1
+ − 1 <?php
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 2
1
+ − 3 /*
+ − 4 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
536
+ − 5 * Version 1.1.4 (Caoineag alpha 4)
1
+ − 6 * pageprocess.php - intelligent retrieval of pages
536
+ − 7 * Copyright (C) 2006-2008 Dan Fuhry
1
+ − 8 *
+ − 9 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 10 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 11 *
+ − 12 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 13 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 14 */
+ − 15
+ − 16 /**
+ − 17 * Class to handle fetching page text (possibly from a cache) and formatting it.
322
+ − 18 * As of 1.0.4, this also handles the fetching and editing of certain data for pages.
1
+ − 19 * @package Enano
+ − 20 * @subpackage UI
+ − 21 * @copyright 2007 Dan Fuhry
+ − 22 * @license GNU General Public License <http://www.gnu.org/licenses/gpl.html>
+ − 23 */
+ − 24
+ − 25 class PageProcessor
+ − 26 {
+ − 27
+ − 28 /**
+ − 29 * Page ID and namespace of the page handled by this instance
+ − 30 * @var string
+ − 31 */
+ − 32
+ − 33 var $page_id;
+ − 34 var $namespace;
+ − 35
+ − 36 /**
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 37 * The title of the page sent to the template parser
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 38 * @var string
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 39 */
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 40
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 41 var $title = '';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 42
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 43 /**
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 44 * The information about the page(s) we were redirected from
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 45 * @var array
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 46 */
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 47
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 48 var $redirect_stack = array();
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 49
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 50 /**
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 51 * The revision ID (history entry) to send. If set to 0 (the default) then the most recent revision will be sent.
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 52 * @var int
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 53 */
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 54
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 55 var $revision_id = 0;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 56
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 57 /**
468
+ − 58 * The time this revision was saved, as a UNIX timestamp
+ − 59 * @var int
+ − 60 */
+ − 61
+ − 62 var $revision_time = 0;
+ − 63
+ − 64 /**
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 65 * Unsanitized page ID.
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 66 * @var string
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 67 */
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 68
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 69 var $page_id_unclean;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 70
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 71 /**
1
+ − 72 * Tracks if the page we're loading exists in the database or not.
+ − 73 * @var bool
+ − 74 */
+ − 75
+ − 76 var $page_exists = false;
+ − 77
+ − 78 /**
+ − 79 * Permissions!
+ − 80 * @var object
+ − 81 */
+ − 82
+ − 83 var $perms = null;
+ − 84
+ − 85 /**
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 86 * The SHA1 hash of the user-inputted password for the page
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 87 * @var string
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 88 */
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 89
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 90 var $password = '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 91
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 92 /**
1
+ − 93 * Switch to track if redirects are allowed. Defaults to true.
+ − 94 * @var bool
+ − 95 */
+ − 96
+ − 97 var $allow_redir = true;
+ − 98
+ − 99 /**
+ − 100 * If this is set to true, this will call the header and footer funcs on $template when render() is called.
+ − 101 * @var bool
+ − 102 */
+ − 103
+ − 104 var $send_headers = false;
+ − 105
+ − 106 /**
+ − 107 * Cache the fetched text so we don't fetch it from the DB twice.
+ − 108 * @var string
+ − 109 */
+ − 110
+ − 111 var $text_cache = '';
+ − 112
+ − 113 /**
+ − 114 * Debugging information to track errors. You can set enable to false to disable sending debug information.
+ − 115 * @var array
+ − 116 */
+ − 117
+ − 118 var $debug = array(
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 119 'enable' => false,
1
+ − 120 'works' => false
+ − 121 );
+ − 122
+ − 123 /**
322
+ − 124 * The list of errors raised in the class.
+ − 125 * @var array
+ − 126 */
+ − 127
+ − 128 var $_errors = array();
+ − 129
+ − 130 /**
1
+ − 131 * Constructor.
+ − 132 * @param string The page ID (urlname) of the page
+ − 133 * @param string The namespace of the page
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 134 * @param int Optional. The revision ID to send.
1
+ − 135 */
+ − 136
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 137 function __construct( $page_id, $namespace, $revision_id = 0 )
1
+ − 138 {
+ − 139 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 140
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 141 profiler_log("PageProcessor [{$namespace}:{$page_id}]: Started constructor");
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 142
1
+ − 143 // See if we can get some debug info
+ − 144 if ( function_exists('debug_backtrace') && $this->debug['enable'] )
+ − 145 {
+ − 146 $this->debug['works'] = true;
+ − 147 $this->debug['backtrace'] = enano_debug_print_backtrace(true);
+ − 148 }
+ − 149
+ − 150 // First things first - check page existence and permissions
+ − 151
+ − 152 if ( !isset($paths->nslist[$namespace]) )
+ − 153 {
+ − 154 $this->send_error('The namespace "' . htmlspecialchars($namespace) . '" does not exist.');
+ − 155 }
+ − 156
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 157 if ( !is_int($revision_id) )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 158 $revision_id = 0;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 159
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 160 $this->_setup( $page_id, $namespace, $revision_id );
1
+ − 161 }
+ − 162
+ − 163 /**
61
+ − 164 * The main method to send the page content. Also responsible for checking permissions and calling the statistics counter.
+ − 165 * @param bool If true, the stat counter is called. Defaults to false.
1
+ − 166 */
+ − 167
61
+ − 168 function send( $do_stats = false )
1
+ − 169 {
+ − 170 global $db, $session, $paths, $template, $plugins; // Common objects
314
+ − 171 global $lang;
+ − 172
592
+ − 173 profiler_log('PageProcessor: send() called');
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 174
1
+ − 175 if ( !$this->perms->get_permissions('read') )
+ − 176 {
570
+ − 177 if ( $this->send_headers )
+ − 178 {
+ − 179 $template->init_vars($this);
+ − 180 }
511
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 181 // Permission denied to read page. Is this one of our core pages that must always be allowed?
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 182 // NOTE: Not even the administration panel will work if ACLs deny access to it.
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 183 if ( $this->namespace == 'Special' && in_array($this->page_id, array('Login', 'Logout', 'LangExportJSON', 'CSS')) )
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 184 {
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 185 // Do nothing; allow execution to continue
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 186 }
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 187 else
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 188 {
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 189 // Page isn't whitelisted, behave as normal
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 190 $this->err_access_denied();
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 191 return false;
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 192 }
1
+ − 193 }
571
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 194
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 195 // Is there a custom function registered for handling this namespace?
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 196 if ( $proc = $paths->get_namespace_processor($this->namespace) )
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 197 {
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 198 // yes, just call that
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 199 // this is protected aggressively by the PathManager against overriding critical namespaces
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 200 return call_user_func($proc, $this);
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 201 }
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 202
24
+ − 203 $pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
+ − 204 $strict_no_headers = false;
329
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 205 if ( $this->namespace == 'Admin' && strstr($this->page_id, '/') )
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 206 {
570
+ − 207 if ( $this->send_headers )
+ − 208 {
+ − 209 $template->init_vars($this);
+ − 210 }
329
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 211 $this->page_id = substr($this->page_id, 0, strpos($this->page_id, '/'));
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 212 $funcname = "page_{$this->namespace}_{$this->page_id}";
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 213 if ( function_exists($funcname) )
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 214 {
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 215 $this->page_exists = true;
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 216 }
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 217 }
24
+ − 218 if ( isset($paths->pages[$pathskey]) )
+ − 219 {
570
+ − 220 if ( $this->send_headers )
+ − 221 {
+ − 222 $template->init_vars($this);
+ − 223 }
24
+ − 224 if ( $paths->pages[$pathskey]['special'] == 1 )
+ − 225 {
+ − 226 $this->send_headers = false;
+ − 227 $strict_no_headers = true;
+ − 228 }
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 229 if ( isset($paths->pages[$pathskey]['password']) )
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 230 {
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 231 if ( $paths->pages[$pathskey]['password'] != '' && $paths->pages[$pathskey]['password'] != sha1('') )
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 232 {
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 233 $password =& $paths->pages[$pathskey]['password'];
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 234 if ( $this->password != $password )
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 235 {
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 236 $this->err_wrong_password();
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 237 return false;
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 238 }
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 239 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 240 }
24
+ − 241 }
61
+ − 242 if ( $this->page_exists && $this->namespace != 'Special' && $this->namespace != 'Admin' && $do_stats )
+ − 243 {
592
+ − 244 require_once(ENANO_ROOT.'/includes/stats.php');
61
+ − 245 doStats($this->page_id, $this->namespace);
+ − 246 }
1
+ − 247 if ( $this->namespace == 'Special' || $this->namespace == 'Admin' )
+ − 248 {
570
+ − 249 if ( $this->send_headers )
+ − 250 {
+ − 251 $template->init_vars($this);
+ − 252 }
+ − 253
557
26479224936a
Modified $template->init_vars() to pivot to local page metadata and permissions from a PageProcessor object instead of global data from $paths and permissions from $session to allow redirects to affect on-page controls as well as the actual content (only partially complete, protection and several other elements still need to be localized)
Dan
diff
changeset
+ − 254 $this->revision_time = time();
26479224936a
Modified $template->init_vars() to pivot to local page metadata and permissions from a PageProcessor object instead of global data from $paths and permissions from $session to allow redirects to affect on-page controls as well as the actual content (only partially complete, protection and several other elements still need to be localized)
Dan
diff
changeset
+ − 255
1
+ − 256 if ( !$this->page_exists )
+ − 257 {
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
diff
changeset
+ − 258 $func_name = "page_{$this->namespace}_{$this->page_id}";
481
+ − 259
+ − 260 die_semicritical($lang->get('page_msg_admin_404_title'), $lang->get('page_msg_admin_404_body', array('func_name' => $func_name)), (!$this->send_headers));
1
+ − 261 }
+ − 262 $func_name = "page_{$this->namespace}_{$this->page_id}";
+ − 263 if ( function_exists($func_name) )
+ − 264 {
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 265 $result = @call_user_func($func_name);
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 266 return $result;
1
+ − 267 }
+ − 268 else
+ − 269 {
314
+ − 270 $title = $lang->get('page_err_custompage_function_missing_title');
+ − 271 $message = $lang->get('page_err_custompage_function_missing_body', array( 'function_name' => $fname ));
1
+ − 272
+ − 273 if ( $this->send_headers )
+ − 274 {
+ − 275 $template->tpl_strings['PAGE_NAME'] = $title;
+ − 276 $template->header();
+ − 277 echo "<p>$message</p>";
+ − 278 $template->footer();
+ − 279 }
+ − 280 else
+ − 281 {
+ − 282 echo "<h2>$title</h2>
+ − 283 <p>$message</p>";
+ − 284 }
+ − 285 return false;
+ − 286 }
+ − 287 }
91
+ − 288 else if ( $this->namespace == 'User' && strpos($this->page_id, '/') === false )
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 289 {
570
+ − 290 if ( $this->send_headers )
+ − 291 {
+ − 292 $template->init_vars($this);
+ − 293 }
+ − 294
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 295 $this->_handle_userpage();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 296 }
1
+ − 297 else if ( ( $this->namespace == 'Template' || $this->namespace == 'System' ) && $this->page_exists )
+ − 298 {
570
+ − 299 if ( $this->send_headers )
+ − 300 {
+ − 301 $template->init_vars($this);
+ − 302 }
+ − 303
1
+ − 304 $this->header();
+ − 305
+ − 306 $text = $this->fetch_text();
+ − 307 $text = preg_replace('/<noinclude>(.*?)<\/noinclude>/is', '\\1', $text);
+ − 308 $text = preg_replace('/<nodisplay>(.*?)<\/nodisplay>/is', '', $text);
+ − 309
+ − 310 $text = RenderMan::render( $text );
+ − 311
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 312 eval( '?>' . $text );
1
+ − 313
+ − 314 $this->footer();
312
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 315 }
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 316 else if ( $this->namespace == 'Anonymous' )
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 317 {
570
+ − 318 if ( $this->send_headers )
+ − 319 {
+ − 320 $template->init_vars($this);
+ − 321 }
+ − 322
312
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 323 $uri = scriptPath . '/' . $this->page_id;
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 324 if ( !$this->send_headers )
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 325 {
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 326 $sep = ( strstr($uri, '?') ) ? '&' : '?';
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 327 $uri .= "{$sep}noheaders";
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 328 }
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 329 redirect( $uri, '', '', 0 );
1
+ − 330 }
+ − 331 else if ( !$this->page_exists )
+ − 332 {
+ − 333 // Perhaps this is hooked?
