321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 1
<?php
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 2
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 3
/*
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
204
473cc747022a
You know what folks, a lot of Mercurial merges failed, and I just now figured out why. So now all changes from stable are permanently synced in.
Dan
diff
changeset
+ − 5
* Version 1.1.1
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 6
* Copyright (C) 2006-2007 Dan Fuhry
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 7
*
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 8
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 9
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 10
*
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 11
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 12
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 13
*/
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 14
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 15
define('ENANO_INTERFACE_AJAX', '');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 16
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 17
// fillusername should be done without the help of the rest of Enano - all we need is the DBAL
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 18
if ( isset($_GET['_mode']) && $_GET['_mode'] == 'fillusername' )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 19
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 20
// setup and load a very basic, specialized instance of the Enano API
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 21
function microtime_float()
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 22
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 23
list($usec, $sec) = explode(" ", microtime());
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 24
return ((float)$usec + (float)$sec);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 25
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 26
// Determine directory (special case for development servers)
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 27
if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 28
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 29
$filename = str_replace('/repo/', '/', __FILE__);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 30
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 31
else
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 32
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 33
$filename = __FILE__;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 34
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 35
define('ENANO_ROOT', dirname($filename));
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 36
require(ENANO_ROOT.'/includes/functions.php');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 37
require(ENANO_ROOT.'/includes/dbal.php');
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 38
require(ENANO_ROOT.'/includes/json2.php');
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 39
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 40
require(ENANO_ROOT . '/config.php');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 41
unset($dbuser, $dbpasswd);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 42
if ( !isset($dbdriver) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 43
$dbdriver = 'mysql';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 44
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 45
$db = new $dbdriver();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 46
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 47
$db->connect();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 48
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 49
// result is sent using JSON
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 50
$return = Array(
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 51
'mode' => 'success',
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 52
'users_real' => Array()
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 53
);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 54
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 55
// should be connected to the DB now
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 56
$name = (isset($_GET['name'])) ? $db->escape($_GET['name']) : false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 57
if ( !$name )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 58
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 59
$return = array(
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 60
'mode' => 'error',
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 61
'error' => 'Invalid URI'
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 62
);
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 63
die( enano_json_encode($return) );
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 64
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 65
$allowanon = ( isset($_GET['allowanon']) && $_GET['allowanon'] == '1' ) ? '' : ' AND user_id > 1';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 66
$q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE ' . ENANO_SQLFUNC_LOWERCASE . '(username) LIKE ' . ENANO_SQLFUNC_LOWERCASE . '(\'%'.$name.'%\')' . $allowanon . ' ORDER BY username ASC;');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 67
if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 68
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 69
$db->die_json();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 70
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 71
$i = 0;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 72
while($r = $db->fetchrow())
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 73
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 74
$return['users_real'][] = $r['username'];
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 75
$i++;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 76
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 77
$db->free_result();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 78
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 79
// all done! :-)
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 80
$db->close();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 81
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 82
echo enano_json_encode( $return );
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 83
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 84
exit;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 85
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 86
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 87
require('includes/common.php');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 88
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 89
global $db, $session, $paths, $template, $plugins; // Common objects
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 90
if(!isset($_GET['_mode'])) die('This script cannot be accessed directly.');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 91
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 92
$_ob = '';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 93
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 94
switch($_GET['_mode']) {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 95
case "checkusername":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 96
echo PageUtils::checkusername($_GET['name']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 97
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 98
case "getsource":
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 99
header('Content-type: text/plain');
324
+ − 100
$password = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 101
$revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0;
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 102
$page = new PageProcessor($paths->page_id, $paths->namespace, $revid);
324
+ − 103
$page->password = $password;
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 104
$have_draft = false;
324
+ − 105
if ( $src = $page->fetch_source() )
+ − 106
{
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 107
$allowed = true;
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 108
$q = $db->sql_query('SELECT author, time_id, page_text FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 109
AND page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 110
AND namespace = \'' . $db->escape($paths->namespace) . '\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 111
AND is_draft = 1;');
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 112
if ( !$q )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 113
$db->die_json();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 114
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 115
if ( $db->numrows() > 0 )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 116
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 117
$have_draft = true;
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 118
}
324
+ − 119
}
325
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 120
else if ( $src !== false )
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 121
{
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 122
