321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 1
<?php
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 2
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 3
/*
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
204
473cc747022a
You know what folks, a lot of Mercurial merges failed, and I just now figured out why. So now all changes from stable are permanently synced in.
Dan
diff
changeset
+ − 5
* Version 1.1.1
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 6
* Copyright (C) 2006-2007 Dan Fuhry
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 7
*
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 8
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 9
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 10
*
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 11
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 12
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 13
*/
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 14
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 15
define('ENANO_INTERFACE_AJAX', '');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 16
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 17
// fillusername should be done without the help of the rest of Enano - all we need is the DBAL
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 18
if ( isset($_GET['_mode']) && $_GET['_mode'] == 'fillusername' )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 19
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 20
// setup and load a very basic, specialized instance of the Enano API
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 21
function microtime_float()
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 22
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 23
list($usec, $sec) = explode(" ", microtime());
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 24
return ((float)$usec + (float)$sec);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 25
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 26
// Determine directory (special case for development servers)
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 27
if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 28
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 29
$filename = str_replace('/repo/', '/', __FILE__);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 30
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 31
else
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 32
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 33
$filename = __FILE__;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 34
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 35
define('ENANO_ROOT', dirname($filename));
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 36
require(ENANO_ROOT.'/includes/functions.php');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 37
require(ENANO_ROOT.'/includes/dbal.php');
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 38
require(ENANO_ROOT.'/includes/json2.php');
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 39
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 40
require(ENANO_ROOT . '/config.php');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 41
unset($dbuser, $dbpasswd);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 42
if ( !isset($dbdriver) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 43
$dbdriver = 'mysql';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 44
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 45
$db = new $dbdriver();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 46
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 47
$db->connect();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 48
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 49
// result is sent using JSON
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 50
$return = Array(
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 51
'mode' => 'success',
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 52
'users_real' => Array()
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 53
);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 54
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 55
// should be connected to the DB now
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 56
$name = (isset($_GET['name'])) ? $db->escape($_GET['name']) : false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 57
if ( !$name )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 58
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 59
$return = array(
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 60
'mode' => 'error',
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 61
'error' => 'Invalid URI'
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 62
);
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 63
die( enano_json_encode($return) );
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 64
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 65
$allowanon = ( isset($_GET['allowanon']) && $_GET['allowanon'] == '1' ) ? '' : ' AND user_id > 1';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 66
$q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE ' . ENANO_SQLFUNC_LOWERCASE . '(username) LIKE ' . ENANO_SQLFUNC_LOWERCASE . '(\'%'.$name.'%\')' . $allowanon . ' ORDER BY username ASC;');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 67
if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 68
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 69
$db->die_json();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 70
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 71
$i = 0;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 72
while($r = $db->fetchrow())
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 73
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 74
$return['users_real'][] = $r['username'];
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 75
$i++;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 76
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 77
$db->free_result();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 78
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 79
// all done! :-)
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 80
$db->close();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 81
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 82
echo enano_json_encode( $return );
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 83
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 84
exit;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 85
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 86
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 87
require('includes/common.php');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 88
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 89
global $db, $session, $paths, $template, $plugins; // Common objects
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 90
if(!isset($_GET['_mode'])) die('This script cannot be accessed directly.');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 91
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 92
$_ob = '';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 93
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 94
switch($_GET['_mode']) {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 95
case "checkusername":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 96
echo PageUtils::checkusername($_GET['name']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 97
