1
+ − 1 <?php
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 2
1
+ − 3 /*
+ − 4 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
685
17ebe24cdf85
Rebranded as 1.1.5 (Caoineag alpha 5) and fixed a couple bugs related to CDN support in template_nodb and installerUI. Updated readme.
Dan
diff
changeset
+ − 5 * Version 1.1.5 (Caoineag alpha 5)
1
+ − 6 * pageprocess.php - intelligent retrieval of pages
536
+ − 7 * Copyright (C) 2006-2008 Dan Fuhry
1
+ − 8 *
+ − 9 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 10 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 11 *
+ − 12 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 13 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 14 */
+ − 15
+ − 16 /**
+ − 17 * Class to handle fetching page text (possibly from a cache) and formatting it.
322
+ − 18 * As of 1.0.4, this also handles the fetching and editing of certain data for pages.
1
+ − 19 * @package Enano
+ − 20 * @subpackage UI
+ − 21 * @copyright 2007 Dan Fuhry
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 22 * @license GNU General Public License <http://www.gnu.org/licenses/gpl-2.0.html>
1
+ − 23 */
+ − 24
+ − 25 class PageProcessor
+ − 26 {
+ − 27
+ − 28 /**
+ − 29 * Page ID and namespace of the page handled by this instance
+ − 30 * @var string
+ − 31 */
+ − 32
+ − 33 var $page_id;
+ − 34 var $namespace;
+ − 35
+ − 36 /**
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 37 * The instance of the namespace processor for the namespace we're doing.
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 38 * @var object
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 39 */
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 40
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 41 var $ns;
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 42
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 43 /**
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 44 * The title of the page sent to the template parser
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 45 * @var string
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 46 */
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 47
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 48 var $title = '';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 49
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 50 /**
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 51 * The information about the page(s) we were redirected from
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 52 * @var array
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 53 */
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 54
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 55 var $redirect_stack = array();
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 56
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 57 /**
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 58 * The revision ID (history entry) to send. If set to 0 (the default) then the most recent revision will be sent.
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 59 * @var int
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 60 */
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 61
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 62 var $revision_id = 0;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 63
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 64 /**
468
+ − 65 * The time this revision was saved, as a UNIX timestamp
+ − 66 * @var int
+ − 67 */
+ − 68
+ − 69 var $revision_time = 0;
+ − 70
+ − 71 /**
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 72 * Unsanitized page ID.
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 73 * @var string
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 74 */
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 75
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 76 var $page_id_unclean;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 77
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 78 /**
1
+ − 79 * Tracks if the page we're loading exists in the database or not.
+ − 80 * @var bool
+ − 81 */
+ − 82
+ − 83 var $page_exists = false;
+ − 84
+ − 85 /**
+ − 86 * Permissions!
+ − 87 * @var object
+ − 88 */
+ − 89
+ − 90 var $perms = null;
+ − 91
+ − 92 /**
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 93 * The SHA1 hash of the user-inputted password for the page
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 94 * @var string
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 95 */
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 96
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 97 var $password = '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 98
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 99 /**
1
+ − 100 * Switch to track if redirects are allowed. Defaults to true.
+ − 101 * @var bool
+ − 102 */
+ − 103
+ − 104 var $allow_redir = true;
+ − 105
+ − 106 /**
+ − 107 * If this is set to true, this will call the header and footer funcs on $template when render() is called.
+ − 108 * @var bool
+ − 109 */
+ − 110
+ − 111 var $send_headers = false;
+ − 112
+ − 113 /**
+ − 114 * Cache the fetched text so we don't fetch it from the DB twice.
+ − 115 * @var string
+ − 116 */
+ − 117
+ − 118 var $text_cache = '';
+ − 119
+ − 120 /**
+ − 121 * Debugging information to track errors. You can set enable to false to disable sending debug information.
+ − 122 * @var array
+ − 123 */
+ − 124
+ − 125 var $debug = array(
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 126 'enable' => false,
1
+ − 127 'works' => false
+ − 128 );
+ − 129
+ − 130 /**
322
+ − 131 * The list of errors raised in the class.
+ − 132 * @var array
+ − 133 */
+ − 134
+ − 135 var $_errors = array();
+ − 136
+ − 137 /**
1
+ − 138 * Constructor.