$allowed = true;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 123
$src = '';
325
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 124
}
324
+ − 125
else
+ − 126
{
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 127
$allowed = false;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 128
$src = '';
324
+ − 129
}
336
+ − 130
+ − 131
$auth_edit = ( $session->get_permissions('edit_page') && ( $session->get_permissions('even_when_protected') || !$paths->page_protected ) );
387
92664d2efab8
Rebranded source code as 1.1.1; added TinyMCE ACL rule as per Vadi's request: http://forum.enanocms.org/viewtopic.php?f=7&t=54
Dan
diff
changeset
+ − 132
$auth_wysiwyg = ( $session->get_permissions('edit_wysiwyg') );
336
+ − 133
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 134
$return = array(
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 135
'mode' => 'editor',
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 136
'src' => $src,
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 137
'auth_view_source' => $allowed,
336
+ − 138
'auth_edit' => $auth_edit,
+ − 139
'time' => time(),
+ − 140
'require_captcha' => false,
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 141
'allow_wysiwyg' => $auth_wysiwyg,
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 142
'revid' => $revid,
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 143
'have_draft' => false
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 144
);
336
+ − 145
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 146
if ( $have_draft )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 147
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 148
$row = $db->fetchrow($q);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 149
$return['have_draft'] = true;
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 150
$return['draft_author'] = $row['author'];
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 151
$return['draft_time'] = enano_date('d M Y h:i a', intval($row['time_id']));
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 152
if ( isset($_GET['get_draft']) && @$_GET['get_draft'] === '1' )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 153
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 154
$return['src'] = $row['page_text'];
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 155
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 156
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 157
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 158
if ( $revid > 0 )
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 159
{
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 160
// Retrieve information about this revision and the current one
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 161
$q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 162
LEFT JOIN ' . table_prefix . 'logs AS l2
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 163
ON ( l2.time_id = ' . $revid . '
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 164
AND l2.log_type = \'page\'
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 165
AND l2.action = \'edit\'
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 166
AND l2.page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 167
AND l2.namespace = \'' . $db->escape($paths->namespace) . '\'
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 168
)
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 169
WHERE l1.log_type = \'page\'
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 170
AND l1.action = \'edit\'
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 171
AND l1.page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 172
AND l1.namespace = \'' . $db->escape($paths->namespace) . '\'
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 173
AND l1.time_id >= ' . $revid . '
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 174
ORDER BY l1.time_id DESC;');
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 175
if ( !$q )
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 176
$db->die_json();
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 177
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 178
$rev_count = $db->numrows() - 1;
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 179
if ( $rev_count == -1 )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 180
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 181
$return = array(
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 182
'mode' => 'error',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 183
'error' => '[Internal] No rows returned by revision info query. SQL:<pre>' . $db->latest_query . '</pre>'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 184
);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 185
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 186
else
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 187
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 188
$row = $db->fetchrow();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 189
$return['undo_info'] = array(
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 190
'old_author' => $row['oldrev_author'],
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 191
'current_author' => $row['currentrev_author'],
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 192
'undo_count' => $rev_count
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 193
);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 194
}
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 195
}
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 196
336
+ − 197
if ( $auth_edit && !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
+ − 198
{
+ − 199
$return['require_captcha'] = true;
+ − 200
$return['captcha_id'] = $session->make_captcha();
+ − 201
}
+ − 202
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 203
$template->load_theme();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 204
$return['toolbar_templates'] = $template->extract_vars('toolbar.tpl');
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 205
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 206
echo enano_json_encode($return);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 207
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 208
case "getpage":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 209
// echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 210
$revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
324
+ − 211
$page = new PageProcessor( $paths->page_id, $paths->namespace, $revision_id );
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 212
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 213
$pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : '';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 214
$page->password = $pagepass;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 215
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 216
$page->send();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 217
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 218
case "savepage":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 219
$summ = ( isset($_POST['summary']) ) ? $_POST['summary'] : '';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 220
$minor = isset($_POST['minor']);
324
+ − 221
$e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['text'], $summ, $minor);
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 222
if ( $e == 'good' )
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 223
{
324
+ − 224
$page = new PageProcessor($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 225
$page->send();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 226
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 227
else
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 228
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 229
echo '<p>Error saving the page: '.$e.'</p>';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 230
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 231
break;
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 232
case "savepage_json":
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 233
header('Content-type: application/json');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 234
if ( !isset($_POST['r']) )
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 235
die('Invalid request [1]');
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 236
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 237
$request = enano_json_decode($_POST['r']);
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 238
if ( !isset($request['src']) || !isset($request['summary']) || !isset($request['minor_edit']) || !isset($request['time']) || !isset($request['draft']) )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 239
die('Invalid request [2]<pre>' . htmlspecialchars(print_r($request, true)) . '</pre>');
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 240
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 241
$time = intval($request['time']);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 242
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 243
if ( $request['draft'] )
336
+ − 244
{
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 245
//
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 246
// The user wants to save a draft version of the page.