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 98
case "getsource":
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 99
header('Content-type: text/plain');
324
+ − 100
$password = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 101
$revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0;
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 102
$page = new PageProcessor($paths->page_id, $paths->namespace, $revid);
324
+ − 103
$page->password = $password;
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 104
$have_draft = false;
324
+ − 105
if ( $src = $page->fetch_source() )
+ − 106
{
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 107
$allowed = true;
417
+ − 108
$q = $db->sql_query('SELECT author, time_id, page_text, edit_summary FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 109
AND page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 110
AND namespace = \'' . $db->escape($paths->namespace) . '\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 111
AND is_draft = 1;');
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 112
if ( !$q )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 113
$db->die_json();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 114
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 115
if ( $db->numrows() > 0 )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 116
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 117
$have_draft = true;
419
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
diff
changeset
+ − 118
$draft_row = $db->fetchrow($q);
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 119
}
324
+ − 120
}
325
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 121
else if ( $src !== false )
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 122
{
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 123
$allowed = true;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 124
$src = '';
325
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 125
}
324
+ − 126
else
+ − 127
{
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 128
$allowed = false;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 129
$src = '';
324
+ − 130
}
336
+ − 131
+ − 132
$auth_edit = ( $session->get_permissions('edit_page') && ( $session->get_permissions('even_when_protected') || !$paths->page_protected ) );
387
92664d2efab8
Rebranded source code as 1.1.1; added TinyMCE ACL rule as per Vadi's request: http://forum.enanocms.org/viewtopic.php?f=7&t=54
Dan
diff
changeset
+ − 133
$auth_wysiwyg = ( $session->get_permissions('edit_wysiwyg') );
336
+ − 134
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 135
$return = array(
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 136
'mode' => 'editor',
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 137
'src' => $src,
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 138
'auth_view_source' => $allowed,
336
+ − 139
'auth_edit' => $auth_edit,
+ − 140
'time' => time(),
+ − 141
'require_captcha' => false,
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 142
'allow_wysiwyg' => $auth_wysiwyg,
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 143
'revid' => $revid,
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 144
'have_draft' => false
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 145
);
336
+ − 146
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 147
if ( $have_draft )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 148
{
419
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
diff
changeset
+ − 149
$row =& $draft_row;
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 150
$return['have_draft'] = true;
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 151
$return['draft_author'] = $row['author'];
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 152
$return['draft_time'] = enano_date('d M Y h:i a', intval($row['time_id']));
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 153
if ( isset($_GET['get_draft']) && @$_GET['get_draft'] === '1' )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 154
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 155
$return['src'] = $row['page_text'];
417
+ − 156
$return['edit_summary'] = $row['edit_summary'];
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 157
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 158
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 159
468
+ − 160
$return['undo_info'] = array();
+ − 161
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 162
if ( $revid > 0 )
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 163
{
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 164
// Retrieve information about this revision and the current one
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 165
$q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 166
LEFT JOIN ' . table_prefix . 'logs AS l2
468
+ − 167
ON ( l2.log_id = ' . $revid . '
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 168
AND l2.log_type = \'page\'
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 169
AND l2.action = \'edit\'
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 170
AND l2.page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 171
AND l2.namespace = \'' . $db->escape($paths->namespace) . '\'
468
+ − 172
AND l2.is_draft != 1
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 173
)
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 174
WHERE l1.log_type = \'page\'
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 175
AND l1.action = \'edit\'
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 176
AND l1.page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 177
AND l1.namespace = \'' . $db->escape($paths->namespace) . '\'
468
+ − 178
AND l1.time_id > ' . $page->revision_time . '
+ − 179
AND l1.is_draft != 1
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 180
ORDER BY l1.time_id DESC;');
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 181
if ( !$q )
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 182
$db->die_json();
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 183
468
+ − 184
if ( $db->numrows() > 0 )
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 185
{
468
+ − 186
$rev_count = $db->numrows() - 1;
+ − 187
if ( $rev_count == -1 )
+ − 188
{
+ − 189
$return = array(
+ − 190
'mode' => 'error',
+ − 191
'error' => '[Internal] No rows returned by revision info query. SQL:<pre>' . $db->latest_query . '</pre>'
+ − 192
);
+ − 193
}
+ − 194
else
+ − 195
{
+ − 196
$row = $db->fetchrow();
+ − 197
$return['undo_info'] = array(
+ − 198
'old_author' => $row['oldrev_author'],
+ − 199
'current_author' => $row['currentrev_author'],
+ − 200
'undo_count' => $rev_count
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 201
);
468
+ − 202
}
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 203
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 204
else
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 205
{
468
+ − 206
$return['revid'] = $revid = 0;
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 207
}
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 208
}
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 209
336
+ − 210
if ( $auth_edit && !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
+ − 211
{
+ − 212
$return['require_captcha'] = true;
+ − 213
$return['captcha_id'] = $session->make_captcha();
+ − 214
}
+ − 215
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 216
$template->load_theme();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 217