+ − 139 * @param string The page ID (urlname) of the page
+ − 140 * @param string The namespace of the page
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 141 * @param int Optional. The revision ID to send.
1
+ − 142 */
+ − 143
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 144 function __construct( $page_id, $namespace, $revision_id = 0 )
1
+ − 145 {
+ − 146 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 147
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 148 profiler_log("PageProcessor [{$namespace}:{$page_id}]: Started constructor");
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 149
1
+ − 150 // See if we can get some debug info
+ − 151 if ( function_exists('debug_backtrace') && $this->debug['enable'] )
+ − 152 {
+ − 153 $this->debug['works'] = true;
+ − 154 $this->debug['backtrace'] = enano_debug_print_backtrace(true);
+ − 155 }
+ − 156
+ − 157 // First things first - check page existence and permissions
+ − 158
+ − 159 if ( !isset($paths->nslist[$namespace]) )
+ − 160 {
+ − 161 $this->send_error('The namespace "' . htmlspecialchars($namespace) . '" does not exist.');
+ − 162 }
+ − 163
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 164 if ( !is_int($revision_id) )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 165 $revision_id = 0;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 166
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 167 $this->_setup( $page_id, $namespace, $revision_id );
1
+ − 168 }
+ − 169
+ − 170 /**
61
+ − 171 * The main method to send the page content. Also responsible for checking permissions and calling the statistics counter.
+ − 172 * @param bool If true, the stat counter is called. Defaults to false.
1
+ − 173 */
+ − 174
61
+ − 175 function send( $do_stats = false )
1
+ − 176 {
+ − 177 global $db, $session, $paths, $template, $plugins; // Common objects
314
+ − 178 global $lang;
+ − 179
592
+ − 180 profiler_log('PageProcessor: send() called');
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 181
1
+ − 182 if ( !$this->perms->get_permissions('read') )
+ − 183 {
570
+ − 184 if ( $this->send_headers )
+ − 185 {
+ − 186 $template->init_vars($this);
+ − 187 }
511
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 188 // Permission denied to read page. Is this one of our core pages that must always be allowed?
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 189 // NOTE: Not even the administration panel will work if ACLs deny access to it.
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 190 if ( $this->namespace == 'Special' && in_array($this->page_id, array('Login', 'Logout', 'LangExportJSON', 'CSS')) )
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 191 {
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 192 // Do nothing; allow execution to continue
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 193 }
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 194 else
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 195 {
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 196 // Page isn't whitelisted, behave as normal
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 197 $this->err_access_denied();
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 198 return false;
f88c8c79d784
Made some improvements to ACL system including: warning on setting Deny for Everyone on the entire site, added ACL_ALWAYS_ALLOW_ADMIN_EDIT_ACL, and changed behavior as noted in the docs so that Deny for Everyone is no longer able to be overridden
Dan
diff
changeset
+ − 199 }
1
+ − 200 }
571
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 201
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 202 // Is there a custom function registered for handling this namespace?
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 203 // DEPRECATED (even though it only saw its way into one alpha release.)
571
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 204 if ( $proc = $paths->get_namespace_processor($this->namespace) )
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 205 {
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 206 // yes, just call that
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 207 // this is protected aggressively by the PathManager against overriding critical namespaces
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 208 return call_user_func($proc, $this);
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 209 }
66e14e61613e
Got ACL scope logic working again and began enforcing it. Breaking API change: assigning page title with $template->tpl_strings['PAGE_NAME'] will no longer work, use $template->assign_vars(). Workaround may be added later. Test for assign_vars method if compatibility needed. Added namespace processor API (non-breaking change). Several other things tweaked around as well.
