ − 2073
if ( !$session->check_acl_scope($perm_type, $targetns) )
+ − 2074
continue;
+ − 2075
+ − 2076
$src_l10n = $lang->get($session->acl_inherit_lang_table[$lookup_data['src']], $lookup_data);
+ − 2077
$divclass = preg_replace('/^acl_inherit_/', '', $session->acl_inherit_lang_table[$lookup_data['src']]);
+ − 2078
$perm_string = $lang->get($perm_table[$perms->perms[$perm_type]]);
+ − 2079
$perm_name = $lang->get($session->acl_descs[$perm_type]);
+ − 2080
+ − 2081
$return['perms'][$perm_type] = array(
+ − 2082
'divclass' => "acl_inherit acl_$divclass",
+ − 2083
'perm_type' => $perm_type,
+ − 2084
'perm_name' => $perm_name,
+ − 2085
'perm_value' => $perm_string,
+ − 2086
'perm_src' => $src_l10n,
749
+ − 2087
'rule_id' => intval($lookup_data['rule_id']),
+ − 2088
'bad_deps' => $perms->acl_check_deps($perm_type, true)
737
+ − 2089
);
+ − 2090
}
729
+ − 2091
737
+ − 2092
// group rules if possible
+ − 2093
$return['groups'] = array();
+ − 2094
foreach ( $return['perms'] as $rule )
+ − 2095
{
+ − 2096
if ( !isset($return['groups'][$rule['rule_id']]) )
+ − 2097
{
+ − 2098
$return['groups'][$rule['rule_id']] = array();
+ − 2099
}
+ − 2100
$return['groups'][$rule['rule_id']][] = $rule['perm_type'];
+ − 2101
}
729
+ − 2102
}
737
+ − 2103
catch ( Exception $e )
729
+ − 2104
{
737
+ − 2105
$return = array(
+ − 2106
'mode' => 'error',
+ − 2107
'error' => $e->getMessage()
+ − 2108
);
729
+ − 2109
}
+ − 2110
+ − 2111
break;
1
+ − 2112
default:
+ − 2113
return Array('mode'=>'error','error'=>'Hacking attempt');
+ − 2114
break;
+ − 2115
}
+ − 2116
}
+ − 2117
return $return;
+ − 2118
}
+ − 2119
+ − 2120
/**
+ − 2121
* Same as PageUtils::acl_editor(), but the parms are a JSON string instead of an array. This also returns a JSON string.
+ − 2122
* @param string $parms Same as PageUtils::acl_editor/$parms, but should be a valid JSON string.
+ − 2123
* @return string
+ − 2124
*/
+ − 2125
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 2126
public static function acl_json($parms = '{ }')
1
+ − 2127
{
+ − 2128
global $db, $session, $paths, $template, $plugins; // Common objects
582
+ − 2129
try
+ − 2130
{
+ − 2131
$parms = enano_json_decode($parms);
+ − 2132
}
+ − 2133
catch ( Zend_Json_Exception $e )
+ − 2134
{
+ − 2135
$parms = array();
+ − 2136
}
1
+ − 2137
$ret = PageUtils::acl_editor($parms);
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 2138
$ret = enano_json_encode($ret);
1
+ − 2139
return $ret;
+ − 2140
}
+ − 2141
+ − 2142
/**
+ − 2143
* A non-Javascript frontend for the ACL API.