$return['toolbar_templates'] = $template->extract_vars('toolbar.tpl');
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 218
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 219
echo enano_json_encode($return);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 220
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 221
case "getpage":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 222
// echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 223
$revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
324
+ − 224
$page = new PageProcessor( $paths->page_id, $paths->namespace, $revision_id );
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 225
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 226
$pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : '';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 227
$page->password = $pagepass;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 228
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 229
$page->send();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 230
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 231
case "savepage":
468
+ − 232
/* **** OBSOLETE **** */
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 233
$summ = ( isset($_POST['summary']) ) ? $_POST['summary'] : '';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 234
$minor = isset($_POST['minor']);
324
+ − 235
$e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['text'], $summ, $minor);
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 236
if ( $e == 'good' )
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 237
{
324
+ − 238
$page = new PageProcessor($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 239
$page->send();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 240
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 241
else
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 242
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 243
echo '<p>Error saving the page: '.$e.'</p>';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 244
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 245
break;
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 246
case "savepage_json":
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 247
header('Content-type: application/json');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 248
if ( !isset($_POST['r']) )
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 249
die('Invalid request [1]');
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 250
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 251
$request = enano_json_decode($_POST['r']);
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 252
if ( !isset($request['src']) || !isset($request['summary']) || !isset($request['minor_edit']) || !isset($request['time']) || !isset($request['draft']) )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 253
die('Invalid request [2]<pre>' . htmlspecialchars(print_r($request, true)) . '</pre>');
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 254
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 255
$time = intval($request['time']);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 256
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 257
if ( $request['draft'] )
336
+ − 258
{
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 259
//
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 260
// The user wants to save a draft version of the page.
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 261
//
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 262
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 263
// Delete any draft copies if they exist
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 264
$q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 265
AND page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 266
AND namespace = \'' . $db->escape($paths->namespace) . '\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 267
AND is_draft = 1;');
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 268
if ( !$q )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 269
$db->die_json();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 270
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 271
$src = RenderMan::preprocess_text($request['src'], false, false);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 272
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 273
// Save the draft
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 274
$q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs ( log_type, action, page_id, namespace, author, edit_summary, page_text, is_draft, time_id )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 275
VALUES (
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 276
\'page\',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 277
\'edit\',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 278
\'' . $db->escape($paths->page_id) . '\',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 279
\'' . $db->escape($paths->namespace) . '\',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 280
\'' . $db->escape($session->username) . '\',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 281
\'' . $db->escape($request['summary']) . '\',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 282
\'' . $db->escape($src) . '\',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 283
1,
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 284
' . time() . '
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 285
);');
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 286
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 287
// Done!
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 288
$return = array(
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 289
'mode' => 'success',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 290
'is_draft' => true
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 291
);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 292
}
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 293
else
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 294
{
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 295
// Verify that no edits have been made since the editor was requested
416
+ − 296
$q = $db->sql_query('SELECT time_id, author FROM ' . table_prefix . "logs WHERE log_type = 'page' AND action = 'edit' AND page_id = '{$paths->page_id}' AND namespace = '{$paths->namespace}' AND is_draft != 1 ORDER BY time_id DESC LIMIT 1;");
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 297
if ( !$q )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 298
$db->die_json();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 299
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 300
$row = $db->fetchrow();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 301
$db->free_result();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 302
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 303
if ( $row['time_id'] > $time )
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 304
{
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 305
$return = array(
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 306
'mode' => 'obsolete',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 307
'author' => $row['author'],
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 308
'date_string' => enano_date('d M Y h:i a', $row['time_id']),
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 309
'time' => $row['time_id'] // time() ???