Dan
diff
changeset
+ − 210
24
+ − 211 $pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
+ − 212 $strict_no_headers = false;
793
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 213 $admin_fail = false;
329
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 214 if ( $this->namespace == 'Admin' && strstr($this->page_id, '/') )
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 215 {
570
+ − 216 if ( $this->send_headers )
+ − 217 {
+ − 218 $template->init_vars($this);
+ − 219 }
329
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 220 $this->page_id = substr($this->page_id, 0, strpos($this->page_id, '/'));
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 221 $funcname = "page_{$this->namespace}_{$this->page_id}";
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 222 if ( function_exists($funcname) )
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 223 {
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 224 $this->page_exists = true;
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 225 }
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 226 }
24
+ − 227 if ( isset($paths->pages[$pathskey]) )
+ − 228 {
570
+ − 229 if ( $this->send_headers )
+ − 230 {
+ − 231 $template->init_vars($this);
+ − 232 }
24
+ − 233 if ( $paths->pages[$pathskey]['special'] == 1 )
+ − 234 {
+ − 235 $this->send_headers = false;
+ − 236 $strict_no_headers = true;
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 237 $GLOBALS['output'] = new Output_Naked();
24
+ − 238 }
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 239 if ( isset($paths->pages[$pathskey]['password']) )
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 240 {
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 241 if ( $paths->pages[$pathskey]['password'] != '' && $paths->pages[$pathskey]['password'] != sha1('') )
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 242 {
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 243 $password =& $paths->pages[$pathskey]['password'];
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 244 if ( $this->password != $password )
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 245 {
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 246 $this->err_wrong_password();
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 247 return false;
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 248 }
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 249 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 250 }
793
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 251 if ( isset($paths->pages[$pathskey]['require_admin']) && $paths->pages[$pathskey]['require_admin'] )
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 252 {
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 253 if ( $session->auth_level < USER_LEVEL_ADMIN )
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 254 {
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 255 $admin_fail = true;
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 256 }
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 257 }
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 258 }
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 259 else if ( $this->namespace === $paths->namespace && $this->page_id == $paths->page_id )
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 260 {
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 261 if ( isset($paths->cpage['require_admin']) && $paths->cpage['require_admin'] )
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 262 {
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 263 if ( $session->auth_level < USER_LEVEL_ADMIN )
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 264 {
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 265 $admin_fail = true;
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 266 }
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 267 }
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 268 }
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 269 if ( $admin_fail )
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 270 {
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 271 header('Content-type: text/javascript');
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 272 echo enano_json_encode(array(
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 273 'mode' => 'error',
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 274 'error' => 'need_auth_to_admin'
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 275 ));
c0724bf6039b
Added dynamic reload-less re-auth to admin panel, so that if a session is lost it can be recovered without a reload. Support for hooking into form submits will be added in the future.
Dan
diff
changeset
+ − 276 return true;
24
+ − 277 }
61
+ − 278 if ( $this->page_exists && $this->namespace != 'Special' && $this->namespace != 'Admin' && $do_stats )
+ − 279 {
592
+ − 280 require_once(ENANO_ROOT.'/includes/stats.php');
61
+ − 281 doStats($this->page_id, $this->namespace);
+ − 282 }
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 283
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 284 // We are all done. Ship off the page.
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 285
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 286 if ( $this->send_headers )
1
+ − 287 {
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 288 $template->init_vars($this);
1
+ − 289 }
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 290
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 291 $this->ns->send();
741
+ − 292 }
+ − 293
+ − 294 /**
+ − 295 * Sends the page through by fetching it from the database.
+ − 296 */
+ − 297
+ − 298 function send_from_db($strict_no_headers = false)
+ − 299 {
+ − 300 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 301 global $lang;
+ − 302
+ − 303 // Send as regular page
+ − 304 if ( $this->send_headers )
+ − 305 {
+ − 306 $template->init_vars($this);
+ − 307 }
+ − 308
+ − 309 $text = $this->fetch_text();
+ − 310
+ − 311 if ( $text == 'err_no_text_rows' )
+ − 312 {
+ − 313 $this->err_no_rows();
+ − 314 return false;
+ − 315 }
+ − 316 else
+ − 317 {
+ − 318 $redirect = ( isset($_GET['redirect']) ) ? $_GET['redirect'] : 'YES YOU IDIOT';
+ − 319 if ( preg_match('/^#redirect \[\[([^\]]+)\]\]/i', $text, $match) && $redirect != 'no' )
570
+ − 320 {
741
+ − 321 // Redirect page!