+ − 2144
* @param array The request data, if any, this should be in the format required by PageUtils::acl_editor()
+ − 2145
*/
+ − 2146
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 2147
public static function aclmanager($parms)
1
+ − 2148
{
+ − 2149
global $db, $session, $paths, $template, $plugins; // Common objects
219
+ − 2150
global $lang;
1
+ − 2151
ob_start();
+ − 2152
// Convenience
+ − 2153
$formstart = '<form
+ − 2154
action="' . makeUrl($paths->page, 'do=aclmanager', true) . '"
+ − 2155
method="post" enctype="multipart/form-data"
+ − 2156
onsubmit="if(!submitAuthorized) return false;"
+ − 2157
>';
+ − 2158
$formend = '</form>';
+ − 2159
$parms = PageUtils::acl_preprocess($parms);
+ − 2160
$response = PageUtils::acl_editor($parms);
+ − 2161
$response = PageUtils::acl_postprocess($response);
+ − 2162
+ − 2163
//die('<pre>' . htmlspecialchars(print_r($response, true)) . '</pre>');
+ − 2164
+ − 2165
switch($response['mode'])
+ − 2166
{
+ − 2167
case 'debug':
+ − 2168
echo '<pre>' . htmlspecialchars($response['text']) . '</pre>';
+ − 2169
break;
+ − 2170
case 'stage1':
219
+ − 2171
echo '<h3>' . $lang->get('acl_lbl_welcome_title') . '</h3>
+ − 2172
<p>' . $lang->get('acl_lbl_welcome_body') . '</p>';
1
+ − 2173
echo $formstart;
219
+ − 2174
echo '<p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_GROUP . '" checked="checked" /> ' . $lang->get('acl_radio_usergroup') . '</label></p>
1
+ − 2175
<p><select name="data[target_id_grp]">';
+ − 2176
foreach ( $response['groups'] as $group )
+ − 2177
{
+ − 2178
echo '<option value="' . $group['id'] . '">' . $group['name'] . '</option>';
+ − 2179
}
219
+ − 2180
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2181
// page group selector
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2182
$groupsel = '';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2183
if ( count($response['page_groups']) > 0 )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2184
{
219
+ − 2185
$groupsel = '<p><label><input type="radio" name="data[scope]" value="page_group" /> ' . $lang->get('acl_radio_scope_pagegroup') . '</label></p>
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2186
<p><select name="data[pg_id]">';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2187
foreach ( $response['page_groups'] as $grp )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2188
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2189
$groupsel .= '<option value="' . $grp['id'] . '">' . htmlspecialchars($grp['name']) . '</option>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2190
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2191
$groupsel .= '</select></p>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2192
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2193
1
+ − 2194
echo '</select></p>
219
+ − 2195
<p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_USER . '" /> ' . $lang->get('acl_radio_user') . '</label></p>
1
+ − 2196
<p>' . $template->username_field('data[target_id_user]') . '</p>
219
+ − 2197
<p>' . $lang->get('acl_lbl_scope') . '</p>
+ − 2198
<p><label><input name="data[scope]" value="only_this" type="radio" checked="checked" /> ' . $lang->get('acl_radio_scope_thispage') . '</p>
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2199
' . $groupsel . '
219
+ − 2200
<p><label><input name="data[scope]" value="entire_site" type="radio" /> ' . $lang->get('acl_radio_scope_wholesite') . '</p>
1
+ − 2201
<div style="margin: 0 auto 0 0; text-align: right;">
+ − 2202
<input name="data[mode]" value="seltarget" type="hidden" />
322
+ − 2203
<input type="hidden" name="data[page_id]" value="' . $paths->page_id . '" />
1
+ − 2204
<input type="hidden" name="data[namespace]" value="' . $paths->namespace . '" />
219
+ − 2205
<input type="submit" value="' . htmlspecialchars($lang->get('etc_wizard_next')) . '" />
1
+ − 2206
</div>';
+ − 2207
echo $formend;
+ − 2208
break;
+ − 2209
case 'success':
+ − 2210
echo '<div class="info-box">
219
+ − 2211
<b>' . $lang->get('acl_lbl_save_success_title') . '</b><br />
+ − 2212
' . $lang->get('acl_lbl_save_success_body', array( 'target_name' => $response['target_name'] )) . '<br />
1
+ − 2213
' . $formstart . '
+ − 2214
<input type="hidden" name="data[mode]" value="seltarget" />
+ − 2215
<input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2216