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 310
);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 311
echo enano_json_encode($return);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 312
break;
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 313
}
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 314
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 315
// Verify captcha, if needed
336
+ − 316
if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
+ − 317
{
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 318
if ( !isset($request['captcha_id']) || !isset($request['captcha_code']) )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 319
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 320
die('Invalid request, need captcha metadata');
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 321
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 322
$code_correct = strtolower($session->get_captcha($request['captcha_id']));
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 323
$code_input = strtolower($request['captcha_code']);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 324
if ( $code_correct !== $code_input )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 325
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 326
$return = array(
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 327
'mode' => 'errors',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 328
'errors' => array($lang->get('editor_err_captcha_wrong')),
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 329
'new_captcha' => $session->make_captcha()
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 330
);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 331
echo enano_json_encode($return);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 332
break;
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 333
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 334
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 335
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 336
// Verification complete. Start the PageProcessor and let it do the dirty work for us.
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 337
$page = new PageProcessor($paths->page_id, $paths->namespace);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 338
if ( $page->update_page($request['src'], $request['summary'], ( $request['minor_edit'] == 1 )) )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 339
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 340
$return = array(
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 341
'mode' => 'success',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 342
'is_draft' => false
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 343
);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 344
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 345
else
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 346
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 347
$errors = array();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 348
while ( $err = $page->pop_error() )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 349
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 350
$errors[] = $err;
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 351
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 352
$return = array(
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 353
'mode' => 'errors',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 354
'errors' => array_values($errors)
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 355
);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 356
if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 357
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 358
$return['new_captcha'] = $session->make_captcha();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 359
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 360
}
468
+ − 361
}
+ − 362
+ − 363
// If this is based on a draft version, delete the draft - we no longer need it.
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 364
if ( @$request['used_draft'] && !$request['draft'] )
468
+ − 365
{
+ − 366
$q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
+ − 367
AND page_id = \'' . $db->escape($paths->page_id) . '\'
+ − 368
AND namespace = \'' . $db->escape($paths->namespace) . '\'
+ − 369
AND is_draft = 1;');
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 370
}
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 371
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 372
echo enano_json_encode($return);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 373
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 374
break;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 375
case "diff_cur":
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 376
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 377
// Lie about our content type to fool ad scripts
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 378
header('Content-type: application/xhtml+xml');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 379
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 380
if ( !isset($_POST['text']) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 381
die('Invalid request');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 382
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 383
$page = new PageProcessor($paths->page_id, $paths->namespace);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 384
if ( !($src = $page->fetch_source()) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 385
{
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 386
die('Access denied');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 387
}
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 388
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 389
$diff = RenderMan::diff($src, $_POST['text']);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 390
if ( $diff == '<table class="diff"></table>' )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 391
{
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 392
$diff = '<p>' . $lang->get('editor_msg_diff_empty') . '</p>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 393
}
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 394
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 395
echo '<div class="info-box">' . $lang->get('editor_msg_diff') . '</div>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 396
echo $diff;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 397
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 398
break;
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 399
case "protect":
468
+ − 400
// echo PageUtils::protect($paths->page_id, $paths->namespace, (int)$_POST['level'], $_POST['reason']);
481
+ − 401
+ − 402
if ( @$_POST['reason'] === '__ROLLBACK__' )
+ − 403
{
+ − 404
// __ROLLBACK__ is a keyword for log entries.