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 247
//
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 248
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 249
// Delete any draft copies if they exist
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 250
$q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 251
AND page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 252
AND namespace = \'' . $db->escape($paths->namespace) . '\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 253
AND is_draft = 1;');
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 254
if ( !$q )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 255
$db->die_json();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 256
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 257
$src = RenderMan::preprocess_text($request['src'], false, false);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 258
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 259
// Save the draft
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 260
$q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs ( log_type, action, page_id, namespace, author, edit_summary, page_text, is_draft, time_id )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 261
VALUES (
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 262
\'page\',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 263
\'edit\',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 264
\'' . $db->escape($paths->page_id) . '\',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 265
\'' . $db->escape($paths->namespace) . '\',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 266
\'' . $db->escape($session->username) . '\',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 267
\'' . $db->escape($request['summary']) . '\',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 268
\'' . $db->escape($src) . '\',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 269
1,
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 270
' . time() . '
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 271
);');
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 272
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 273
// Done!
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 274
$return = array(
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 275
'mode' => 'success',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 276
'is_draft' => true
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 277
);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 278
}
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 279
else
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 280
{
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 281
// Verify that no edits have been made since the editor was requested
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 282
$q = $db->sql_query('SELECT time_id, author FROM ' . table_prefix . "logs WHERE log_type = 'page' AND action = 'edit' AND page_id = '{$paths->page_id}' AND namespace = '{$paths->namespace}' ORDER BY time_id DESC LIMIT 1;");
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 283
if ( !$q )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 284
$db->die_json();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 285
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 286
$row = $db->fetchrow();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 287
$db->free_result();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 288
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 289
if ( $row['time_id'] > $time )
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 290
{
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 291
$return = array(
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 292
'mode' => 'obsolete',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 293
'author' => $row['author'],
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 294
'date_string' => enano_date('d M Y h:i a', $row['time_id']),
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 295
'time' => $row['time_id'] // time() ???
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 296
);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 297
echo enano_json_encode($return);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 298
break;
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 299
}
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 300
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 301
// Verify captcha, if needed
336
+ − 302
if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
+ − 303
{
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 304
if ( !isset($request['captcha_id']) || !isset($request['captcha_code']) )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 305
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 306
die('Invalid request, need captcha metadata');
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 307
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 308
$code_correct = strtolower($session->get_captcha($request['captcha_id']));
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 309
$code_input = strtolower($request['captcha_code']);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 310
if ( $code_correct !== $code_input )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 311
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 312
$return = array(
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 313
'mode' => 'errors',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 314
'errors' => array($lang->get('editor_err_captcha_wrong')),
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 315
'new_captcha' => $session->make_captcha()
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 316
);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 317
echo enano_json_encode($return);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 318
break;
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 319
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 320
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 321
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 322
// Verification complete. Start the PageProcessor and let it do the dirty work for us.
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 323
$page = new PageProcessor($paths->page_id, $paths->namespace);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 324
if ( $page->update_page($request['src'], $request['summary'], ( $request['minor_edit'] == 1 )) )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 325
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 326
$return = array(
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 327
'mode' => 'success',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 328
'is_draft' => false
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 329
);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 330
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 331
else
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 332
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 333
$errors = array();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 334
while ( $err = $page->pop_error() )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 335
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 336
$errors[] = $err;
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 337
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 338
$return = array(
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 339
'mode' => 'errors',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 340
'errors' => array_values($errors)
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 341
);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 342
if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 343
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 344
$return['new_captcha'] = $session->make_captcha();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 345
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 346
}
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 347
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 348
// If this is based on a draft version, delete the draft - we no longer need it.