+ − 322 $page_to = sanitize_page_id($match[1]);
+ − 323 $page_id_data = RenderMan::strToPageID($page_to);
+ − 324 if ( count($this->redirect_stack) >= 3 )
+ − 325 {
+ − 326 $this->render( (!$strict_no_headers), '<div class="usermessage"><b>' . $lang->get('page_err_redirects_exceeded') . '</b></div>' );
+ − 327 }
+ − 328 else
+ − 329 {
+ − 330 $result = $this->_handle_redirect($page_id_data[0], $page_id_data[1]);
+ − 331 if ( $result !== true )
+ − 332 {
+ − 333 // There was some error during the redirect process - usually an infinite redirect
+ − 334 $this->render( (!$strict_no_headers), '<div class="usermessage"><b>' . $result . '</b></div>' );
+ − 335 }
+ − 336 }
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 337 }
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 338 else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 339 {
741
+ − 340 $this->render( (!$strict_no_headers) );
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 341 }
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 342 }
1
+ − 343 }
+ − 344
+ − 345 /**
322
+ − 346 * Fetches the wikitext or HTML source for the page.
+ − 347 * @return string
+ − 348 */
+ − 349
+ − 350 function fetch_source()
+ − 351 {
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 352 global $db, $session, $paths, $template, $plugins; // Common objects
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 353
322
+ − 354 if ( !$this->perms->get_permissions('view_source') )
+ − 355 {
+ − 356 return false;
+ − 357 }
325
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 358 if ( !$this->page_exists )
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 359 {
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 360 return '';
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 361 }
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 362 $pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 363 if ( isset($paths->pages[$pathskey]) )
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 364 {
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 365 if ( isset($paths->pages[$pathskey]['password']) )
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 366 {
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 367 if ( $paths->pages[$pathskey]['password'] != sha1('') && $paths->pages[$pathskey]['password'] !== $this->password && !empty($paths->pages[$pathskey]['password']) )
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 368 {
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 369 return false;
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 370 }
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 371 }
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 372 }
322
+ − 373 return $this->fetch_text();
+ − 374 }
+ − 375
+ − 376 /**
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 377 * Updates (saves/changes/edits) the content of the page.
322
+ − 378 * @param string The new text for the page
+ − 379 * @param string A summary of edits made to the page.
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 380 * @param bool If true, the edit is marked as a minor revision
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 381 * @return bool True on success, false on failure. When returning false, it will push errors to the PageProcessor error stack; read with $page->pop_error()
322
+ − 382 */
+ − 383
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 384 function update_page($text, $edit_summary = false, $minor_edit = false)
322
+ − 385 {
+ − 386 global $db, $session, $paths, $template, $plugins; // Common objects
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 387 global $lang;
322
+ − 388
+ − 389 // Create the page if it doesn't exist
+ − 390 if ( !$this->page_exists )
+ − 391 {
+ − 392 if ( !$this->create_page() )
+ − 393 {
+ − 394 return false;
+ − 395 }
+ − 396 }
+ − 397
+ − 398 //
+ − 399 // Validation
+ − 400 //
+ − 401
+ − 402 $page_id = $db->escape($this->page_id);
+ − 403 $namespace = $db->escape($this->namespace);
+ − 404
+ − 405 $q = $db->sql_query('SELECT protected FROM ' . table_prefix . "pages WHERE urlname='$page_id' AND namespace='$namespace';");
+ − 406 if ( !$q )
+ − 407 $db->_die('PageProcess updating page content');
+ − 408 if ( $db->numrows() < 1 )
+ − 409 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 410 $this->raise_error($lang->get('editor_err_no_rows'));
322
+ − 411 return false;
+ − 412 }
+ − 413
+ − 414 // Do we have permission to edit the page?
+ − 415 if ( !$this->perms->get_permissions('edit_page') )
+ − 416 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 417 $this->raise_error($lang->get('editor_err_no_permission'));
322
+ − 418 return false;
+ − 419 }
+ − 420
+ − 421 list($protection) = $db->fetchrow_num();
+ − 422 $db->free_result();
+ − 423
+ − 424 if ( $protection == 1 )
+ − 425 {
+ − 426 // The page is protected - do we have permission to edit protected pages?
+ − 427 if ( !$this->perms->get_permissions('even_when_protected') )
+ − 428 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 429 $this->raise_error($lang->get('editor_err_page_protected'));
322
+ − 430 return false;
+ − 431 }
+ − 432 }
+ − 433 else if ( $protection == 2 )
+ − 434 {
+ − 435 // The page is semi-protected.
+ − 436 if (
+ − 437 ( !$session->user_logged_in || // Is the user logged in?
+ − 438 ( $session->user_logged_in && $session->reg_time + ( 4 * 86400 ) >= time() ) ) // If so, have they been registered for 4 days?