+ − 405
die('"__ROLLBACK__" ain\'t gonna do it, buddy. Try to _not_ use reserved keywords next time, ok?');
+ − 406
}
+ − 407
468
+ − 408
$page = new PageProcessor($paths->page_id, $paths->namespace);
+ − 409
header('Content-type: application/json');
+ − 410
+ − 411
$result = $page->protect_page(intval($_POST['level']), $_POST['reason']);
+ − 412
echo enano_json_encode($result);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 413
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 414
case "histlist":
324
+ − 415
echo PageUtils::histlist($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 416
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 417
case "rollback":
468
+ − 418
$id = intval(@$_GET['id']);
+ − 419
$page = new PageProcessor($paths->page_id, $paths->namespace);
+ − 420
header('Content-type: application/json');
+ − 421
+ − 422
$result = $page->rollback_log_entry($id);
+ − 423
echo enano_json_encode($result);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 424
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 425
case "comments":
324
+ − 426
$comments = new Comments($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 427
if ( isset($_POST['data']) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 428
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 429
$comments->process_json($_POST['data']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 430
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 431
else
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 432
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 433
die('{ "mode" : "error", "error" : "No input" }');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 434
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 435
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 436
case "rename":
468
+ − 437
$page = new PageProcessor($paths->page_id, $paths->namespace);
+ − 438
header('Content-type: application/json');
+ − 439
+ − 440
$result = $page->rename_page($_POST['newtitle']);
+ − 441
echo enano_json_encode($result);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 442
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 443
case "flushlogs":
324
+ − 444
echo PageUtils::flushlogs($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 445
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 446
case "deletepage":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 447
$reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 448
if ( empty($reason) )
378
c1c7fa6b329f
Got Enano to load even if there are no plugins; added caching for decrypted session keys to significantly improve performance (in theory at least)
Dan
diff
changeset
+ − 449
die($lang->get('page_err_need_reason'));
324
+ − 450
echo PageUtils::deletepage($paths->page_id, $paths->namespace, $reason);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 451
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 452
case "delvote":
324
+ − 453
echo PageUtils::delvote($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 454
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 455
case "resetdelvotes":
324
+ − 456
echo PageUtils::resetdelvotes($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 457
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 458
case "getstyles":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 459
echo PageUtils::getstyles($_GET['id']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 460
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 461
case "catedit":
324
+ − 462
echo PageUtils::catedit($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 463
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 464
case "catsave":
324
+ − 465
echo PageUtils::catsave($paths->page_id, $paths->namespace, $_POST);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 466
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 467
case "setwikimode":
324
+ − 468
echo PageUtils::setwikimode($paths->page_id, $paths->namespace, (int)$_GET['mode']);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 469
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 470
case "setpass":
324
+ − 471
echo PageUtils::setpass($paths->page_id, $paths->namespace, $_POST['password']);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 472
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 473
case "fillusername":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 474
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 475
case "fillpagename":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 476
$name = (isset($_GET['name'])) ? $_GET['name'] : false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 477
if(!$name) die('userlist = new Array(); namelist = new Array(); errorstring=\'Invalid URI\'');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 478
$nd = RenderMan::strToPageID($name);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 479
$c = 0;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 480
$u = Array();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 481
$n = Array();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 482
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 483
$name = sanitize_page_id($name);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 484
$name = str_replace('_', ' ', $name);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 485
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 486
for($i=0;$i<sizeof($paths->pages)/2;$i++)
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 487
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 488
if( (
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 489
preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['name']) ||
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 490
preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname']) ||
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 491
preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname_nons']) ||
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 492
preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['name']) ||
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 493
preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname']) ||
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 494
preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname_nons'])
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 495
) &&
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 496
( ( $nd[1] != 'Article' && $paths->pages[$i]['namespace'] == $nd[1] ) || $nd[1] == 'Article' )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 497
&& $paths->pages[$i]['visible']
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 498
)
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 499
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 500
$c++;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 501
$u[] = $paths->pages[$i]['name'];
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 502
$n[] = $paths->pages[$i]['urlname'];
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 503
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 504
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 505
if($c > 0)
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 506
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 507
echo 'userlist = new Array(); namelist = new Array(); errorstring = false; '."\n";
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 508
for($i=0;$i<sizeof($u);$i++) // Can't use foreach because we need the value of $i and we need to use both $u and $n
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 509
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 510
echo "userlist[$i] = '".addslashes($n[$i])."';\n";
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 511
echo "namelist[$i] = '".addslashes(htmlspecialchars($u[$i]))."';\n";
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 512
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 513
} else {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 514
die('userlist = new Array(); namelist = new Array(); errorstring=\'No page matches found.\'');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 515