<input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2217
<input type="hidden" name="data[target_id_grp]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2218
<input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
+ − 2219
<input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
+ − 2220
<input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
219
+ − 2221
<input type="submit" value="' . $lang->get('acl_btn_returnto_editor') . '" /> <input type="submit" name="data[act_go_stage1]" value="' . $lang->get('acl_btn_returnto_userscope') . '" />
1
+ − 2222
' . $formend . '
+ − 2223
</div>';
+ − 2224
break;
+ − 2225
case 'delete':
+ − 2226
echo '<div class="info-box">
219
+ − 2227
<b>' . $lang->get('acl_lbl_delete_success_title') . '</b><br />
+ − 2228
' . $lang->get('acl_lbl_delete_success_body', array('target_name' => $response['target_name'])) . '<br />
1
+ − 2229
' . $formstart . '
+ − 2230
<input type="hidden" name="data[mode]" value="seltarget" />
+ − 2231
<input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2232
<input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2233
<input type="hidden" name="data[target_id_grp]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2234
<input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
+ − 2235
<input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
+ − 2236
<input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
219
+ − 2237
<input type="submit" value="' . $lang->get('acl_btn_returnto_editor') . '" /> <input type="submit" name="data[act_go_stage1]" value="' . $lang->get('acl_btn_returnto_userscope') . '" />
1
+ − 2238
' . $formend . '
+ − 2239
</div>';
+ − 2240
break;
+ − 2241
case 'seltarget':
+ − 2242
if ( $response['type'] == 'edit' )
+ − 2243
{
219
+ − 2244
echo '<h3>' . $lang->get('acl_lbl_editwin_title_edit') . '</h3>';
1
+ − 2245
}
+ − 2246
else
+ − 2247
{
219
+ − 2248
echo '<h3>' . $lang->get('acl_lbl_editwin_title_create') . '</h3>';
1
+ − 2249
}
219
+ − 2250
$type = ( $response['target_type'] == ACL_TYPE_GROUP ) ? $lang->get('acl_target_type_group') : $lang->get('acl_target_type_user');
+ − 2251
$scope = ( $response['page_id'] ) ? ( $response['namespace'] == '__PageGroup' ? $lang->get('acl_scope_type_pagegroup') : $lang->get('acl_scope_type_thispage') ) : $lang->get('acl_scope_type_wholesite');
+ − 2252
$subs = array(
+ − 2253
'target_type' => $type,
+ − 2254
'target' => $response['target_name'],
+ − 2255
'scope_type' => $scope
+ − 2256
);
+ − 2257
echo $lang->get('acl_lbl_editwin_body', $subs);
1
+ − 2258
echo $formstart;
+ − 2259
$parser = $template->makeParserText( $response['template']['acl_field_begin'] );
+ − 2260
echo $parser->run();
+ − 2261
$parser = $template->makeParserText( $response['template']['acl_field_item'] );
+ − 2262
$cls = 'row2';
+ − 2263
foreach ( $response['acl_types'] as $acl_type => $value )
+ − 2264
{
+ − 2265
$vars = Array(
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 2266
'FIELD_INHERIT_CHECKED' => '',
1
+ − 2267
'FIELD_DENY_CHECKED' => '',
+ − 2268
'FIELD_DISALLOW_CHECKED' => '',
+ − 2269
'FIELD_WIKIMODE_CHECKED' => '',
+ − 2270
'FIELD_ALLOW_CHECKED' => '',
+ − 2271
);
+ − 2272
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2273
$vars['ROW_CLASS'] = $cls;
+ − 2274
+ − 2275
switch ( $response['current_perms'][$acl_type] )
+ − 2276
{
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 2277
case 'i':
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 2278
default:
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 2279
$vars['FIELD_INHERIT_CHECKED'] = 'checked="checked"';
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 2280
break;
1
+ − 2281
case AUTH_ALLOW:
+ − 2282
$vars['FIELD_ALLOW_CHECKED'] = 'checked="checked"';
+ − 2283
break;
+ − 2284
case AUTH_WIKIMODE:
+ − 2285
$vars['FIELD_WIKIMODE_CHECKED'] = 'checked="checked"';
+ − 2286
break;
+ − 2287
case AUTH_DISALLOW:
+ − 2288
$vars['FIELD_DISALLOW_CHECKED'] = 'checked="checked"';
+ − 2289
break;
+ − 2290
case AUTH_DENY:
+ − 2291
$vars['FIELD_DENY_CHECKED'] = 'checked="checked"';
+ − 2292
break;
+ − 2293
}
+ − 2294
$vars['FIELD_NAME'] = 'data[perms][' . $acl_type . ']';
219
+ − 2295
if ( preg_match('/^([a-z0-9_]+)$/', $response['acl_descs'][$acl_type]) )
+ − 2296
{
+ − 2297
$vars['FIELD_DESC'] = $lang->get($response['acl_descs'][$acl_type]);