+ − 334 ob_start();
+ − 335
+ − 336 $code = $plugins->setHook('page_not_found');
+ − 337 foreach ( $code as $cmd )
+ − 338 {
+ − 339 eval($cmd);
+ − 340 }
+ − 341
+ − 342 $ob = ob_get_contents();
+ − 343
+ − 344 if ( empty($ob) )
+ − 345 {
570
+ − 346 if ( $this->send_headers )
+ − 347 {
+ − 348 $template->init_vars($this);
+ − 349 }
1
+ − 350 $this->err_page_not_existent();
+ − 351 }
61
+ − 352 else
+ − 353 {
+ − 354 // Something sent content, so we'll assume the page exist...ed at least according to the plugin
+ − 355 if ( $this->namespace != 'Special' && $this->namespace != 'Admin' && $do_stats )
+ − 356 {
600
46abecc238e7
Fixed missing require() on stats.php in pageprocess; made pageprocess update the metadata cache on page rename
Dan
diff
changeset
+ − 357 require_once(ENANO_ROOT.'/includes/stats.php');
61
+ − 358 doStats($this->page_id, $this->namespace);
+ − 359 }
+ − 360 }
1
+ − 361 }
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 362 else // (disabled for compatibility reasons) if ( in_array($this->namespace, array('Article', 'User', 'Project', 'Help', 'File', 'Category')) && $this->page_exists )
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 363 {
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 364 // Send as regular page
570
+ − 365 if ( $this->send_headers )
+ − 366 {
+ − 367 $template->init_vars($this);
+ − 368 }
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 369
592
+ − 370 $text = $this->fetch_text();
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 371
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 372 if ( $text == 'err_no_text_rows' )
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 373 {
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 374 $this->err_no_rows();
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 375 return false;
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 376 }
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 377 else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 378 {
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 379 $redirect = ( isset($_GET['redirect']) ) ? $_GET['redirect'] : 'YES YOU IDIOT';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 380 if ( preg_match('/^#redirect \[\[([^\]]+)\]\]/i', $text, $match) && $redirect != 'no' )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 381 {
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 382 // Redirect page!
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 383 $page_to = sanitize_page_id($match[1]);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 384 $page_id_data = RenderMan::strToPageID($page_to);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 385 if ( count($this->redirect_stack) >= 3 )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 386 {
314
+ − 387 $this->render( (!$strict_no_headers), '<div class="usermessage"><b>' . $lang->get('page_err_redirects_exceeded') . '</b></div>' );
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 388 }
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 389 else
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 390 {
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 391 $result = $this->_handle_redirect($page_id_data[0], $page_id_data[1]);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 392 if ( $result !== true )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 393 {
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 394 // There was some error during the redirect process - usually an infinite redirect
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 395 $this->render( (!$strict_no_headers), '<div class="usermessage"><b>' . $result . '</b></div>' );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 396 }
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 397 }
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 398 }
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 399 else
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 400 {
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 401 $this->render( (!$strict_no_headers) );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 402 }
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 403 }
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 404 }
1
+ − 405 }
+ − 406
+ − 407 /**
322
+ − 408 * Fetches the wikitext or HTML source for the page.
+ − 409 * @return string
+ − 410 */
+ − 411
+ − 412 function fetch_source()
+ − 413 {
+ − 414 if ( !$this->perms->get_permissions('view_source') )
+ − 415 {
+ − 416 return false;
+ − 417 }
325
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 418 if ( !$this->page_exists )
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 419 {
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 420 return '';
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 421 }
322
+ − 422 return $this->fetch_text();
+ − 423 }
+ − 424
+ − 425 /**
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 426 * Updates (saves/changes/edits) the content of the page.
322
+ − 427 * @param string The new text for the page
+ − 428 * @param string A summary of edits made to the page.
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 429 * @param bool If true, the edit is marked as a minor revision
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 430 * @return bool True on success, false on failure. When returning false, it will push errors to the PageProcessor error stack; read with $page->pop_error()
322
+ − 431 */
+ − 432
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 433 function update_page($text, $edit_summary = false, $minor_edit = false)
322
+ − 434 {
+ − 435 global $db, $session, $paths, $template, $plugins; // Common objects
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 436 global $lang;
322
+ − 437
+ − 438 // Create the page if it doesn't exist
+ − 439 if ( !$this->page_exists )
+ − 440 {
+ − 441 if ( !$this->create_page() )
+ − 442 {
+ − 443 return false;
+ − 444 }
+ − 445 }
+ − 446
+ − 447 //
+ − 448 // Validation
+ − 449 //
+ − 450
+ − 451 $page_id = $db->escape($this->page_id);
+ − 452 $namespace = $db->escape($this->namespace);
+ − 453
+ − 454 $q = $db->sql_query('SELECT protected FROM ' . table_prefix . "pages WHERE urlname='$page_id' AND namespace='$namespace';");
+ − 455 if ( !$q )
+ − 456 $db->_die('PageProcess updating page content');
+ − 457 if ( $db->numrows() < 1 )
+ − 458 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 459 $this->raise_error($lang->get('editor_err_no_rows'));
322
+ − 460 return false;
+ − 461 }
+ − 462
+ − 463 // Do we have permission to edit the page?
+ − 464 if ( !$this->perms->get_permissions('edit_page') )
+ − 465 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 466 $this->raise_error($lang->get('editor_err_no_permission'));
322
+ − 467 return false;
+ − 468 }
+ − 469
+ − 470 list($protection) = $db->fetchrow_num();
+ − 471 $db->free_result();
+ − 472
+ − 473 if ( $protection == 1 )
+ − 474 {
+ − 475 // The page is protected - do we have permission to edit protected pages?
+ − 476 if ( !$this->perms->get_permissions('even_when_protected') )
+ − 477 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 478 $this->raise_error($lang->get('editor_err_page_protected'));
322
+ − 479 return false;
+ − 480 }
+ − 481 }
+ − 482 else if ( $protection == 2 )
+ − 483 {
+ − 484 // The page is semi-protected.
+ − 485 if (
+ − 486 ( !$session->user_logged_in || // Is the user logged in?
+ − 487 ( $session->user_logged_in && $session->reg_time + ( 4 * 86400 ) >= time() ) ) // If so, have they been registered for 4 days?
+ − 488 && !$this->perms->get_permissions('even_when_protected') ) // And of course, is there an ACL that overrides semi-protection?
+ − 489 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 490 $this->raise_error($lang->get('editor_err_page_protected'));
322
+ − 491 return false;
+ − 492 }
+ − 493 }
+ − 494
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 495 //
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 496 // Protection validated; update page content
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 497 //
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 498
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 499 $text_undb = RenderMan::preprocess_text($text, false, false);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 500 $text = $db->escape($text_undb);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 501 $author = $db->escape($session->username);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 502 $time = time();
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 503 $edit_summary = ( strval($edit_summary) === $edit_summary ) ? $db->escape($edit_summary) : '';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 504 $minor_edit = ( $minor_edit ) ? '1' : '0';
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 505 $date_string = enano_date('d M Y h:i a');
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 506
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 507 // Insert log entry
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 508 $sql = 'INSERT INTO ' . table_prefix . "logs ( time_id, date_string, log_type, action, page_id, namespace, author, page_text, edit_summary, minor_edit )\n"
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 509 . " VALUES ( $time, '$date_string', 'page', 'edit', '{$this->page_id}', '{$this->namespace}', '$author', '$text', '$edit_summary', $minor_edit );";
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 510 if ( !$db->sql_query($sql) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 511 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 512 $this->raise_error($db->get_error());
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 513 return false;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 514 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 515
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 516 // Update the master text entry
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 517 $sql = 'UPDATE ' . table_prefix . "page_text SET page_text = '$text' WHERE page_id = '{$this->page_id}' AND namespace = '{$this->namespace}';";
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 518 if ( !$db->sql_query($sql) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 519 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 520 $this->raise_error($db->get_error());
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 521 return false;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 522 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 523
468
+ − 524 // If there's an identical draft copy, delete it
+ − 525 $sql = 'DELETE FROM ' . table_prefix . "logs WHERE is_draft = 1 AND page_id = '{$this->page_id}' AND namespace = '{$this->namespace}' AND page_text = '{$text}';";
+ − 526 if ( !$db->sql_query($sql) )
+ − 527 {
+ − 528 $this->raise_error($db->get_error());
+ − 529 return false;
+ − 530 }
+ − 531
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 532 // Rebuild the search index
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 533 $paths->rebuild_page_index($this->page_id, $this->namespace);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 534
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 535 $this->text_cache = $text;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 536
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 537 return true;
322
+ − 538
+ − 539 }
+ − 540
+ − 541 /**
+ − 542 * Creates the page if it doesn't already exist.
426
+ − 543 * @param string Optional page title.
322
+ − 544 * @return bool True on success, false on failure.
+ − 545 */
+ − 546
426
+ − 547 function create_page($title = false)
322
+ − 548 {
+ − 549 global $db, $session, $paths, $template, $plugins; // Common objects
426
+ − 550 global $lang;
322
+ − 551
+ − 552 // Do we have permission to create the page?
+ − 553 if ( !$this->perms->get_permissions('create_page') )
+ − 554 {
426
+ − 555 $this->raise_error($lang->get('pagetools_create_err_no_permission'));
322
+ − 556 return false;
+ − 557 }
+ − 558
+ − 559 // Does it already exist?
+ − 560 if ( $this->page_exists )
+ − 561 {
426
+ − 562 $this->raise_error($lang->get('pagetools_create_err_already_exists'));
322
+ − 563 return false;
+ − 564 }
+ − 565
+ − 566 // It's not in there. Perform validation.
+ − 567
+ − 568 // We can't create special, admin, or external pages.