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 516
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 517
case "preview":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 518
echo PageUtils::genPreview($_POST['text']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 519
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 520
case "pagediff":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 521
$id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 522
$id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 523
if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 524
if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) ||
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 525
!preg_match('#^([0-9]+)$#', (string)$_GET['diff2'] )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
324
+ − 526
echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 527
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 528
case "jsres":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 529
die('// ERROR: this section is deprecated and has moved to includes/clientside/static/enano-lib-basic.js.');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 530
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 531
case "rdns":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 532
if(!$session->get_permissions('mod_misc')) die('Go somewhere else for your reverse DNS info!');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 533
$ip = $_GET['ip'];
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 534
$rdns = gethostbyaddr($ip);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 535
if($rdns == $ip) echo 'Unable to get reverse DNS information. Perhaps the DNS server is down or the PTR record no longer exists.';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 536
else echo $rdns;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 537
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 538
case 'acljson':
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 539
$parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 540
echo PageUtils::acl_json($parms);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 541
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 542
case "change_theme":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 543
if ( !isset($_POST['theme_id']) || !isset($_POST['style_id']) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 544
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 545
die('Invalid input');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 546
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 547
if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme_id']) || !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style_id']) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 548
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 549
die('Invalid input');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 550
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 551
if ( !file_exists(ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css') )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 552
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 553
die('Can\'t find theme file: ' . ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 554
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 555
if ( !$session->user_logged_in )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 556
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 557
die('You must be logged in to change your theme');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 558
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 559
// Just in case something slipped through...
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 560
$theme_id = $db->escape($_POST['theme_id']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 561
$style_id = $db->escape($_POST['style_id']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 562
$e = $db->sql_query('UPDATE ' . table_prefix . "users SET theme='$theme_id', style='$style_id' WHERE user_id=$session->user_id;");
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 563
if ( !$e )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 564
die( $db->get_error() );
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 565
die('GOOD');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 566
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 567
case 'get_tags':
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 568
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 569
$ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 570
$q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user_id FROM '.table_prefix.'tags AS t
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 571
LEFT JOIN '.table_prefix.'page_groups AS pg
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 572
ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
324
+ − 573
WHERE t.page_id=\'' . $db->escape($paths->page_id) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 574
if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 575
$db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 576
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 577
while ( $row = $db->fetchrow() )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 578
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 579
$can_del = true;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 580
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 581
$perm = ( $row['user_id'] != $session->user_id ) ?
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 582
'tag_delete_other' :
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 583
'tag_delete_own';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 584
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 585
if ( $row['user_id'] == 1 && !$session->user_logged_in )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 586
// anonymous user trying to delete tag (hardcode blacklisted)
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 587
$can_del = false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 588
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 589
if ( !$session->get_permissions($perm) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 590
$can_del = false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 591
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 592
if ( $row['used_in_acl'] == 1 && !$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 593
$can_del = false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 594
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 595
$ret['tags'][] = array(
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 596
'id' => $row['tag_id'],
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 597
'name' => $row['tag_name'],
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 598
'can_del' => $can_del,
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 599
'acl' => ( $row['used_in_acl'] == 1 )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 600
);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 601
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 602
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 603
echo enano_json_encode($ret);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 604
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 605
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 606
case 'addtag':
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 607
$resp = array(
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 608
'success' => false,
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 609
'error' => 'No error',
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 610
'can_del' => ( $session->get_permissions('tag_delete_own') && $session->user_logged_in ),
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 611
'in_acl' => false
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 612
);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 613
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 614
// first of course, are we allowed to tag pages?