+ − 439 && !$this->perms->get_permissions('even_when_protected') ) // And of course, is there an ACL that overrides semi-protection?
+ − 440 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 441 $this->raise_error($lang->get('editor_err_page_protected'));
322
+ − 442 return false;
+ − 443 }
+ − 444 }
+ − 445
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 446 //
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 447 // Protection validated; update page content
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 448 //
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 449
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 450 $text_undb = RenderMan::preprocess_text($text, false, false);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 451 $text = $db->escape($text_undb);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 452 $author = $db->escape($session->username);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 453 $time = time();
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 454 $edit_summary = ( strval($edit_summary) === $edit_summary ) ? $db->escape($edit_summary) : '';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 455 $minor_edit = ( $minor_edit ) ? '1' : '0';
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 456 $date_string = enano_date('d M Y h:i a');
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 457
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 458 // Insert log entry
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 459 $sql = 'INSERT INTO ' . table_prefix . "logs ( time_id, date_string, log_type, action, page_id, namespace, author, page_text, edit_summary, minor_edit )\n"
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 460 . " VALUES ( $time, '$date_string', 'page', 'edit', '{$this->page_id}', '{$this->namespace}', '$author', '$text', '$edit_summary', $minor_edit );";
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 461 if ( !$db->sql_query($sql) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 462 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 463 $this->raise_error($db->get_error());
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 464 return false;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 465 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 466
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 467 // Update the master text entry
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 468 $sql = 'UPDATE ' . table_prefix . "page_text SET page_text = '$text' WHERE page_id = '{$this->page_id}' AND namespace = '{$this->namespace}';";
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 469 if ( !$db->sql_query($sql) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 470 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 471 $this->raise_error($db->get_error());
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 472 return false;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 473 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 474
468
+ − 475 // If there's an identical draft copy, delete it
+ − 476 $sql = 'DELETE FROM ' . table_prefix . "logs WHERE is_draft = 1 AND page_id = '{$this->page_id}' AND namespace = '{$this->namespace}' AND page_text = '{$text}';";
+ − 477 if ( !$db->sql_query($sql) )
+ − 478 {
+ − 479 $this->raise_error($db->get_error());
+ − 480 return false;
+ − 481 }
+ − 482
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 483 // Rebuild the search index
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 484 $paths->rebuild_page_index($this->page_id, $this->namespace);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 485
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 486 $this->text_cache = $text;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 487
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 488 return true;
322
+ − 489
+ − 490 }
+ − 491
+ − 492 /**
+ − 493 * Creates the page if it doesn't already exist.
426
+ − 494 * @param string Optional page title.
322
+ − 495 * @return bool True on success, false on failure.
+ − 496 */
+ − 497
426
+ − 498 function create_page($title = false)
322
+ − 499 {
+ − 500 global $db, $session, $paths, $template, $plugins; // Common objects
426
+ − 501 global $lang;
322
+ − 502
+ − 503 // Do we have permission to create the page?
+ − 504 if ( !$this->perms->get_permissions('create_page') )
+ − 505 {
426
+ − 506 $this->raise_error($lang->get('pagetools_create_err_no_permission'));
322
+ − 507 return false;
+ − 508 }
+ − 509
+ − 510 // Does it already exist?
+ − 511 if ( $this->page_exists )
+ − 512 {
426
+ − 513 $this->raise_error($lang->get('pagetools_create_err_already_exists'));
322
+ − 514 return false;
+ − 515 }
+ − 516
+ − 517 // It's not in there. Perform validation.
+ − 518
+ − 519 // We can't create special, admin, or external pages.
692
78473351a6c9
Changed namespace properties (including core identifier) for external pages that load the Enano API to be a uniform "API" namespace and "SystemAPI:" prefix.