+ − 569 if ( $this->namespace == 'Special' || $this->namespace == 'Admin' || $this->namespace == 'Anonymous' )
+ − 570 {
426
+ − 571 $this->raise_error($lang->get('pagetools_create_err_nodb_namespace'));
322
+ − 572 return false;
+ − 573 }
+ − 574
+ − 575 // Guess the proper title
481
+ − 576 $name = ( !empty($title) ) ? $title : str_replace('_', ' ', dirtify_page_id($this->page_id));
322
+ − 577
+ − 578 // Check for the restricted Project: prefix
+ − 579 if ( substr($this->page_id, 0, 8) == 'Project:' )
+ − 580 {
426
+ − 581 $this->raise_error($lang->get('pagetools_create_err_reserved_prefix'));
322
+ − 582 return false;
+ − 583 }
+ − 584
+ − 585 // Validation successful - insert the page
+ − 586
+ − 587 $metadata = array(
+ − 588 'urlname' => $this->page_id,
+ − 589 'namespace' => $this->namespace,
+ − 590 'name' => $name,
+ − 591 'special' => 0,
+ − 592 'visible' => 1,
+ − 593 'comments_on' => 1,
+ − 594 'protected' => ( $this->namespace == 'System' ? 1 : 0 ),
+ − 595 'delvotes' => 0,
+ − 596 'delvote_ips' => serialize(array()),
+ − 597 'wiki_mode' => 2
+ − 598 );
+ − 599
+ − 600 $paths->add_page($metadata);
+ − 601
+ − 602 $page_id = $db->escape($this->page_id);
+ − 603 $namespace = $db->escape($this->namespace);
+ − 604 $name = $db->escape($name);
+ − 605 $protect = ( $this->namespace == 'System' ) ? '1' : '0';
+ − 606 $blank_array = $db->escape(serialize(array()));
+ − 607
+ − 608 // Query 1: Metadata entry
+ − 609 $q = $db->sql_query('INSERT INTO ' . table_prefix . "pages(name, urlname, namespace, protected, delvotes, delvote_ips, wiki_mode)\n"
+ − 610 . "VALUES ( '$name', '$page_id', '$namespace', $protect, 0, '$blank_array', 2 );");
+ − 611 if ( !$q )
+ − 612 $db->_die('PageProcessor page creation - metadata stage');
+ − 613
+ − 614 // Query 2: Text insertion
+ − 615 $q = $db->sql_query('INSERT INTO ' . table_prefix . "page_text(page_id, namespace, page_text)\n"
+ − 616 . "VALUES ( '$page_id', '$namespace', '' );");
+ − 617 if ( !$q )
+ − 618 $db->_die('PageProcessor page creation - text stage');
+ − 619
426
+ − 620 // Query 3: Log entry
+ − 621 $db->sql_query('INSERT INTO ' . table_prefix."logs(time_id, date_string, log_type, action, author, page_id, namespace)\n"
+ − 622 . " VALUES ( " . time() . ", '" . enano_date('d M Y h:i a') . "', 'page', 'create', \n"
+ − 623 . " '" . $db->escape($session->username) . "', '" . $db->escape($this->page_id) . "', '" . $this->namespace . "');");
+ − 624 if ( !$q )
+ − 625 $db->_die('PageProcessor page creation - logging stage');
+ − 626
593
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 627 // Update the cache
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 628 $paths->update_metadata_cache();
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 629
322
+ − 630 // Page created. We're good!
+ − 631 return true;
+ − 632 }
+ − 633
+ − 634 /**
468
+ − 635 * Rolls back a non-edit action in the logs
+ − 636 * @param int Log entry (log_id) to roll back
+ − 637 * @return array Standard Enano error/success protocol
+ − 638 */
+ − 639
+ − 640 function rollback_log_entry($log_id)
+ − 641 {
+ − 642 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 643
+ − 644 // Verify permissions
+ − 645 if ( !$this->perms->get_permissions('history_rollback') )
+ − 646 {
+ − 647 return array(
+ − 648 'success' => false,
+ − 649 'error' => 'access_denied'
+ − 650 );
+ − 651 }
+ − 652
+ − 653 // Check input
+ − 654 $log_id = intval($log_id);
+ − 655 if ( empty($log_id) )
+ − 656 {
+ − 657 return array(
+ − 658 'success' => false,
+ − 659 'error' => 'invalid_parameter'
+ − 660 );
+ − 661 }
+ − 662
+ − 663 // Fetch the log entry
+ − 664 $q = $db->sql_query('SELECT * FROM ' . table_prefix . "logs WHERE log_type = 'page' AND page_id='{$this->page_id}' AND namespace='{$this->namespace}' AND log_id = $log_id;");
+ − 665 if ( !$q )
+ − 666 $db->_die();
+ − 667
+ − 668 // Is this even a valid log entry for this context?
+ − 669 if ( $db->numrows() < 1 )
+ − 670 {
+ − 671 return array(
+ − 672 'success' => false,
+ − 673 'error' => 'entry_not_found'
+ − 674 );
+ − 675 }
+ − 676
+ − 677 // All good, fetch and free the result
+ − 678 $log_entry = $db->fetchrow();
+ − 679 $db->free_result();
+ − 680
481
+ − 681 $dateline = enano_date('d M Y h:i a', $log_entry['time_id']);
+ − 682
468
+ − 683 // Let's see, what do we have here...
+ − 684 switch ( $log_entry['action'] )
+ − 685 {
+ − 686 case 'rename':
+ − 687 // Page was renamed, let the rename method handle this
481
+ − 688 return array_merge($this->rename($log_entry['edit_summary']), array('dateline' => $dateline, 'action' => $log_entry['action']));
468
+ − 689 break;
+ − 690 case 'prot':
+ − 691 case 'unprot':
+ − 692 case 'semiprot':
481
+ − 693 return array_merge($this->protect_page(intval($log_entry['page_text']), '__REVERSION__'), array('dateline' => $dateline, 'action' => $log_entry['action']));
+ − 694 break;
+ − 695 case 'delete':
+ − 696
+ − 697 // Raising a previously dead page has implications...
+ − 698
+ − 699 // FIXME: l10n
+ − 700 // rollback_extra is required because usually only moderators can undo page deletion AND restore the content.
+ − 701 if ( !$this->perms->get_permissions('history_rollback_extra') )
+ − 702 return 'Administrative privileges are required for page undeletion.';
+ − 703
+ − 704 // Rolling back the deletion of a page that was since created?
+ − 705 $pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
+ − 706 if ( isset($paths->pages[$pathskey]) )
+ − 707 return array(
+ − 708 'success' => false,
+ − 709 // This is a clean Christian in-joke.
+ − 710 'error' => 'seeking_living_among_dead'
+ − 711 );
+ − 712
+ − 713 // Generate a crappy page name
+ − 714 $name = $db->escape( str_replace('_', ' ', dirtify_page_id($this->page_id)) );
+ − 715
+ − 716 // Stage 1 - re-insert page
+ − 717 $e = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace) VALUES( \'' . $name . '\', \'' . $this->page_id . '\',\'' . $this->namespace . '\' )');
+ − 718 if ( !$e )
+ − 719 $db->die_json();
+ − 720
+ − 721 // Select the latest published revision
+ − 722 $q = $db->sql_query('SELECT page_text FROM ' . table_prefix . "logs WHERE\n"
+ − 723 . " log_type = 'page'\n"
+ − 724 . " AND action = 'edit'\n"
+ − 725 . " AND page_id = '$this->page_id'\n"
+ − 726 . " AND namespace = '$this->namespace'\n"
+ − 727 . " AND is_draft != 1\n"
+ − 728 . "ORDER BY time_id DESC LIMIT 1;");
+ − 729 if ( !$q )
+ − 730 $db->die_json();
+ − 731 list($page_text) = $db->fetchrow_num();
+ − 732 $db->free_result($q);
+ − 733
+ − 734 // Apply the latest revision as the current page text
+ − 735 $page_text = $db->escape($page_text);
+ − 736 $e = $db->sql_query('INSERT INTO ' . table_prefix."page_text(page_id, namespace, page_text) VALUES\n"
+ − 737 . " ( '$this->page_id', '$this->namespace', '$page_text' );");
+ − 738 if ( !$e )
+ − 739 $db->die_json();
+ − 740
+ − 741 return array(
+ − 742 'success' => true,
+ − 743 'dateline' => $dateline,
+ − 744 'action' => $log_entry['action']
+ − 745 );
+ − 746
+ − 747 break;
+ − 748 case 'reupload':
+ − 749
+ − 750 // given a log id and some revision info, restore the old file.
+ − 751 // get the timestamp of the file before this one
+ − 752 $q = $db->sql_query('SELECT time_id, file_key, file_extension, filename, size, mimetype FROM ' . table_prefix . "files WHERE time_id < {$log_entry['time_id']} ORDER BY time_id DESC LIMIT 1;");
+ − 753 if ( !$q )
+ − 754 $db->_die();
+ − 755
+ − 756 $row = $db->fetchrow();
+ − 757 $db->free_result();
+ − 758
+ − 759 // If the file hasn't been renamed to the new format (omitting timestamp), do that now.
+ − 760 $fname = ENANO_ROOT . "/files/{$row['file_key']}_{$row['time_id']}{$row['file_extension']}";
+ − 761 if ( @file_exists($fname) )
+ − 762 {
+ − 763 // it's stored in the old format - rename
+ − 764 $fname_new = ENANO_ROOT . "/files/{$row['file_key']}{$row['file_extension']}";
+ − 765 if ( !@rename($fname, $fname_new) )
+ − 766 {
+ − 767 return array(
+ − 768 'success' => false,
+ − 769 'error' => 'rb_file_rename_failed',
+ − 770 'action' => $log_entry['action']
+ − 771 );
+ − 772 }
+ − 773 }
+ − 774
+ − 775 // Insert a new file entry
+ − 776 $time = time();
+ − 777 $filename = $db->escape($row['filename']);
+ − 778 $mimetype = $db->escape($row['mimetype']);
+ − 779 $ext = $db->escape($row['file_extension']);
+ − 780 $key = $db->escape($row['file_key']);
+ − 781
+ − 782 $q = $db->sql_query('INSERT INTO ' . table_prefix . "files ( time_id, page_id, filename, size, mimetype, file_extension, file_key ) VALUES\n"
+ − 783 . " ( $time, '$this->page_id', '$filename', {$row['size']}, '$mimetype', '$ext', '$key' );");
+ − 784 if ( !$q )
+ − 785 $db->die_json();
+ − 786
+ − 787 // add reupload log entry
+ − 788 $username = $db->escape($session->username);
+ − 789 $q = $db->sql_query('INSERT INTO ' . table_prefix . "logs ( log_type, action, time_id, page_id, namespace, author, edit_summary ) VALUES\n"
+ − 790 . " ( 'page', 'reupload', $time, '$this->page_id', '$this->namespace', '$username', '__ROLLBACK__' )");
+ − 791 if ( !$q )
+ − 792 $db->die_json();
+ − 793
+ − 794 return array(
+ − 795 'success' => true,
+ − 796 'dateline' => $dateline,
+ − 797 'action' => $log_entry['action']
+ − 798 );
+ − 799
468
+ − 800 break;
+ − 801 default:
481
+ − 802
+ − 803 return array(
+ − 804 'success' => false,
+ − 805 'error' => 'rb_action_not_supported',
+ − 806 'action' => $log_entry['action']
+ − 807 );
+ − 808
468
+ − 809 break;
+ − 810 }
+ − 811 }
+ − 812
+ − 813 /**
+ − 814 * Renames the page
+ − 815 * @param string New name
+ − 816 * @return array Standard Enano error/success protocol
+ − 817 */
+ − 818
+ − 819 function rename_page($new_name)
+ − 820 {
+ − 821 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 822
+ − 823 // Check permissions
+ − 824 if ( !$this->perms->get_permissions('rename') )
+ − 825 {
+ − 826 return array(
+ − 827 'success' => false,
+ − 828 'error' => 'access_denied'
+ − 829 );
+ − 830 }
+ − 831
+ − 832 // If this is the same as the current name, return success
+ − 833 $page_name = get_page_title_ns($this->page_id, $this->namespace);
+ − 834 if ( $page_name === $new_name )
+ − 835 {
+ − 836 return array(
+ − 837 'success' => true
+ − 838 );
+ − 839 }
+ − 840
+ − 841 // Make sure the name is valid
+ − 842 $new_name = trim($new_name);
+ − 843 if ( empty($new_name) )
+ − 844 {
+ − 845 return array(
+ − 846 'success' => false,
+ − 847 'error' => 'invalid_parameter'
+ − 848 );
+ − 849 }
+ − 850
+ − 851 // Log the action
+ − 852 $username = $db->escape($session->username);
+ − 853 $page_name = $db->escape($page_name);
+ − 854 $time = time();
+ − 855
+ − 856 $q = $db->sql_query('INSERT INTO ' . table_prefix . "logs ( log_type, action, page_id, namespace, author, edit_summary, time_id, date_string ) VALUES\n"
+ − 857 . " ( 'page', 'rename', '{$this->page_id}', '{$this->namespace}', '$username', '$page_name', '$time', 'DATE_STRING COLUMN OBSOLETE, USE time_id' );");
+ − 858 if ( !$q )
+ − 859 $db->_die();
+ − 860
+ − 861 // Not much to do but to rename it now
+ − 862 $new_name = $db->escape($new_name);
+ − 863 $q = $db->sql_query('UPDATE ' . table_prefix . "pages SET name = '$new_name' WHERE urlname = '{$this->page_id}' AND namespace = '{$this->namespace}';");
+ − 864 if ( !$q )
+ − 865 $db->_die();
+ − 866
600
46abecc238e7
Fixed missing require() on stats.php in pageprocess; made pageprocess update the metadata cache on page rename
Dan
diff
changeset
+ − 867 // Update the cache
46abecc238e7
Fixed missing require() on stats.php in pageprocess; made pageprocess update the metadata cache on page rename
Dan
diff
changeset
+ − 868 $paths->update_metadata_cache();
46abecc238e7
Fixed missing require() on stats.php in pageprocess; made pageprocess update the metadata cache on page rename
Dan
diff
changeset
+ − 869
468
+ − 870 return array(
+ − 871 'success' => true
+ − 872 );
+ − 873 }
+ − 874
+ − 875 /**
+ − 876 * Sets the protection level of the page
+ − 877 * @param int Protection level, one of PROTECT_{FULL,SEMI,NONE}
+ − 878 * @param string Reason for protection - required
+ − 879 */
+ − 880
+ − 881 function protect_page($protection_level, $reason)
+ − 882 {
+ − 883 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 884
+ − 885 // Validate permissions
+ − 886 if ( !$this->perms->get_permissions('protect') )
+ − 887 {
+ − 888 return array(
+ − 889 'success' => false,
+ − 890 'error' => 'access_denied'
+ − 891 );
+ − 892 }
+ − 893
+ − 894 // Validate input
+ − 895 $reason = trim($reason);
+ − 896 if ( !in_array($protection_level, array(PROTECT_NONE, PROTECT_FULL, PROTECT_SEMI)) || empty($reason) )
+ − 897 {
+ − 898 return array(
+ − 899 'success' => false,
+ − 900 'error' => 'invalid_parameter'
+ − 901 );
+ − 902 }
+ − 903
+ − 904 // Retrieve page metadata
+ − 905 $pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
+ − 906 if ( !isset($paths->pages[$pathskey]) )
+ − 907 {
+ − 908 return array(
+ − 909 'success' => false,
+ − 910 'error' => 'page_metadata_not_found'