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 349
if ( @$request['used_draft'] )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 350
{
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 351
$q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 352
AND page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 353
AND namespace = \'' . $db->escape($paths->namespace) . '\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 354
AND is_draft = 1;');
336
+ − 355
}
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 356
}
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 357
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 358
echo enano_json_encode($return);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 359
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 360
break;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 361
case "diff_cur":
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 362
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 363
// Lie about our content type to fool ad scripts
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 364
header('Content-type: application/xhtml+xml');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 365
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 366
if ( !isset($_POST['text']) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 367
die('Invalid request');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 368
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 369
$page = new PageProcessor($paths->page_id, $paths->namespace);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 370
if ( !($src = $page->fetch_source()) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 371
{
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 372
die('Access denied');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 373
}
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 374
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 375
$diff = RenderMan::diff($src, $_POST['text']);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 376
if ( $diff == '<table class="diff"></table>' )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 377
{
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 378
$diff = '<p>' . $lang->get('editor_msg_diff_empty') . '</p>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 379
}
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 380
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 381
echo '<div class="info-box">' . $lang->get('editor_msg_diff') . '</div>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 382
echo $diff;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 383
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 384
break;
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 385
case "protect":
324
+ − 386
echo PageUtils::protect($paths->page_id, $paths->namespace, (int)$_POST['level'], $_POST['reason']);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 387
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 388
case "histlist":
324
+ − 389
echo PageUtils::histlist($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 390
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 391
case "rollback":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 392
echo PageUtils::rollback( (int)$_GET['id'] );
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 393
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 394
case "comments":
324
+ − 395
$comments = new Comments($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 396
if ( isset($_POST['data']) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 397
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 398
$comments->process_json($_POST['data']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 399
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 400
else
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 401
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 402
die('{ "mode" : "error", "error" : "No input" }');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 403
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 404
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 405
case "rename":
324
+ − 406
echo PageUtils::rename($paths->page_id, $paths->namespace, $_POST['newtitle']);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 407
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 408
case "flushlogs":
324
+ − 409
echo PageUtils::flushlogs($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 410
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 411
case "deletepage":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 412
$reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 413
if ( empty($reason) )
378
c1c7fa6b329f
Got Enano to load even if there are no plugins; added caching for decrypted session keys to significantly improve performance (in theory at least)
Dan
diff
changeset
+ − 414
die($lang->get('page_err_need_reason'));
324
+ − 415
echo PageUtils::deletepage($paths->page_id, $paths->namespace, $reason);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 416
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 417
case "delvote":
324
+ − 418
echo PageUtils::delvote($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 419
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 420
case "resetdelvotes":
324
+ − 421
echo PageUtils::resetdelvotes($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 422
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 423
case "getstyles":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 424
echo PageUtils::getstyles($_GET['id']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 425
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 426
case "catedit":
324
+ − 427
echo PageUtils::catedit($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 428
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 429
case "catsave":
324
+ − 430
echo PageUtils::catsave($paths->page_id, $paths->namespace, $_POST);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 431
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 432
case "setwikimode":
324
+ − 433
echo PageUtils::setwikimode($paths->page_id, $paths->namespace, (int)$_GET['mode']);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 434
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 435
case "setpass":
324
+ − 436
echo PageUtils::setpass($paths->page_id, $paths->namespace, $_POST['password']);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 437
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 438
case "fillusername":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 439
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 440
case "fillpagename":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 441
$name = (isset($_GET['name'])) ? $_GET['name'] : false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 442
if(!$name) die('userlist = new Array(); namelist = new Array(); errorstring=\'Invalid URI\'');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 443
$nd = RenderMan::strToPageID($name);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 444
$c = 0;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 445
$u = Array();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 446
$n = Array();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 447
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 448
$name = sanitize_page_id($name);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 449
$name = str_replace('_', ' ', $name);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 450
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 451
for($i=0;$i<sizeof($paths->pages)/2;$i++)
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 452
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 453
if( (
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 454
preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['name']) ||
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 455
preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname']) ||
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 456
preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname_nons']) ||
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 457
preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['name']) ||
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 458
preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname']) ||
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 459
preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname_nons'])
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 460
) &&
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 461
( ( $nd[1] != 'Article' && $paths->pages[$i]['namespace'] == $nd[1] ) || $nd[1] == 'Article' )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 462
&& $paths->pages[$i]['visible']
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 463
)
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 464
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 465
$c++;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 466
$u[] = $paths->pages[$i]['name'];
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 467
$n[] = $paths->pages[$i]['urlname'];
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 468