Dan
diff
changeset
+ − 520 if ( $this->namespace == 'Special' || $this->namespace == 'Admin' || $this->namespace == 'API' )
322
+ − 521 {
426
+ − 522 $this->raise_error($lang->get('pagetools_create_err_nodb_namespace'));
322
+ − 523 return false;
+ − 524 }
+ − 525
+ − 526 // Guess the proper title
481
+ − 527 $name = ( !empty($title) ) ? $title : str_replace('_', ' ', dirtify_page_id($this->page_id));
322
+ − 528
+ − 529 // Check for the restricted Project: prefix
+ − 530 if ( substr($this->page_id, 0, 8) == 'Project:' )
+ − 531 {
426
+ − 532 $this->raise_error($lang->get('pagetools_create_err_reserved_prefix'));
322
+ − 533 return false;
+ − 534 }
+ − 535
+ − 536 // Validation successful - insert the page
+ − 537
+ − 538 $metadata = array(
+ − 539 'urlname' => $this->page_id,
+ − 540 'namespace' => $this->namespace,
+ − 541 'name' => $name,
+ − 542 'special' => 0,
+ − 543 'visible' => 1,
+ − 544 'comments_on' => 1,
+ − 545 'protected' => ( $this->namespace == 'System' ? 1 : 0 ),
+ − 546 'delvotes' => 0,
+ − 547 'delvote_ips' => serialize(array()),
+ − 548 'wiki_mode' => 2
+ − 549 );
+ − 550
+ − 551 $paths->add_page($metadata);
+ − 552
+ − 553 $page_id = $db->escape($this->page_id);
+ − 554 $namespace = $db->escape($this->namespace);
+ − 555 $name = $db->escape($name);
+ − 556 $protect = ( $this->namespace == 'System' ) ? '1' : '0';
+ − 557 $blank_array = $db->escape(serialize(array()));
+ − 558
+ − 559 // Query 1: Metadata entry
+ − 560 $q = $db->sql_query('INSERT INTO ' . table_prefix . "pages(name, urlname, namespace, protected, delvotes, delvote_ips, wiki_mode)\n"
+ − 561 . "VALUES ( '$name', '$page_id', '$namespace', $protect, 0, '$blank_array', 2 );");
+ − 562 if ( !$q )
+ − 563 $db->_die('PageProcessor page creation - metadata stage');
+ − 564
+ − 565 // Query 2: Text insertion
+ − 566 $q = $db->sql_query('INSERT INTO ' . table_prefix . "page_text(page_id, namespace, page_text)\n"
+ − 567 . "VALUES ( '$page_id', '$namespace', '' );");
+ − 568 if ( !$q )
+ − 569 $db->_die('PageProcessor page creation - text stage');
+ − 570
426
+ − 571 // Query 3: Log entry
+ − 572 $db->sql_query('INSERT INTO ' . table_prefix."logs(time_id, date_string, log_type, action, author, page_id, namespace)\n"
+ − 573 . " VALUES ( " . time() . ", '" . enano_date('d M Y h:i a') . "', 'page', 'create', \n"
+ − 574 . " '" . $db->escape($session->username) . "', '" . $db->escape($this->page_id) . "', '" . $this->namespace . "');");
+ − 575 if ( !$q )
+ − 576 $db->_die('PageProcessor page creation - logging stage');
+ − 577
593
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 578 // Update the cache
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 579 $paths->update_metadata_cache();
4f9bec0d65c1
More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
diff
changeset
+ − 580
322
+ − 581 // Page created. We're good!
+ − 582 return true;
+ − 583 }
+ − 584
+ − 585 /**
468
+ − 586 * Rolls back a non-edit action in the logs
+ − 587 * @param int Log entry (log_id) to roll back
+ − 588 * @return array Standard Enano error/success protocol
+ − 589 */
+ − 590
+ − 591 function rollback_log_entry($log_id)
+ − 592 {
+ − 593 global $db, $session, $paths, $template, $plugins; // Common objects
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 594 global $cache;
468
+ − 595
+ − 596 // Verify permissions
+ − 597 if ( !$this->perms->get_permissions('history_rollback') )
+ − 598 {
+ − 599 return array(
+ − 600 'success' => false,
+ − 601 'error' => 'access_denied'
+ − 602 );
+ − 603 }
+ − 604
+ − 605 // Check input
+ − 606 $log_id = intval($log_id);
+ − 607 if ( empty($log_id) )
+ − 608 {
+ − 609 return array(
+ − 610 'success' => false,
+ − 611 'error' => 'invalid_parameter'
+ − 612 );
+ − 613 }
+ − 614
+ − 615 // Fetch the log entry
+ − 616 $q = $db->sql_query('SELECT * FROM ' . table_prefix . "logs WHERE log_type = 'page' AND page_id='{$this->page_id}' AND namespace='{$this->namespace}' AND log_id = $log_id;");
+ − 617 if ( !$q )
+ − 618 $db->_die();
+ − 619
+ − 620 // Is this even a valid log entry for this context?