+ − 911 );
+ − 912 }
+ − 913 $metadata =& $paths->pages[$pathskey];
+ − 914
+ − 915 // Log the action
+ − 916 $username = $db->escape($session->username);
+ − 917 $time = time();
+ − 918 $existing_protection = intval($metadata['protected']);
+ − 919 $reason = $db->escape($reason);
+ − 920
481
+ − 921 if ( $existing_protection == $protection_level )
+ − 922 {
+ − 923 return array(
+ − 924 'success' => false,
+ − 925 'error' => 'protection_already_there'
+ − 926 );
+ − 927 }
+ − 928
468
+ − 929 $action = '[ insanity ]';
+ − 930 switch($protection_level)
+ − 931 {
+ − 932 case PROTECT_FULL: $action = 'prot'; break;
+ − 933 case PROTECT_NONE: $action = 'unprot'; break;
+ − 934 case PROTECT_SEMI: $action = 'semiprot'; break;
+ − 935 }
+ − 936
+ − 937 $sql = 'INSERT INTO ' . table_prefix . "logs ( log_type, action, page_id, namespace, author, edit_summary, time_id, page_text, date_string ) VALUES\n"
+ − 938 . " ( 'page', '$action', '{$this->page_id}', '{$this->namespace}', '$username', '$reason', '$time', '$existing_protection', 'DATE_STRING COLUMN OBSOLETE, USE time_id' );";
+ − 939 if ( !$db->sql_query($sql) )
+ − 940 {
481
+ − 941 $db->die_json();
468
+ − 942 }
+ − 943
+ − 944 // Perform the actual protection
+ − 945 $q = $db->sql_query('UPDATE ' . table_prefix . "pages SET protected = $protection_level WHERE urlname = '{$this->page_id}' AND namespace = '{$this->namespace}';");
+ − 946 if ( !$q )
481
+ − 947 $db->die_json();
468
+ − 948
+ − 949 return array(
+ − 950 'success' => true
+ − 951 );
+ − 952 }
+ − 953
+ − 954 /**
1
+ − 955 * Sets internal variables.
+ − 956 * @access private
+ − 957 */
+ − 958
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 959 function _setup($page_id, $namespace, $revision_id)
1
+ − 960 {
+ − 961 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 962
+ − 963 $page_id_cleaned = sanitize_page_id($page_id);
+ − 964
+ − 965 $this->page_id = $page_id_cleaned;
+ − 966 $this->namespace = $namespace;
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 967 $this->revision_id = $revision_id;
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 968 $this->page_id_unclean = dirtify_page_id($page_id);
1
+ − 969
+ − 970 $this->perms = $session->fetch_page_acl( $page_id, $namespace );
+ − 971
+ − 972 // Exception for Admin: pages
+ − 973 if ( $this->namespace == 'Admin' )
+ − 974 {
+ − 975 $fname = "page_Admin_{$this->page_id}";
+ − 976 }
+ − 977
+ − 978 // Does the page "exist"?
426
+ − 979 $pathskey = $paths->nslist[$namespace] . $page_id_cleaned;
+ − 980
322
+ − 981 if ( $paths->page_id == $page_id && $paths->namespace == $namespace && !$paths->page_exists && ( $this->namespace != 'Admin' || ($this->namespace == 'Admin' && !function_exists($fname) ) ) )
1
+ − 982 {
+ − 983 $this->page_exists = false;
+ − 984 }
426
+ − 985 else if ( !isset( $paths->pages[ $pathskey ] ) && ( ( $this->namespace == 'Admin' && !function_exists($fname) ) || ( $this->namespace != 'Admin' ) ) )
1
+ − 986 {
+ − 987 $this->page_exists = false;
+ − 988 }
+ − 989 else
+ − 990 {
+ − 991 $this->page_exists = true;
+ − 992 }
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 993
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 994 // Compatibility with older databases
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 995 if ( strstr($this->page_id, '.2e') && !$this->page_exists )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 996 {
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 997 $page_id = str_replace('.2e', '.', $page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 998
322
+ − 999 if ( $paths->page_id == $page_id && $paths->namespace == $namespace && !$paths->page_exists && ( $this->namespace != 'Admin' || ($this->namespace == 'Admin' && !function_exists($fname) ) ) )
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1000 {
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1001 $this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1002 }
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1003 else if ( !isset( $paths->pages[ $paths->nslist[$namespace] . $page_id ] ) && ( $this->namespace == 'Admin' && !function_exists($fname) ) )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1004 {
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1005 $this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1006 }
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1007 else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1008 {
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1009 $this->page_exists = true;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1010 }
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1011
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1012 }
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1013
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1014 $this->title = get_page_title_ns($this->page_id, $this->namespace);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1015
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 1016 profiler_log("PageProcessor [{$this->namespace}:{$this->page_id}]: Ran _setup()");
1
+ − 1017 }
+ − 1018
+ − 1019 /**
+ − 1020 * Renders it all in one go, and echoes it out. This assumes that the text is in the DB.
+ − 1021 * @access private
+ − 1022 */
+ − 1023
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1024 function render($incl_inner_headers = true, $_errormsg = false)
1
+ − 1025 {
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1026 global $db, $session, $paths, $template, $plugins; // Common objects
314
+ − 1027 global $lang;
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1028
1
+ − 1029 $text = $this->fetch_text();
592
+ − 1030
91
+ − 1031 $text = preg_replace('/([\s]*)__NOBREADCRUMBS__([\s]*)/', '', $text);
+ − 1032 $text = preg_replace('/([\s]*)__NOTOC__([\s]*)/', '', $text);
1
+ − 1033
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1034 $redir_enabled = false;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1035 if ( preg_match('/^#redirect \[\[([^\]]+?)\]\]/i', $text, $match ) )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1036 {
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1037 $redir_enabled = true;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1038
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1039 $oldtarget = RenderMan::strToPageID($match[1]);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1040 $oldtarget[0] = sanitize_page_id($oldtarget[0]);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1041
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1042 $url = makeUrlNS($oldtarget[1], $oldtarget[0], false, true);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1043 $page_id_key = $paths->nslist[ $oldtarget[1] ] . $oldtarget[0];
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1044 $page_data = $paths->pages[$page_id_key];
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1045 $title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$oldtarget[1]] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $oldtarget[0] ) ) );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1046 if ( !isset($page_data['name']) )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1047 {
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1048 $cls = 'class="wikilink-nonexistent"';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1049 }
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1050 else
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1051 {
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1052 $cls = '';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1053 }
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1054 $a = '<a ' . $cls . ' href="' . $url . '">' . $title . '</a>';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1055 $redir_html = '<br /><div class="mdg-infobox">
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1056 <table border="0" width="100%" cellspacing="0" cellpadding="0">
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1057 <tr>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1058 <td valign="top">
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1059 <img alt="Cute wet-floor icon" src="'.scriptPath.'/images/redirector.png" />
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1060 </td>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1061 <td valign="top" style="padding-left: 10px;">
314
+ − 1062 ' . $lang->get('page_msg_this_is_a_redirector', array( 'redirect_target' => $a )) . '
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1063 </td>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1064 </tr>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1065 </table>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1066 </div>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1067 <br />
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1068 <hr style="margin-left: 1em; width: 200px;" />';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1069 $text = str_replace($match[0], '', $text);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1070 $text = trim($text);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1071 }
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1072
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1073 $template->tpl_strings['PAGE_NAME'] = htmlspecialchars( $this->title );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1074
1
+ − 1075 $this->header();
91
+ − 1076 $this->do_breadcrumbs();
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1077
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1078 if ( $_errormsg )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1079 {
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1080 echo $_errormsg;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1081 }
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1082
24
+ − 1083 if ( $incl_inner_headers )
+ − 1084 {
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1085 if ( count($this->redirect_stack) > 0 )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1086 {
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1087 $stack = array_reverse($this->redirect_stack);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1088 foreach ( $stack as $oldtarget )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1089 {
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1090 $url = makeUrlNS($oldtarget[1], $oldtarget[0], 'redirect=no', true);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1091 $page_id_key = $paths->nslist[ $oldtarget[1] ] . $oldtarget[0];
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1092 $page_data = $paths->pages[$page_id_key];
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1093 $title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$oldtarget[1]] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $oldtarget[0] ) ) );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1094 $a = '<a href="' . $url . '">' . $title . '</a>';
368
+ − 1095 echo '<small>' . $lang->get('page_msg_redirected_from', array('from' => $a)) . '<br /></small>';
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1096 }
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1097 }
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1098 display_page_headers();
24
+ − 1099 }
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1100
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1101 if ( $this->revision_id )
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 1102 {
368
+ − 1103 echo '<div class="info-box" style="margin-left: 0; margin-top: 5px;">
+ − 1104 <b>' . $lang->get('page_msg_archived_title') . '</b><br />
+ − 1105 ' . $lang->get('page_msg_archived_body', array(
468
+ − 1106 'archive_date' => enano_date('F d, Y', $this->revision_time),
+ − 1107 'archive_time' => enano_date('h:i a', $this->revision_time),
368
+ − 1108 'current_link' => makeUrlNS($this->namespace, $this->page_id),
468
+ − 1109 'restore_link' => makeUrlNS($this->namespace, $this->page_id, 'do=edit&revid='.$this->revision_id),
+ − 1110 'restore_onclick' => 'ajaxEditor(\''.$this->revision_id.'\'); return false;',
368
+ − 1111 )) . '
468
+ − 1112 </div>';
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 1113 }
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 1114
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1115 if ( $redir_enabled )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1116 {
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1117 echo $redir_html;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1118 }
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1119
441
4d9a4da1975b
Adding a few stray files and removing the no-longer-needed Creative Commons Attribution 2.0 license (no more libraries under that license are included with Enano); adding hooks pageprocess_render_{head,tail} to be run before and after the final page render, respectively.