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 469
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 470
if($c > 0)
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 471
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 472
echo 'userlist = new Array(); namelist = new Array(); errorstring = false; '."\n";
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 473
for($i=0;$i<sizeof($u);$i++) // Can't use foreach because we need the value of $i and we need to use both $u and $n
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 474
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 475
echo "userlist[$i] = '".addslashes($n[$i])."';\n";
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 476
echo "namelist[$i] = '".addslashes(htmlspecialchars($u[$i]))."';\n";
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 477
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 478
} else {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 479
die('userlist = new Array(); namelist = new Array(); errorstring=\'No page matches found.\'');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 480
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 481
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 482
case "preview":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 483
echo PageUtils::genPreview($_POST['text']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 484
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 485
case "pagediff":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 486
$id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 487
$id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 488
if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 489
if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) ||
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 490
!preg_match('#^([0-9]+)$#', (string)$_GET['diff2'] )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
324
+ − 491
echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 492
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 493
case "jsres":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 494
die('// ERROR: this section is deprecated and has moved to includes/clientside/static/enano-lib-basic.js.');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 495
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 496
case "rdns":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 497
if(!$session->get_permissions('mod_misc')) die('Go somewhere else for your reverse DNS info!');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 498
$ip = $_GET['ip'];
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 499
$rdns = gethostbyaddr($ip);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 500
if($rdns == $ip) echo 'Unable to get reverse DNS information. Perhaps the DNS server is down or the PTR record no longer exists.';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 501
else echo $rdns;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 502
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 503
case 'acljson':
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 504
$parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 505
echo PageUtils::acl_json($parms);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 506
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 507
case "change_theme":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 508
if ( !isset($_POST['theme_id']) || !isset($_POST['style_id']) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 509
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 510
die('Invalid input');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 511
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 512
if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme_id']) || !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style_id']) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 513
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 514
die('Invalid input');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 515
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 516
if ( !file_exists(ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css') )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 517
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 518
die('Can\'t find theme file: ' . ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 519
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 520
if ( !$session->user_logged_in )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 521
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 522
die('You must be logged in to change your theme');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 523
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 524
// Just in case something slipped through...
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 525
$theme_id = $db->escape($_POST['theme_id']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 526
$style_id = $db->escape($_POST['style_id']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 527
$e = $db->sql_query('UPDATE ' . table_prefix . "users SET theme='$theme_id', style='$style_id' WHERE user_id=$session->user_id;");
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 528
if ( !$e )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 529
die( $db->get_error() );
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 530
die('GOOD');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 531
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 532
case 'get_tags':
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 533
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 534
$ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 535
$q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user_id FROM '.table_prefix.'tags AS t
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 536
LEFT JOIN '.table_prefix.'page_groups AS pg
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 537
ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
324
+ − 538
WHERE t.page_id=\'' . $db->escape($paths->page_id) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 539
if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 540
$db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 541
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 542
while ( $row = $db->fetchrow() )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 543
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 544
$can_del = true;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 545
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 546
$perm = ( $row['user_id'] != $session->user_id ) ?
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 547
'tag_delete_other' :
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 548
'tag_delete_own';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 549
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 550
if ( $row['user_id'] == 1 && !$session->user_logged_in )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 551
// anonymous user trying to delete tag (hardcode blacklisted)
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 552
$can_del = false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 553
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 554
if ( !$session->get_permissions($perm) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 555
$can_del = false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 556
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 557
if ( $row['used_in_acl'] == 1 && !$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 558
$can_del = false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 559
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 560
$ret['tags'][] = array(
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 561
'id' => $row['tag_id'],
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 562
'name' => $row['tag_name'],
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 563
'can_del' => $can_del,
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 564
'acl' => ( $row['used_in_acl'] == 1 )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 565
);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 566
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 567
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 568
echo enano_json_encode($ret);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 569
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 570
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 571
case 'addtag':
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 572
$resp = array(
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 573
'success' => false,
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 574
'error' => 'No error',
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 575
'can_del' => ( $session->get_permissions('tag_delete_own') && $session->user_logged_in ),
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 576
'in_acl' => false
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 577
);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 578
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 579
// first of course, are we allowed to tag pages?