+ − 621 if ( $db->numrows() < 1 )
+ − 622 {
+ − 623 return array(
+ − 624 'success' => false,
+ − 625 'error' => 'entry_not_found'
+ − 626 );
+ − 627 }
+ − 628
+ − 629 // All good, fetch and free the result
+ − 630 $log_entry = $db->fetchrow();
+ − 631 $db->free_result();
+ − 632
481
+ − 633 $dateline = enano_date('d M Y h:i a', $log_entry['time_id']);
+ − 634
468
+ − 635 // Let's see, what do we have here...
+ − 636 switch ( $log_entry['action'] )
+ − 637 {
+ − 638 case 'rename':
+ − 639 // Page was renamed, let the rename method handle this
481
+ − 640 return array_merge($this->rename($log_entry['edit_summary']), array('dateline' => $dateline, 'action' => $log_entry['action']));
468
+ − 641 break;
+ − 642 case 'prot':
+ − 643 case 'unprot':
+ − 644 case 'semiprot':
481
+ − 645 return array_merge($this->protect_page(intval($log_entry['page_text']), '__REVERSION__'), array('dateline' => $dateline, 'action' => $log_entry['action']));
+ − 646 break;
+ − 647 case 'delete':
+ − 648
+ − 649 // Raising a previously dead page has implications...
+ − 650
+ − 651 // FIXME: l10n
+ − 652 // rollback_extra is required because usually only moderators can undo page deletion AND restore the content.
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 653 // potential flaw here - once recreated, can past revisions be restored by users without rollback_extra? should
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 654 // probably modify editor routine to deny revert access if the timestamp < timestamp of last deletion if any.
481
+ − 655 if ( !$this->perms->get_permissions('history_rollback_extra') )
+ − 656 return 'Administrative privileges are required for page undeletion.';
+ − 657
+ − 658 // Rolling back the deletion of a page that was since created?
+ − 659 $pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
+ − 660 if ( isset($paths->pages[$pathskey]) )
+ − 661 return array(
+ − 662 'success' => false,
+ − 663 // This is a clean Christian in-joke.
+ − 664 'error' => 'seeking_living_among_dead'
+ − 665 );
+ − 666
+ − 667 // Generate a crappy page name
+ − 668 $name = $db->escape( str_replace('_', ' ', dirtify_page_id($this->page_id)) );
+ − 669
+ − 670 // Stage 1 - re-insert page
+ − 671 $e = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace) VALUES( \'' . $name . '\', \'' . $this->page_id . '\',\'' . $this->namespace . '\' )');
+ − 672 if ( !$e )
+ − 673 $db->die_json();
+ − 674
+ − 675 // Select the latest published revision
+ − 676 $q = $db->sql_query('SELECT page_text FROM ' . table_prefix . "logs WHERE\n"
+ − 677 . " log_type = 'page'\n"
+ − 678 . " AND action = 'edit'\n"
+ − 679 . " AND page_id = '$this->page_id'\n"
+ − 680 . " AND namespace = '$this->namespace'\n"
+ − 681 . " AND is_draft != 1\n"
+ − 682 . "ORDER BY time_id DESC LIMIT 1;");
+ − 683 if ( !$q )
+ − 684 $db->die_json();
+ − 685 list($page_text) = $db->fetchrow_num();
+ − 686 $db->free_result($q);
+ − 687
+ − 688 // Apply the latest revision as the current page text
+ − 689 $page_text = $db->escape($page_text);
+ − 690 $e = $db->sql_query('INSERT INTO ' . table_prefix."page_text(page_id, namespace, page_text) VALUES\n"
+ − 691 . " ( '$this->page_id', '$this->namespace', '$page_text' );");
+ − 692 if ( !$e )
+ − 693 $db->die_json();
+ − 694
696
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 695 $cache->purge('page_meta');
bd5069e1f19a
Revamped page deletion interface; fixed bug where page_meta cache was not being cleared upon restoration of deleted page.
Dan
diff
changeset
+ − 696
481
+ − 697 return array(
+ − 698 'success' => true,
+ − 699 'dateline' => $dateline,
+ − 700 'action' => $log_entry['action']
+ − 701 );
+ − 702
+ − 703 break;
+ − 704 case 'reupload':
+ − 705
+ − 706 // given a log id and some revision info, restore the old file.