Dan
diff
changeset
+ − 1120 $code = $plugins->setHook('pageprocess_render_head');
4d9a4da1975b
Adding a few stray files and removing the no-longer-needed Creative Commons Attribution 2.0 license (no more libraries under that license are included with Enano); adding hooks pageprocess_render_{head,tail} to be run before and after the final page render, respectively.
Dan
diff
changeset
+ − 1121 foreach ( $code as $cmd )
4d9a4da1975b
Adding a few stray files and removing the no-longer-needed Creative Commons Attribution 2.0 license (no more libraries under that license are included with Enano); adding hooks pageprocess_render_{head,tail} to be run before and after the final page render, respectively.
Dan
diff
changeset
+ − 1122 {
4d9a4da1975b
Adding a few stray files and removing the no-longer-needed Creative Commons Attribution 2.0 license (no more libraries under that license are included with Enano); adding hooks pageprocess_render_{head,tail} to be run before and after the final page render, respectively.
Dan
diff
changeset
+ − 1123 eval($cmd);
4d9a4da1975b
Adding a few stray files and removing the no-longer-needed Creative Commons Attribution 2.0 license (no more libraries under that license are included with Enano); adding hooks pageprocess_render_{head,tail} to be run before and after the final page render, respectively.
Dan
diff
changeset
+ − 1124 }
4d9a4da1975b
Adding a few stray files and removing the no-longer-needed Creative Commons Attribution 2.0 license (no more libraries under that license are included with Enano); adding hooks pageprocess_render_{head,tail} to be run before and after the final page render, respectively.
Dan
diff
changeset
+ − 1125
25
+ − 1126 if ( $incl_inner_headers )
+ − 1127 {
+ − 1128 $text = '?>' . RenderMan::render($text);
+ − 1129 }
+ − 1130 else
+ − 1131 {
+ − 1132 $text = '?>' . $text;
26
+ − 1133 $text = preg_replace('/<nowiki>(.*?)<\/nowiki>/s', '\\1', $text);
25
+ − 1134 }
593
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 1135
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 1136 eval ( $text );
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 1137
441
4d9a4da1975b
Adding a few stray files and removing the no-longer-needed Creative Commons Attribution 2.0 license (no more libraries under that license are included with Enano); adding hooks pageprocess_render_{head,tail} to be run before and after the final page render, respectively.
Dan
diff
changeset
+ − 1138 $code = $plugins->setHook('pageprocess_render_tail');
4d9a4da1975b
Adding a few stray files and removing the no-longer-needed Creative Commons Attribution 2.0 license (no more libraries under that license are included with Enano); adding hooks pageprocess_render_{head,tail} to be run before and after the final page render, respectively.
Dan
diff
changeset
+ − 1139 foreach ( $code as $cmd )
4d9a4da1975b
Adding a few stray files and removing the no-longer-needed Creative Commons Attribution 2.0 license (no more libraries under that license are included with Enano); adding hooks pageprocess_render_{head,tail} to be run before and after the final page render, respectively.
Dan
diff
changeset
+ − 1140 {
4d9a4da1975b
Adding a few stray files and removing the no-longer-needed Creative Commons Attribution 2.0 license (no more libraries under that license are included with Enano); adding hooks pageprocess_render_{head,tail} to be run before and after the final page render, respectively.
Dan
diff
changeset
+ − 1141 eval($cmd);
4d9a4da1975b
Adding a few stray files and removing the no-longer-needed Creative Commons Attribution 2.0 license (no more libraries under that license are included with Enano); adding hooks pageprocess_render_{head,tail} to be run before and after the final page render, respectively.
Dan
diff
changeset
+ − 1142 }
4d9a4da1975b
Adding a few stray files and removing the no-longer-needed Creative Commons Attribution 2.0 license (no more libraries under that license are included with Enano); adding hooks pageprocess_render_{head,tail} to be run before and after the final page render, respectively.
Dan
diff
changeset
+ − 1143
24
+ − 1144 if ( $incl_inner_headers )
+ − 1145 {
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 1146 display_page_footers();
24
+ − 1147 }
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 1148
1
+ − 1149 $this->footer();
+ − 1150 }
+ − 1151
+ − 1152 /**
+ − 1153 * Sends the page header, dependent on, of course, whether we're supposed to.
+ − 1154 */
+ − 1155
+ − 1156 function header()
+ − 1157 {
+ − 1158 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1159 if ( $this->send_headers )
+ − 1160 $template->header();
+ − 1161 }
+ − 1162
+ − 1163 /**
+ − 1164 * Sends the page footer, dependent on, of course, whether we're supposed to.
+ − 1165 */
+ − 1166
+ − 1167 function footer()
+ − 1168 {
+ − 1169 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1170 if ( $this->send_headers )
+ − 1171 $template->footer();
+ − 1172 }
+ − 1173
+ − 1174 /**
+ − 1175 * Fetches the raw, unfiltered page text.
+ − 1176 * @access public
+ − 1177 */
+ − 1178
+ − 1179 function fetch_text()
+ − 1180 {
+ − 1181 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1182
+ − 1183 if ( !empty($this->text_cache) )
+ − 1184 {
+ − 1185 return $this->text_cache;
+ − 1186 }
+ − 1187
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1188 if ( $this->revision_id > 0 && is_int($this->revision_id) )
1
+ − 1189 {
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1190
468
+ − 1191 $q = $db->sql_query('SELECT page_text, char_tag, time_id FROM '.table_prefix.'logs WHERE log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\' AND log_id=' . $this->revision_id . ';');
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1192 if ( !$q )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1193 {
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1194 $this->send_error('Error during SQL query.', true);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1195 }
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1196 if ( $db->numrows() < 1 )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1197 {
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1198 // Compatibility fix for old pages with dots in the page ID
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1199 if ( strstr($this->page_id, '.2e') )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1200 {
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1201 $db->free_result();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1202 $page_id = str_replace('.2e', '.', $this->page_id);
468
+ − 1203 $q = $db->sql_query('SELECT page_text, char_tag, time_id FROM '.table_prefix.'logs WHERE log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $this->namespace . '\' AND log_id=' . $this->revision_id . ';');
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1204 if ( !$q )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1205 {
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1206 $this->send_error('Error during SQL query.', true);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1207 }
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1208 if ( $db->numrows() < 1 )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1209 {
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1210 $this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1211 return 'err_no_text_rows';
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1212 }
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1213 }
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1214 else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1215 {
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1216 $this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1217 return 'err_no_text_rows';
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1218 }
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1219 }
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1220 else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1221 {
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1222 $row = $db->fetchrow();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1223 }
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1224
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1225 $db->free_result();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1226
1
+ − 1227 }
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1228 else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1229 {
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 1230 $q = $db->sql_query('SELECT t.page_text, t.char_tag, l.time_id FROM '.table_prefix."page_text AS t\n"
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 1231 . " LEFT JOIN " . table_prefix . "logs AS l\n"
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 1232 . " ON ( l.page_id = t.page_id AND l.namespace = t.namespace )\n"
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 1233 . " WHERE t.page_id='$this->page_id' AND t.namespace='$this->namespace'\n"
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 1234 . " ORDER BY l.time_id DESC LIMIT 1;");
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1235 if ( !$q )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1236 {
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1237 $this->send_error('Error during SQL query.', true);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1238 }
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1239 if ( $db->numrows() < 1 )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1240 {
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1241 // Compatibility fix for old pages with dots in the page ID
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1242 if ( strstr($this->page_id, '.2e') )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1243 {
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1244 $db->free_result();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1245 $page_id = str_replace('.2e', '.', $this->page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1246 $q = $db->sql_query('SELECT page_text, char_tag FROM '.table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $this->namespace . '\';');
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1247 if ( !$q )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1248 {
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1249 $this->send_error('Error during SQL query.', true);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1250 }
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1251 if ( $db->numrows() < 1 )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1252 {
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1253 $this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1254 return 'err_no_text_rows';
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1255 }
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1256 }
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1257 else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1258 {
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1259 $this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1260 return 'err_no_text_rows';
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1261 }
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1262 }
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1263
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1264 $row = $db->fetchrow();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1265 $db->free_result();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1266
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1267 }
1
+ − 1268
+ − 1269 if ( !empty($row['char_tag']) )
+ − 1270 {
+ − 1271 // This page text entry uses the old text-escaping format
+ − 1272 $from = array(
+ − 1273 "{APOS:{$row['char_tag']}}",
+ − 1274 "{QUOT:{$row['char_tag']}}",
+ − 1275 "{SLASH:{$row['char_tag']}}"
+ − 1276 );
+ − 1277 $to = array("'", '"', '\\');
+ − 1278 $row['page_text'] = str_replace($from, $to, $row['page_text']);
+ − 1279 }
+ − 1280
+ − 1281 $this->text_cache = $row['page_text'];
+ − 1282
468
+ − 1283 if ( isset($row['time_id']) )
+ − 1284 {
+ − 1285 $this->revision_time = intval($row['time_id']);
+ − 1286 }
+ − 1287
1
+ − 1288 return $row['page_text'];
+ − 1289
+ − 1290 }
+ − 1291
+ − 1292 /**
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1293 * Handles the extra overhead required for user pages.