+ − 2298
}
+ − 2299
else
+ − 2300
{
+ − 2301
$vars['FIELD_DESC'] = $response['acl_descs'][$acl_type];
+ − 2302
}
1
+ − 2303
$parser->assign_vars($vars);
+ − 2304
echo $parser->run();
+ − 2305
}
+ − 2306
$parser = $template->makeParserText( $response['template']['acl_field_end'] );
+ − 2307
echo $parser->run();
+ − 2308
echo '<div style="margin: 10px auto 0 0; text-align: right;">
+ − 2309
<input name="data[mode]" value="save_' . $response['type'] . '" type="hidden" />
+ − 2310
<input type="hidden" name="data[page_id]" value="' . (( $response['page_id'] ) ? $response['page_id'] : 'false') . '" />
+ − 2311
<input type="hidden" name="data[namespace]" value="' . (( $response['namespace'] ) ? $response['namespace'] : 'false') . '" />
+ − 2312
<input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2313
<input type="hidden" name="data[target_id]" value="' . $response['target_id'] . '" />
+ − 2314
<input type="hidden" name="data[target_name]" value="' . $response['target_name'] . '" />
219
+ − 2315
' . ( ( $response['type'] == 'edit' ) ? '<input type="submit" value="' . $lang->get('etc_save_changes') . '" /> <input type="submit" name="data[act_delete_rule]" value="' . $lang->get('acl_btn_deleterule') . '" style="color: #AA0000;" onclick="return confirm(\'' . addslashes($lang->get('acl_msg_deleterule_confirm')) . '\');" />' : '<input type="submit" value="' . $lang->get('acl_btn_createrule') . '" />' ) . '
1
+ − 2316
</div>';
+ − 2317
echo $formend;
+ − 2318
break;
+ − 2319
case 'error':
+ − 2320
ob_end_clean();
+ − 2321
die_friendly('Error occurred', '<p>Error returned by permissions API:</p><pre>' . htmlspecialchars($response['error']) . '</pre>');
+ − 2322
break;
+ − 2323
}
+ − 2324
$ret = ob_get_contents();
+ − 2325
ob_end_clean();
+ − 2326
echo
+ − 2327
$template->getHeader() .
+ − 2328
$ret .
+ − 2329
$template->getFooter();
+ − 2330
}
+ − 2331
+ − 2332
/**
+ − 2333
* Preprocessor to turn the form-submitted data from the ACL editor into something the backend can handle
+ − 2334
* @param array The posted data
+ − 2335
* @return array
+ − 2336
* @access private
+ − 2337
*/
+ − 2338
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 2339
public static function acl_preprocess($parms)
1
+ − 2340
{
+ − 2341
if ( !isset($parms['mode']) )
+ − 2342
// Nothing to do
+ − 2343
return $parms;
+ − 2344
switch ( $parms['mode'] )
+ − 2345
{
+ − 2346
case 'seltarget':
+ − 2347
+ − 2348
// Who's affected?
+ − 2349
$parms['target_type'] = intval( $parms['target_type'] );
+ − 2350
$parms['target_id'] = ( $parms['target_type'] == ACL_TYPE_GROUP ) ? $parms['target_id_grp'] : $parms['target_id_user'];
+ − 2351
+ − 2352
case 'save_edit':
+ − 2353
case 'save_new':
+ − 2354
if ( isset($parms['act_delete_rule']) )
+ − 2355
{
+ − 2356
$parms['mode'] = 'delete';
+ − 2357
}
+ − 2358
+ − 2359
// Scope (just this page or entire site?)
+ − 2360
if ( $parms['scope'] == 'entire_site' || ( $parms['page_id'] == 'false' && $parms['namespace'] == 'false' ) )
+ − 2361
{
+ − 2362
$parms['page_id'] = false;
+ − 2363
$parms['namespace'] = false;
+ − 2364
}
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2365
else if ( $parms['scope'] == 'page_group' )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2366
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2367
$parms['page_id'] = $parms['pg_id'];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2368
$parms['namespace'] = '__PageGroup';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2369
}
1
+ − 2370
+ − 2371
break;
+ − 2372
}
+ − 2373
+ − 2374
if ( isset($parms['act_go_stage1']) )
+ − 2375
{
+ − 2376
$parms = array(
+ − 2377
'mode' => 'listgroups'
+ − 2378
);
+ − 2379
}
+ − 2380
+ − 2381
return $parms;
+ − 2382
}
+ − 2383
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 2384
public static function acl_postprocess($response)
1
+ − 2385
{
+ − 2386
if(!isset($response['mode']))
+ − 2387
{
+ − 2388
if ( isset($response['groups']) )
+ − 2389
$response['mode'] = 'stage1';
+ − 2390
else
+ − 2391
$response = Array(
+ − 2392
'mode' => 'error',
+ − 2393
'error' => 'Invalid action passed by API backend.',
+ − 2394
);
+ − 2395
}
+ − 2396
return $response;
+ − 2397
}
+ − 2398
+ − 2399
}
+ − 2400
513
+ − 2401
/**
+ − 2402
* Generates a graphical key showing how the ACL rule list works.