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 615
if ( !$session->get_permissions('tag_create') )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 616
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 617
$resp['error'] = 'You are not permitted to tag pages.';
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 618
die(enano_json_encode($resp));
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 619
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 620
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 621
// sanitize the tag name
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 622
$tag = sanitize_tag($_POST['tag']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 623
$tag = $db->escape($tag);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 624
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 625
if ( strlen($tag) < 2 )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 626
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 627
$resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.';
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 628
die(enano_json_encode($resp));
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 629
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 630
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 631
// check if tag is already on page
324
+ − 632
$q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';');
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 633
if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 634
$db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 635
if ( $db->numrows() > 0 )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 636
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 637
$resp['error'] = 'This page already has this tag.';
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 638
die(enano_json_encode($resp));
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 639
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 640
$db->free_result();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 641
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 642
// tricky: make sure this tag isn't being used in some page group, and thus adding it could affect page access
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 643
$can_edit_acl = ( $session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN );
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 644
$q = $db->sql_query('SELECT 1 FROM '.table_prefix.'page_groups WHERE pg_type=' . PAGE_GRP_TAGGED . ' AND pg_target=\'' . $tag . '\';');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 645
if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 646
$db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 647
if ( $db->numrows() > 0 && !$can_edit_acl )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 648
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 649
$resp['error'] = 'This tag is used in an ACL page group, and thus can\'t be added to a page by people without administrator privileges.';
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 650
die(enano_json_encode($resp));
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 651
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 652
$resp['in_acl'] = ( $db->numrows() > 0 );
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 653
$db->free_result();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 654
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 655
// we're good
324
+ − 656
$q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user_id) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->page_id) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 657
if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 658
$db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 659
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 660
$resp['success'] = true;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 661
$resp['tag'] = $tag;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 662
$resp['tag_id'] = $db->insert_id();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 663
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 664
echo enano_json_encode($resp);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 665
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 666
case 'deltag':
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 667
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 668
$tag_id = intval($_POST['tag_id']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 669
if ( empty($tag_id) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 670
die('Invalid tag ID');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 671
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 672
$q = $db->sql_query('SELECT t.tag_id, t.user_id, t.page_id, t.namespace, pg.pg_target IS NOT NULL AS used_in_acl FROM '.table_prefix.'tags AS t
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 673
LEFT JOIN '.table_prefix.'page_groups AS pg
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 674
ON ( pg.pg_id IS NULL OR ( pg.pg_target = t.tag_name AND pg.pg_type = ' . PAGE_GRP_TAGGED . ' ) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 675
WHERE t.tag_id=' . $tag_id . ';');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 676
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 677
if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 678
$db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 679
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 680
if ( $db->numrows() < 1 )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 681
die('Could not find a tag with that ID');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 682
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 683
$row = $db->fetchrow();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 684
$db->free_result();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 685
324
+ − 686
if ( $row['page_id'] == $paths->page_id && $row['namespace'] == $paths->namespace )
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 687
$perms =& $session;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 688
else
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 689
$perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 690
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 691
$perm = ( $row['user_id'] != $session->user_id ) ?
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 692
'tag_delete_other' :
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 693
'tag_delete_own';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 694
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 695
if ( $row['user_id'] == 1 && !$session->user_logged_in )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 696
// anonymous user trying to delete tag (hardcode blacklisted)
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 697
die('You are not authorized to delete this tag.');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 698
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 699
if ( !$perms->get_permissions($perm) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 700
die('You are not authorized to delete this tag.');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 701
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 702
if ( $row['used_in_acl'] == 1 && !$perms->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 703
die('You are not authorized to delete this tag.');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 704
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 705
// We're good
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 706
$q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE tag_id = ' . $tag_id . ';');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 707
if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 708
$db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 709
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 710
echo 'success';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 711
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 712
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 713
case 'ping':
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 714
echo 'pong';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 715
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 716
default:
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 717
die('Hacking attempt');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 718
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 719
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 720
0
+ − 721
?>