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1294 * @access private
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1295 */
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1296
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1297 function _handle_userpage()
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1298 {
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1299 global $db, $session, $paths, $template, $plugins; // Common objects
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1300 global $email;
328
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 1301 global $lang;
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1302
285
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 1303 $page_urlname = dirtify_page_id($this->page_id);
322
+ − 1304 if ( $this->page_id == $paths->page_id && $this->namespace == $paths->namespace )
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1305 {
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1306 $page_name = ( isset($paths->cpage['name']) ) ? $paths->cpage['name'] : $this->page_id;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1307 }
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1308 else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1309 {
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1310 $page_name = ( isset($paths->pages[$this->page_id]) ) ? $paths->pages[$this->page_id]['name'] : $this->page_id;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1311 }
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1312
285
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 1313 $target_username = strtr($page_urlname,
22
+ − 1314 Array(
+ − 1315 '_' => ' ',
+ − 1316 '<' => '<',
+ − 1317 '>' => '>'
+ − 1318 ));
+ − 1319
377
bb3e6c3bd4f4
Removed stray debugging info from ACL editor success notification; added ability for guests to set language on URI (?lang=eng); added html_in_pages ACL type and separated from php_in_pages so HTML can be embedded but not PHP; rewote portions of the path manager to better abstract URL input; added Zend Framework into list of BSD-licensed libraries; localized some remaining strings; got the migration script working, but just barely; fixed display bug in Special:Contributions; localized Main Page button in admin panel
Dan
diff
changeset
+ − 1320 $target_username = preg_replace('/^' . str_replace('/', '\\/', preg_quote($paths->nslist['User'])) . '/', '', $target_username);
bb3e6c3bd4f4
Removed stray debugging info from ACL editor success notification; added ability for guests to set language on URI (?lang=eng); added html_in_pages ACL type and separated from php_in_pages so HTML can be embedded but not PHP; rewote portions of the path manager to better abstract URL input; added Zend Framework into list of BSD-licensed libraries; localized some remaining strings; got the migration script working, but just barely; fixed display bug in Special:Contributions; localized Main Page button in admin panel
Dan
diff
changeset
+ − 1321 list($target_username) = explode('/', $target_username);
22
+ − 1322
+ − 1323 if ( ( $page_name == str_replace('_', ' ', $this->page_id) || $page_name == $paths->nslist['User'] . str_replace('_', ' ', $this->page_id) ) || !$this->page_exists )
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1324 {
377
bb3e6c3bd4f4
Removed stray debugging info from ACL editor success notification; added ability for guests to set language on URI (?lang=eng); added html_in_pages ACL type and separated from php_in_pages so HTML can be embedded but not PHP; rewote portions of the path manager to better abstract URL input; added Zend Framework into list of BSD-licensed libraries; localized some remaining strings; got the migration script working, but just barely; fixed display bug in Special:Contributions; localized Main Page button in admin panel
Dan
diff
changeset
+ − 1325 $page_name = $lang->get('userpage_page_title', array('username' => htmlspecialchars($target_username)));
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1326 }
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1327 else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1328 {
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1329 // User has a custom title for their userpage
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1330 $page_name = $paths->pages[ $paths->nslist[$this->namespace] . $this->page_id ]['name'];
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1331 }
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1332
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1333 $template->tpl_strings['PAGE_NAME'] = htmlspecialchars($page_name);
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1334
328
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 1335 $q = $db->sql_query('SELECT u.username, u.user_id AS authoritative_uid, u.real_name, u.email, u.reg_time, u.user_has_avatar, u.avatar_type, x.*, COUNT(c.comment_id) AS n_comments
22
+ − 1336 FROM '.table_prefix.'users u
+ − 1337 LEFT JOIN '.table_prefix.'users_extra AS x
+ − 1338 ON ( u.user_id = x.user_id OR x.user_id IS NULL )
+ − 1339 LEFT JOIN '.table_prefix.'comments AS c
47
+ − 1340 ON ( ( c.user_id=u.user_id AND c.name=u.username AND c.approved=1 ) OR ( c.comment_id IS NULL AND c.approved IS NULL ) )
22
+ − 1341 WHERE u.username=\'' . $db->escape($target_username) . '\'
328
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 1342 GROUP BY u.username, u.user_id, u.real_name, u.email, u.reg_time, u.user_has_avatar, u.avatar_type, x.user_id, x.user_aim, x.user_yahoo, x.user_msn, x.user_xmpp, x.user_homepage, x.user_location, x.user_job, x.user_hobbies, x.email_public;');
22
+ − 1343 if ( !$q )
+ − 1344 $db->_die();
+ − 1345
+ − 1346 $user_exists = true;
+ − 1347
+ − 1348 if ( $db->numrows() < 1 )
+ − 1349 {
+ − 1350 $user_exists = false;
+ − 1351 }
+ − 1352 else
+ − 1353 {
+ − 1354 $userdata = $db->fetchrow();
+ − 1355 if ( $userdata['authoritative_uid'] == 1 )
+ − 1356 {
+ − 1357 // Hide data for anonymous user
+ − 1358 $user_exists = false;
+ − 1359 unset($userdata);
+ − 1360 }
+ − 1361 }
+ − 1362
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1363 // get the user's rank
593
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 1364 if ( $user_exists )
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 1365 {
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 1366 $rank_data = $session->get_user_rank(intval($userdata['authoritative_uid']));
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 1367 }
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 1368 else
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 1369 {
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 1370 $rank_data = $session->get_user_rank(1);
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 1371 }
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1372
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1373 $this->header();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1374
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1375 // if ( $send_headers )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1376 // {
22
+ − 1377 // display_page_headers();
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1378 // }
16
+ − 1379
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1380 // Start left sidebar: basic user info, latest comments
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1381
22
+ − 1382 if ( $user_exists ):
+ − 1383
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1384 echo '<table border="0" cellspacing="4" cellpadding="0" style="width: 100%;">';
22
+ − 1385 echo '<tr><td style="width: 150px;" valign="top">';
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1386
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1387 echo '<div class="tblholder">
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1388 <table border="0" cellspacing="1" cellpadding="4">';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1389
22
+ − 1390 //
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1391 // Main part of sidebar
22
+ − 1392 //
+ − 1393
+ − 1394 // Basic user info
+ − 1395
368
+ − 1396 echo '<tr><th class="subhead">' . $lang->get('userpage_heading_basics', array('username' => htmlspecialchars($target_username))) . '</th></tr>';
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1397
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1398 echo '<tr><td class="row1" style="text-align: center;">';
328
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 1399 if ( $userdata['user_has_avatar'] == '1' )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 1400 {
621
+ − 1401 echo '<img alt="' . $lang->get('usercp_avatar_image_alt', array('username' => $userdata['username'])) . '" src="' . make_avatar_url(intval($userdata['authoritative_uid']), $userdata['avatar_type'], $userdata['email']) . '" /><br />';
328
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 1402 }
541
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1403 // username
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1404 echo '<big><span style="' . $rank_data['rank_style'] . '">' . htmlspecialchars($target_username) . '</span></big><br />';
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1405 // user title, if appropriate
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1406 if ( $rank_data['user_title'] )
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1407 echo htmlspecialchars($rank_data['user_title']) . '<br />';
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1408 // rank
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1409 echo htmlspecialchars($lang->get($rank_data['rank_title']));
acb7e23b6ffa
Massive commit with various changes. Added user ranks system (no admin interface yet) and ability for users to have custom user titles. Made cron framework accept fractions of hours through floating-point intervals. Modifed ACL editor to use miniPrompt framework for close confirmation box. Made avatar system use a special page as opposed to fetching the files directly for caching reasons.
Dan
diff
changeset
+ − 1410 echo '</td></tr>';
368
+ − 1411 echo '<tr><td class="row3">' . $lang->get('userpage_lbl_joined') . ' ' . enano_date('F d, Y h:i a', $userdata['reg_time']) . '</td></tr>';
+ − 1412 echo '<tr><td class="row1">' . $lang->get('userpage_lbl_num_comments') . ' ' . $userdata['n_comments'] . '</td></tr>';
22
+ − 1413
+ − 1414 if ( !empty($userdata['real_name']) )
+ − 1415 {
368
+ − 1416 echo '<tr><td class="row3">' . $lang->get('userpage_lbl_real_name') . ' ' . $userdata['real_name'] . '</td></tr>';
22
+ − 1417 }
+ − 1418
108
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 1419 // Administer user button
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 1420
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 1421 if ( $session->user_level >= USER_LEVEL_ADMIN )
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 1422 {
368
+ − 1423 echo '<tr><td class="row1"><a href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'UserManager&src=get&user=' . urlencode($target_username), true) . '" onclick="ajaxAdminUser(\'' . addslashes($target_username) . '\'); return false;">' . $lang->get('userpage_btn_administer_user') . '</a></td></tr>';
108
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 1424 }
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 1425
22
+ − 1426 // Comments
+ − 1427
368
+ − 1428 echo '<tr><th class="subhead">' . $lang->get('userpage_heading_comments', array('username' => htmlspecialchars($target_username))) . '</th></tr>';
47
+ − 1429 $q = $db->sql_query('SELECT page_id, namespace, subject, time FROM '.table_prefix.'comments WHERE name=\'' . $db->escape($target_username) . '\' AND user_id=' . $userdata['authoritative_uid'] . ' AND approved=1 ORDER BY time DESC LIMIT 5;');
22
+ − 1430 if ( !$q )
+ − 1431 $db->_die();
+ − 1432
+ − 1433 $comments = Array();
+ − 1434 $no_comments = false;
+ − 1435
+ − 1436 if ( $row = $db->fetchrow() )
+ − 1437 {
+ − 1438 do
+ − 1439 {
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1440 $row['time'] = enano_date('F d, Y', $row['time']);
22
+ − 1441 $comments[] = $row;
+ − 1442 }
+ − 1443 while ( $row = $db->fetchrow() );
+ − 1444 }
+ − 1445 else
+ − 1446 {
+ − 1447 $no_comments = true;
+ − 1448 }
+ − 1449
+ − 1450 echo '<tr><td class="row3">';
+ − 1451 echo '<div style="border: 1px solid #000000; padding: 0px; margin: 0; max-height: 200px; clip: rect(0px,auto,auto,0px); overflow: auto; background-color: transparent;" class="tblholder">';
+ − 1452
+ − 1453 echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 1454 $class = 'row1';
+ − 1455
+ − 1456 $tpl = '<tr>
+ − 1457 <td class="{CLASS}">
+ − 1458 <a href="{PAGE_LINK}" <!-- BEGINNOT page_exists -->class="wikilink-nonexistent"<!-- END page_exists -->>{PAGE}</a><br />
368
+ − 1459 <small>{lang:userpage_comments_lbl_posted} {DATE}<br /></small>
22
+ − 1460 <b><a href="{COMMENT_LINK}">{SUBJECT}</a></b>
+ − 1461 </td>
+ − 1462 </tr>';
+ − 1463 $parser = $template->makeParserText($tpl);
+ − 1464
+ − 1465 if ( count($comments) > 0 )
+ − 1466 {
+ − 1467 foreach ( $comments as $comment )
+ − 1468 {
+ − 1469 $c_page_id = $paths->nslist[ $comment['namespace'] ] . sanitize_page_id($comment['page_id']);
+ − 1470 if ( isset($paths->pages[ $c_page_id ]) )
+ − 1471 {
+ − 1472 $parser->assign_bool(array(
+ − 1473 'page_exists' => true
+ − 1474 ));
83
+ − 1475 $page_title = htmlspecialchars($paths->pages[ $c_page_id ]['name']);
22
+ − 1476 }
+ − 1477 else
+ − 1478 {
+ − 1479 $parser->assign_bool(array(
+ − 1480 'page_exists' => false
+ − 1481 ));
+ − 1482 $page_title = htmlspecialchars(dirtify_page_id($c_page_id));
+ − 1483 }
+ − 1484 $parser->assign_vars(array(
+ − 1485 'CLASS' => $class,
+ − 1486 'PAGE_LINK' => makeUrlNS($comment['namespace'], sanitize_page_id($comment['page_id'])),
+ − 1487 'PAGE' => $page_title,
+ − 1488 'SUBJECT' => $comment['subject'],
+ − 1489 'DATE' => $comment['time'],
+ − 1490 'COMMENT_LINK' => makeUrlNS($comment['namespace'], sanitize_page_id($comment['page_id']), 'do=comments', true)
+ − 1491 ));
+ − 1492 $class = ( $class == 'row3' ) ? 'row1' : 'row3';
+ − 1493 echo $parser->run();
+ − 1494 }
+ − 1495 }
+ − 1496 else
+ − 1497 {
368
+ − 1498 echo '<tr><td class="' . $class . '">' . $lang->get('userpage_msg_no_comments') . '</td></tr>';
22
+ − 1499 }
+ − 1500 echo '</table>';
+ − 1501
+ − 1502 echo '</div>';
+ − 1503 echo '</td></tr>';
315
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1504
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1505 $code = $plugins->setHook('userpage_sidebar_left');
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1506 foreach ( $code as $cmd )
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1507 {
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1508 eval($cmd);
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1509 }
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1510
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1511 echo ' </table>
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1512 </div>';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1513