+ − 2403
* @return string
+ − 2404
*/
+ − 2405
+ − 2406
function acl_list_draw_key()
+ − 2407
{
+ − 2408
$out = '<div style="width: 460px; margin: 0 auto; text-align: center; margin-bottom: 10px;">';
+ − 2409
$out .= '<div style="float: left;">← Deny</div>';
+ − 2410
$out .= '<div style="float: right;">Allow →</div>';
+ − 2411
$out .= 'Neutral';
+ − 2412
$out .= '<div style="clear: both;"></div>';
+ − 2413
// 11 boxes on each side of the center
+ − 2414
$inc = ceil ( ( 0xFF - ACL_SCALE_MINIMAL_SHADE ) / 11 );
+ − 2415
for ( $i = ACL_SCALE_MINIMAL_SHADE; $i <= 0xFF; $i+= $inc )
+ − 2416
{
+ − 2417
$octet = dechex($i);
+ − 2418
$color = "ff$octet$octet";
+ − 2419
$out .= '<div style="background-color: #' . $color . '; float: left; width: 20px;"> </div>';
+ − 2420
}
+ − 2421
$out .= '<div style="background-color: #efefef; float: left; width: 20px;"> </div>';
+ − 2422
for ( $i = 0xFF; $i >= ACL_SCALE_MINIMAL_SHADE; $i-= $inc )
+ − 2423
{
+ − 2424
$octet = dechex($i);
+ − 2425
$color = "{$octet}ff{$octet}";
+ − 2426
$out .= '<div style="background-color: #' . $color . '; float: left; width: 20px;"> </div>';
+ − 2427
}
+ − 2428
$out .= '<div style="clear: both;"></div>';
+ − 2429
$out .= '<div style="float: left;">-100</div>';
+ − 2430
$out .= '<div style="float: right;">+100</div>';
+ − 2431
$out .= '0';
+ − 2432
$out .= '</div>';
+ − 2433
return $out;
+ − 2434
}
+ − 2435
+ − 2436
/**
+ − 2437
* Gets the numerical score for the serialized form of an ACL rule
+ − 2438
*/
+ − 2439
+ − 2440
function get_acl_rule_score($perms)
+ − 2441
{
+ − 2442
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2443
if ( is_string($perms) )
+ − 2444
$perms = $session->string_to_perm($perms);
+ − 2445
else if ( !is_array($perms) )
+ − 2446
return false;
+ − 2447
$score = 0;
+ − 2448
foreach ( $perms as $item )
+ − 2449
{
+ − 2450
switch ( $item )
+ − 2451
{
+ − 2452
case AUTH_ALLOW :
+ − 2453
$inc = 2;
+ − 2454
break;
+ − 2455
case AUTH_WIKIMODE:
+ − 2456
$inc = 1;
+ − 2457
break;
+ − 2458
case AUTH_DISALLOW:
+ − 2459
$inc = -1;
+ − 2460
break;
+ − 2461
case AUTH_DENY:
+ − 2462
$inc = -2;
+ − 2463
break;
+ − 2464
default:
+ − 2465
$inc = 0;
+ − 2466
break;
+ − 2467
}
+ − 2468
$score += $inc;
+ − 2469
}
+ − 2470
// this is different from the beta; calculate highest score and
+ − 2471
// get percentage to be fairer to smaller/less broad rules
+ − 2472
$divisor = count($perms) * 2;
+ − 2473
if ( $divisor == 0 )
+ − 2474
{
+ − 2475
return 0;
+ − 2476
}
+ − 2477
$score = 100 * ( $score / $divisor );
+ − 2478
return round($score);
+ − 2479
}
+ − 2480
1
+ − 2481
?>