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 580
if ( !$session->get_permissions('tag_create') )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 581
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 582
$resp['error'] = 'You are not permitted to tag pages.';
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 583
die(enano_json_encode($resp));
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 584
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 585
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 586
// sanitize the tag name
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 587
$tag = sanitize_tag($_POST['tag']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 588
$tag = $db->escape($tag);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 589
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 590
if ( strlen($tag) < 2 )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 591
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 592
$resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.';
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 593
die(enano_json_encode($resp));
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 594
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 595
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 596
// check if tag is already on page
324
+ − 597
$q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';');
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 598
if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 599
$db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 600
if ( $db->numrows() > 0 )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 601
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 602
$resp['error'] = 'This page already has this tag.';
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 603
die(enano_json_encode($resp));
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 604
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 605
$db->free_result();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 606
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 607
// tricky: make sure this tag isn't being used in some page group, and thus adding it could affect page access
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 608
$can_edit_acl = ( $session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN );
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 609
$q = $db->sql_query('SELECT 1 FROM '.table_prefix.'page_groups WHERE pg_type=' . PAGE_GRP_TAGGED . ' AND pg_target=\'' . $tag . '\';');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 610
if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 611
$db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 612
if ( $db->numrows() > 0 && !$can_edit_acl )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 613
{
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 614
$resp['error'] = 'This tag is used in an ACL page group, and thus can\'t be added to a page by people without administrator privileges.';
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 615
die(enano_json_encode($resp));
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 616
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 617
$resp['in_acl'] = ( $db->numrows() > 0 );
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 618
$db->free_result();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 619
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 620
// we're good
324
+ − 621
$q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user_id) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->page_id) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 622
if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 623
$db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 624
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 625
$resp['success'] = true;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 626
$resp['tag'] = $tag;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 627
$resp['tag_id'] = $db->insert_id();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 628
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 629
echo enano_json_encode($resp);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 630
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 631
case 'deltag':
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 632
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 633
$tag_id = intval($_POST['tag_id']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 634
if ( empty($tag_id) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 635
die('Invalid tag ID');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 636
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 637
$q = $db->sql_query('SELECT t.tag_id, t.user_id, t.page_id, t.namespace, pg.pg_target IS NOT NULL AS used_in_acl FROM '.table_prefix.'tags AS t
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 638
LEFT JOIN '.table_prefix.'page_groups AS pg
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 639
ON ( pg.pg_id IS NULL OR ( pg.pg_target = t.tag_name AND pg.pg_type = ' . PAGE_GRP_TAGGED . ' ) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 640
WHERE t.tag_id=' . $tag_id . ';');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 641
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 642
if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 643
$db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 644
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 645
if ( $db->numrows() < 1 )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 646
die('Could not find a tag with that ID');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 647
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 648
$row = $db->fetchrow();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 649
$db->free_result();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 650
324
+ − 651
if ( $row['page_id'] == $paths->page_id && $row['namespace'] == $paths->namespace )
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 652
$perms =& $session;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 653
else
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 654
$perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 655
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 656
$perm = ( $row['user_id'] != $session->user_id ) ?
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 657
'tag_delete_other' :
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 658
'tag_delete_own';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 659
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 660
if ( $row['user_id'] == 1 && !$session->user_logged_in )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 661
// anonymous user trying to delete tag (hardcode blacklisted)
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 662
die('You are not authorized to delete this tag.');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 663
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 664
if ( !$perms->get_permissions($perm) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 665
die('You are not authorized to delete this tag.');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 666
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 667
if ( $row['used_in_acl'] == 1 && !$perms->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 668
die('You are not authorized to delete this tag.');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 669
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 670
// We're good
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 671
$q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE tag_id = ' . $tag_id . ';');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 672
if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 673
$db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 674
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 675
echo 'success';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 676
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 677
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 678
case 'ping':
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 679
echo 'pong';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 680
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 681
default:
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 682
die('Hacking attempt');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 683
break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 684
}
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 685
0
+ − 686
?>