22
+ − 1514 echo '</td><td valign="top" style="padding: 0 10px;">';
+ − 1515
+ − 1516 else:
+ − 1517
+ − 1518 // Nothing for now
+ − 1519
+ − 1520 endif;
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1521
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1522 // User's own content
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1523
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1524 $send_headers = $this->send_headers;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1525 $this->send_headers = false;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1526
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1527 if ( $this->page_exists )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1528 {
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1529 $this->render();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1530 }
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1531 else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1532 {
22
+ − 1533 $this->err_page_not_existent(true);
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1534 }
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1535
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1536 // Right sidebar
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1537
22
+ − 1538 if ( $user_exists ):
+ − 1539
+ − 1540 echo '</td><td style="width: 150px;" valign="top">';
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1541
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1542 echo '<div class="tblholder">
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1543 <table border="0" cellspacing="1" cellpadding="4">';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1544
22
+ − 1545 //
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1546 // Main part of sidebar
22
+ − 1547 //
+ − 1548
+ − 1549 // Contact information
+ − 1550
368
+ − 1551 echo '<tr><th class="subhead">' . $lang->get('userpage_heading_contact') . '</th></tr>';
22
+ − 1552
+ − 1553 $class = 'row3';
+ − 1554
+ − 1555 if ( $userdata['email_public'] == 1 )
+ − 1556 {
+ − 1557 $class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 1558 $email_link = $email->encryptEmail($userdata['email']);
368
+ − 1559 echo '<tr><td class="'.$class.'">' . $lang->get('userpage_lbl_email') . ' ' . $email_link . '</td></tr>';
22
+ − 1560 }
+ − 1561
+ − 1562 $class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 1563 if ( $session->user_logged_in )
+ − 1564 {
368
+ − 1565 echo '<tr><td class="'.$class.'">' . $lang->get('userpage_btn_send_pm', array('username' => htmlspecialchars($target_username), 'pm_link' => makeUrlNS('Special', 'PrivateMessages/Compose/to/' . $this->page_id, false, true))) . '</td></tr>';
22
+ − 1566 }
+ − 1567 else
+ − 1568 {
368
+ − 1569 echo '<tr><td class="'.$class.'">' . $lang->get('userpage_btn_send_pm_guest', array('username' => htmlspecialchars($target_username), 'login_flags' => 'href="' . makeUrlNS('Special', 'Login/' . $paths->nslist[$this->namespace] . $this->page_id) . '" onclick="ajaxStartLogin(); return false;"')) . '</td></tr>';
22
+ − 1570 }
+ − 1571
+ − 1572 if ( !empty($userdata['user_aim']) )
+ − 1573 {
+ − 1574 $class = ( $class == 'row1' ) ? 'row3' : 'row1';
368
+ − 1575 echo '<tr><td class="'.$class.'">' . $lang->get('userpage_lbl_aim') . ' ' . $userdata['user_aim'] . '</td></tr>';
22
+ − 1576 }
+ − 1577
+ − 1578 if ( !empty($userdata['user_yahoo']) )
+ − 1579 {
+ − 1580 $class = ( $class == 'row1' ) ? 'row3' : 'row1';
368
+ − 1581 echo '<tr><td class="'.$class.'">' . $lang->get('userpage_lbl_yim') . ' ' . $userdata['user_yahoo'] . '</td></tr>';
22
+ − 1582 }
+ − 1583
+ − 1584 if ( !empty($userdata['user_msn']) )
+ − 1585 {
+ − 1586 $class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 1587 $email_link = $email->encryptEmail($userdata['user_msn']);
368
+ − 1588 echo '<tr><td class="'.$class.'">' . $lang->get('userpage_lbl_wlm') . ' ' . $email_link . '</td></tr>';
22
+ − 1589 }
+ − 1590
+ − 1591 if ( !empty($userdata['user_xmpp']) )
+ − 1592 {
+ − 1593 $class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 1594 $email_link = $email->encryptEmail($userdata['user_xmpp']);
368
+ − 1595 echo '<tr><td class="'.$class.'">' . $lang->get('userpage_lbl_xmpp') . ' ' . $email_link . '</td></tr>';
22
+ − 1596 }
+ − 1597
+ − 1598 // Real life
+ − 1599
368
+ − 1600 echo '<tr><th class="subhead">' . $lang->get('userpage_heading_real_life', array('username' => htmlspecialchars($target_username))) . '</th></tr>';
22
+ − 1601
+ − 1602 if ( !empty($userdata['user_location']) )
+ − 1603 {
+ − 1604 $class = ( $class == 'row1' ) ? 'row3' : 'row1';
368
+ − 1605 echo '<tr><td class="'.$class.'">' . $lang->get('userpage_lbl_location') . ' ' . $userdata['user_location'] . '</td></tr>';
22
+ − 1606 }
+ − 1607
+ − 1608 if ( !empty($userdata['user_job']) )
+ − 1609 {
+ − 1610 $class = ( $class == 'row1' ) ? 'row3' : 'row1';
368
+ − 1611 echo '<tr><td class="'.$class.'">' . $lang->get('userpage_lbl_job') . ' ' . $userdata['user_job'] . '</td></tr>';
22
+ − 1612 }
+ − 1613
+ − 1614 if ( !empty($userdata['user_hobbies']) )
+ − 1615 {
+ − 1616 $class = ( $class == 'row1' ) ? 'row3' : 'row1';
368
+ − 1617 echo '<tr><td class="'.$class.'">' . $lang->get('userpage_lbl_hobbies') . ' ' . $userdata['user_hobbies'] . '</td></tr>';
22
+ − 1618 }
+ − 1619
28
+ − 1620 if ( empty($userdata['user_location']) && empty($userdata['user_job']) && empty($userdata['user_hobbies']) )
+ − 1621 {
+ − 1622 $class = ( $class == 'row1' ) ? 'row3' : 'row1';
368
+ − 1623 echo '<tr><td class="'.$class.'">' . $lang->get('userpage_msg_no_contact_info', array('username' => htmlspecialchars($target_username))) . '</td></tr>';
28
+ − 1624 }
+ − 1625
315
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1626 $code = $plugins->setHook('userpage_sidebar_right');
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1627 foreach ( $code as $cmd )
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1628 {
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1629 eval($cmd);
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1630 }
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1631
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1632 echo ' </table>
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1633 </div>';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1634
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1635 echo '</tr></table>';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1636
22
+ − 1637 else:
+ − 1638
368
+ − 1639 if ( !is_valid_ip($target_username) )
+ − 1640 {
+ − 1641 echo '<p>' . $lang->get('userpage_msg_user_not_exist', array('username' => htmlspecialchars($target_username))) . '</p>';
+ − 1642 }
22
+ − 1643
+ − 1644 endif;
+ − 1645
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1646 // if ( $send_headers )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1647 // {
22
+ − 1648 // display_page_footers();
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1649 // }
16
+ − 1650
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1651 $this->send_headers = $send_headers;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1652 unset($send_headers);
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1653
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1654 $this->footer();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1655
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1656 }
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1657
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1658 /**
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1659 * Pushes to the redirect stack and resets the instance. This depends on the page ID and namespace already being validated and sanitized, and does not check the size of the redirect stack.
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1660 * @param string Page ID to redirect to
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1661 * @param string Namespace to redirect to
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1662 * @access private
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1663 */
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1664
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1665 function _handle_redirect($page_id, $namespace)
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1666 {
92
+ − 1667 global $db, $session, $paths, $template, $plugins; // Common objects
314
+ − 1668 global $lang;
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1669 $arr_pid = array($this->page_id, $this->namespace);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1670 if ( $namespace == 'Special' || $namespace == 'Admin' )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1671 {
314
+ − 1672 return $lang->get('page_err_redirect_to_special');
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1673 }
314
+ − 1674 $looped = false;
+ − 1675 foreach ( $this->redirect_stack as $page )
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1676 {
314
+ − 1677 if ( $page[0] == $arr_pid[0] && $page[1] == $arr_pid[1] )
+ − 1678 {
+ − 1679 $looped = true;
+ − 1680 break;
+ − 1681 }
+ − 1682 }
+ − 1683 if ( $looped )
+ − 1684 {
+ − 1685 return $lang->get('page_err_redirect_infinite_loop');
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1686 }
92
+ − 1687 $page_id_key = $paths->nslist[ $namespace ] . sanitize_page_id($page_id);
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1688 if ( !isset($paths->pages[$page_id_key]) )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1689 {
314
+ − 1690 return $lang->get('page_err_redirect_to_nonexistent');
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1691 }
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1692 $this->redirect_stack[] = $arr_pid;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1693
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1694
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1695 // Nuke the text cache to avoid infinite loops, gah...
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1696 $this->text_cache = '';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1697 $this->_setup($page_id, $namespace, 0);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1698 $this->send();
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1699 return true;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1700 }
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1701
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1702 /**
1
+ − 1703 * Send the error message to the user that the access to this page is denied.
+ − 1704 * @access private
+ − 1705 */
+ − 1706
+ − 1707 function err_access_denied()
+ − 1708 {
+ − 1709 global $db, $session, $paths, $template, $plugins; // Common objects
314
+ − 1710 global $lang;
+ − 1711 global $email;
1
+ − 1712
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1713 // Log it for crying out loud
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1714 $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'illegal_page\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$db->escape($session->username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(serialize(array($this->page_id, $this->namespace))) . '\')');
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1715
1
+ − 1716 $ob = '';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1717 //$template->tpl_strings['PAGE_NAME'] = 'Access denied';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1718 $template->tpl_strings['PAGE_NAME'] = htmlspecialchars( $this->title );
1
+ − 1719
+ − 1720 if ( $this->send_headers )
+ − 1721 {
+ − 1722 $ob .= $template->getHeader();
+ − 1723 }
+ − 1724
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1725 if ( count($this->redirect_stack) > 0 )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1726 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1727 $stack = array_reverse($this->redirect_stack);
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1728 foreach ( $stack as $oldtarget )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1729 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1730 $url = makeUrlNS($oldtarget[1], $oldtarget[0], 'redirect=no', true);
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1731 $page_id_key = $paths->nslist[ $oldtarget[1] ] . $oldtarget[0];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1732 $page_data = $paths->pages[$page_id_key];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1733 $title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$oldtarget[1]] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $oldtarget[0] ) ) );
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1734 $a = '<a href="' . $url . '">' . $title . '</a>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1735
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1736 $url = makeUrlNS($this->namespace, $this->page_id, 'redirect=no', true);
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1737 $page_id_key = $paths->nslist[ $this->namespace ] . $this->page_id;
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1738 $page_data = $paths->pages[$page_id_key];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1739 $title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$this->namespace] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $this->page_id ) ) );
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1740 $b = '<a href="' . $url . '">' . $title . '</a>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1741
369
+ − 1742 $ob .= '<small>' . $lang->get('page_msg_redirected_from_to', array('from' => $a, 'to' => $b)) . '<br /></small>';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1743 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1744 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1745
314
+ − 1746 $email_link = $email->encryptEmail(getConfig('contact_email'), '', '', $lang->get('page_err_access_denied_siteadmin'));
+ − 1747
+ − 1748 $ob .= "<h3>" . $lang->get('page_err_access_denied_title') . "</h3>";
+ − 1749 $ob .= "<p>" . $lang->get('page_err_access_denied_body', array('site_administration' => $email_link)) . "</p>";
1
+ − 1750
+ − 1751 if ( $this->send_headers )
+ − 1752 {
+ − 1753 $ob .= $template->getFooter();
+ − 1754 }
+ − 1755 echo $ob;
+ − 1756 }
+ − 1757
+ − 1758 /**
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1759 * Inform the user of an incorrect or absent password
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1760 * @access private
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1761 */
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1762
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1763 function err_wrong_password()
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1764 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1765 global $db, $session, $paths, $template, $plugins; // Common objects
369
+ − 1766 global $lang;
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1767
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1768 $title = 'Password required';
369
+ − 1769 $message = ( empty($this->password) ) ?
+ − 1770 '<p>' . $lang->get('page_msg_passrequired') . '</p>' :
+ − 1771 '<p>' . $lang->get('page_msg_pass_wrong') . '</p>';
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1772 $message .= '<form action="' . makeUrlNS($this->namespace, $this->page_id) . '" method="post">
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1773 <p>
369
+ − 1774 <label>' . $lang->get('page_lbl_password') . ' <input name="pagepass" type="password" /></label> <input type="submit" value="Submit" />
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1775 </p>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1776 </form>';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1777 if ( $this->send_headers )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1778 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1779 $template->tpl_strings['PAGE_NAME'] = $title;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1780 $template->header();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1781 echo "$message";
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1782 $template->footer();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1783 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1784 else
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1785 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1786 echo "<h2>$title</h2>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1787 $message";
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1788 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1789 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1790
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1791 /**
1
+ − 1792 * Send the error message to the user complaining that there weren't any rows.
+ − 1793 * @access private
+ − 1794 */
+ − 1795
+ − 1796 function err_no_rows()
+ − 1797 {
+ − 1798 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1799
+ − 1800 $title = 'No text rows';
+ − 1801 $message = 'While the page\'s existence was verified, there were no rows in the database that matched the query for the text. This may indicate a bug with the software; ask the webmaster for more information. The offending query was:<pre>' . $db->latest_query . '</pre>';
+ − 1802 if ( $this->send_headers )
+ − 1803 {
+ − 1804 $template->tpl_strings['PAGE_NAME'] = $title;
+ − 1805 $template->header();
+ − 1806 echo "<p>$message</p>";
+ − 1807 $template->footer();
+ − 1808 }
+ − 1809 else
+ − 1810 {
+ − 1811 echo "<h2>$title</h2>
+ − 1812 <p>$message</p>";
+ − 1813 }
+ − 1814 }
+ − 1815
+ − 1816 /**
+ − 1817 * Tell the user the page doesn't exist, and present them with their options.
+ − 1818 * @access private
+ − 1819 */
+ − 1820
22
+ − 1821 function err_page_not_existent($userpage = false)
1
+ − 1822 {
+ − 1823 global $db, $session, $paths, $template, $plugins; // Common objects
369
+ − 1824 global $lang;
1
+ − 1825
91
+ − 1826 header('HTTP/1.1 404 Not Found');
+ − 1827
1
+ − 1828 $this->header();
91
+ − 1829 $this->do_breadcrumbs();
+ − 1830
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1831 $msg = $paths->sysmsg('Page_not_found');
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1832 if ( $msg )
22
+ − 1833 {
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1834 $msg = RenderMan::render($msg);
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1835 eval( '?>' . $msg );
1
+ − 1836 }
+ − 1837 else
+ − 1838 {
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1839 if ( $userpage )
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1840 {
369
+ − 1841 echo '<h3>' . $lang->get('page_msg_404_title') . '</h3>
+ − 1842 <p>' . $lang->get('page_msg_404_body_userpage');
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1843 }
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1844 else
1
+ − 1845 {
369
+ − 1846 echo '<h3>' . $lang->get('page_msg_404_title') . '</h3>
+ − 1847 <p>' . $lang->get('page_msg_404_body');
1
+ − 1848 }
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1849 if ( $session->get_permissions('create_page') )
1
+ − 1850 {
369
+ − 1851 echo ' ' . $lang->get('page_msg_404_create', array(
+ − 1852 'create_flags' => 'href="'.makeUrlNS($this->namespace, $this->page_id, 'do=edit', true).'" onclick="ajaxEditor(); return false;"',
+ − 1853 'mainpage_link' => makeUrl(getConfig('main_page'), false, true)
+ − 1854 ));
1
+ − 1855 }
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1856 else
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1857 {
369
+ − 1858 echo ' ' . $lang->get('page_msg_404_gohome', array(
+ − 1859 'mainpage_link' => makeUrl(getConfig('main_page'), false, true)
+ − 1860 ));
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1861 }
369
+ − 1862 echo '</p>';
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1863 if ( $session->get_permissions('history_rollback') )
1
+ − 1864 {
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1865 $e = $db->sql_query('SELECT * FROM ' . table_prefix . 'logs WHERE action=\'delete\' AND page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\' ORDER BY time_id DESC;');
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1866 if ( !$e )
93
+ − 1867 {
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1868 $db->_die('The deletion log could not be selected.');
93
+ − 1869 }
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1870 if ( $db->numrows() > 0 )
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1871 {
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1872 $r = $db->fetchrow();
369
+ − 1873 echo '<p>' . $lang->get('page_msg_404_was_deleted', array(
+ − 1874 'delete_time' => enano_date('d M Y h:i a', $r['time_id']),
+ − 1875 'delete_reason' => htmlspecialchars($r['edit_summary']),
481
+ − 1876 'rollback_flags' => 'href="'.makeUrl($paths->page, 'do=rollback&id='.$r['log_id']).'" onclick="ajaxRollback(\''.$r['log_id'].'\'); return false;"'
369
+ − 1877 ))
+ − 1878 . '</p>';
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1879 if ( $session->user_level >= USER_LEVEL_ADMIN )
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1880 {
369
+ − 1881 echo '<p>' . $lang->get('page_msg_404_admin_opts', array(
+ − 1882 'detag_link' => makeUrl($paths->page, 'do=detag', true)
+ − 1883 ))
+ − 1884 . '</p>';
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1885 }
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1886 }
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1887 $db->free_result();
1
+ − 1888 }
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1889 echo '<p>
369
+ − 1890 ' . $lang->get('page_msg_404_http_response') . '
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1891 </p>';
1
+ − 1892 }
+ − 1893 $this->footer();
+ − 1894 }
+ − 1895
+ − 1896 /**
91
+ − 1897 * Echoes out breadcrumb data, if appropriate.
+ − 1898 * @access private
+ − 1899 */
+ − 1900
+ − 1901 function do_breadcrumbs()
+ − 1902 {
+ − 1903 global $db, $session, $paths, $template, $plugins; // Common objects
473
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1904 global $lang;
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1905
91
+ − 1906 if ( strpos($this->text_cache, '__NOBREADCRUMBS__') !== false )
+ − 1907 return false;
473
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1908
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1909 $mode = getConfig('breadcrumb_mode');
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1910
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1911 if ( $mode == 'never' )
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1912 // Breadcrumbs are disabled
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1913 return true;
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1914
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1915 // Minimum depth for breadcrumb display
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1916 $threshold = ( $mode == 'always' ) ? 0 : 1;
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1917
91
+ − 1918 $breadcrumb_data = explode('/', $this->page_id);
473
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1919 if ( count($breadcrumb_data) > $threshold )
91
+ − 1920 {
473
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1921 // If we're not on a subpage of the main page, add "Home" to the list
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1922 $show_home = false;
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1923 if ( $mode == 'always' )
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1924 {
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1925 $show_home = true;
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1926 }
91
+ − 1927 echo '<!-- Start breadcrumbs -->
+ − 1928 <div class="breadcrumbs">
+ − 1929 ';
473
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1930 if ( $show_home )
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1931 {
498
+ − 1932 // Display the "home" link first.
+ − 1933 $pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
+ − 1934 if ( $pathskey !== getConfig('main_page') )
+ − 1935 echo '<a href="' . makeUrl(getConfig('main_page'), false, true) . '">';
+ − 1936 echo $lang->get('onpage_btn_breadcrumbs_home');
+ − 1937 if ( $pathskey !== getConfig('main_page') )
+ − 1938 echo '</a>';
+ − 1939 }
+ − 1940 foreach ( $breadcrumb_data as $i => $crumb )
+ − 1941 {
+ − 1942 $cumulative = implode('/', array_slice($breadcrumb_data, 0, ( $i + 1 )));
+ − 1943 if ( $show_home && $cumulative === getConfig('main_page') )
+ − 1944 continue;
+ − 1945 if ( $show_home || $i > 0 )
+ − 1946 echo ' » ';
+ − 1947 $title = ( isPage($cumulative) ) ? get_page_title($cumulative) : get_page_title($crumb);
+ − 1948 if ( $i + 1 == count($breadcrumb_data) )
473
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1949 {
498
+ − 1950 echo htmlspecialchars($title);
473
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1951 }
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1952 else
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1953 {
498
+ − 1954 $exists = ( isPage($cumulative) ) ? '' : ' class="wikilink-nonexistent"';
+ − 1955 echo '<a href="' . makeUrl($cumulative, false, true) . '"' . $exists . '>' . htmlspecialchars($title) . '</a>';
473
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1956 }
518bc2b214f1
Added modal dialog support for page editor; added customizability for breadcrumbs (thanks to Manoj for idea)
Dan
diff
changeset
+ − 1957 }
91
+ − 1958 echo '</div>
+ − 1959 <!-- End breadcrumbs -->
+ − 1960 ';
+ − 1961 }
+ − 1962 }
+ − 1963
+ − 1964 /**
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1965 * Send an error message and die. For debugging or critical technical errors only - nothing that would under normal circumstances be shown to the user.
468
+ − 1966 * @param string Error message
+ − 1967 * @param bool If true, send DBAL's debugging information as well
1
+ − 1968 */
+ − 1969
+ − 1970 function send_error($message, $sql = false)
+ − 1971 {
+ − 1972 global $db, $session, $paths, $template, $plugins; // Common objects
369
+ − 1973 global $lang;
1
+ − 1974
+ − 1975 $content = "<p>$message</p>";
369
+ − 1976 $template->tpl_strings['PAGE_NAME'] = $lang->get('page_msg_general_error');
1
+ − 1977
+ − 1978 if ( $this->debug['works'] )
+ − 1979 {
+ − 1980 $content .= $this->debug['backtrace'];
+ − 1981 }
+ − 1982
+ − 1983 header('HTTP/1.1 500 Internal Server Error');
+ − 1984
+ − 1985 $template->header();
+ − 1986 echo $content;
+ − 1987 $template->footer();
+ − 1988
+ − 1989 $db->close();
+ − 1990
+ − 1991 exit;
+ − 1992
+ − 1993 }
+ − 1994
322
+ − 1995 /**
+ − 1996 * Raises an error.
+ − 1997 * @param string Error string
+ − 1998 */
+ − 1999
+ − 2000 function raise_error($string)
+ − 2001 {
+ − 2002 if ( !is_string($string) )
+ − 2003 return false;
+ − 2004 $this->_errors[] = $string;
+ − 2005 }
+ − 2006
+ − 2007 /**
+ − 2008 * Retrieves the latest error from the error stack and returns it ('pops' the error stack)
+ − 2009 * @return string
+ − 2010 */
+ − 2011
+ − 2012 function pop_error()
+ − 2013 {
+ − 2014 if ( count($this->_errors) < 1 )
+ − 2015 return false;
+ − 2016 return array_pop($this->_errors);
+ − 2017 }
+ − 2018
1
+ − 2019 } // class PageProcessor
+ − 2020
+ − 2021 ?>