+ − 707 // get the timestamp of the file before this one
+ − 708 $q = $db->sql_query('SELECT time_id, file_key, file_extension, filename, size, mimetype FROM ' . table_prefix . "files WHERE time_id < {$log_entry['time_id']} ORDER BY time_id DESC LIMIT 1;");
+ − 709 if ( !$q )
+ − 710 $db->_die();
+ − 711
+ − 712 $row = $db->fetchrow();
+ − 713 $db->free_result();
+ − 714
+ − 715 // If the file hasn't been renamed to the new format (omitting timestamp), do that now.
+ − 716 $fname = ENANO_ROOT . "/files/{$row['file_key']}_{$row['time_id']}{$row['file_extension']}";
+ − 717 if ( @file_exists($fname) )
+ − 718 {
+ − 719 // it's stored in the old format - rename
+ − 720 $fname_new = ENANO_ROOT . "/files/{$row['file_key']}{$row['file_extension']}";
+ − 721 if ( !@rename($fname, $fname_new) )
+ − 722 {
+ − 723 return array(
+ − 724 'success' => false,
+ − 725 'error' => 'rb_file_rename_failed',
+ − 726 'action' => $log_entry['action']
+ − 727 );
+ − 728 }
+ − 729 }
+ − 730
+ − 731 // Insert a new file entry
+ − 732 $time = time();
+ − 733 $filename = $db->escape($row['filename']);
+ − 734 $mimetype = $db->escape($row['mimetype']);
+ − 735 $ext = $db->escape($row['file_extension']);
+ − 736 $key = $db->escape($row['file_key']);
+ − 737
+ − 738 $q = $db->sql_query('INSERT INTO ' . table_prefix . "files ( time_id, page_id, filename, size, mimetype, file_extension, file_key ) VALUES\n"
+ − 739 . " ( $time, '$this->page_id', '$filename', {$row['size']}, '$mimetype', '$ext', '$key' );");
+ − 740 if ( !$q )
+ − 741 $db->die_json();
+ − 742
+ − 743 // add reupload log entry
+ − 744 $username = $db->escape($session->username);
+ − 745 $q = $db->sql_query('INSERT INTO ' . table_prefix . "logs ( log_type, action, time_id, page_id, namespace, author, edit_summary ) VALUES\n"
+ − 746 . " ( 'page', 'reupload', $time, '$this->page_id', '$this->namespace', '$username', '__ROLLBACK__' )");
+ − 747 if ( !$q )
+ − 748 $db->die_json();
+ − 749
+ − 750 return array(
+ − 751 'success' => true,
+ − 752 'dateline' => $dateline,
+ − 753 'action' => $log_entry['action']
+ − 754 );
+ − 755
468
+ − 756 break;
+ − 757 default:
481
+ − 758
+ − 759 return array(
+ − 760 'success' => false,
+ − 761 'error' => 'rb_action_not_supported',
+ − 762 'action' => $log_entry['action']
+ − 763 );
+ − 764
468
+ − 765 break;
+ − 766 }
+ − 767 }
+ − 768
+ − 769 /**
+ − 770 * Renames the page
+ − 771 * @param string New name
+ − 772 * @return array Standard Enano error/success protocol
+ − 773 */
+ − 774
+ − 775 function rename_page($new_name)
+ − 776 {
+ − 777 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 778
+ − 779 // Check permissions
+ − 780 if ( !$this->perms->get_permissions('rename') )
+ − 781 {
+ − 782 return array(
+ − 783 'success' => false,
+ − 784 'error' => 'access_denied'
+ − 785 );
+ − 786 }
+ − 787
+ − 788 // If this is the same as the current name, return success
+ − 789 $page_name = get_page_title_ns($this->page_id, $this->namespace);
+ − 790 if ( $page_name === $new_name )
+ − 791 {
+ − 792 return array(
+ − 793 'success' => true
+ − 794 );
+ − 795 }
+ − 796
+ − 797 // Make sure the name is valid
+ − 798 $new_name = trim($new_name);
+ − 799 if ( empty($new_name) )
+ − 800 {
+ − 801 return array(
+ − 802 'success' => false,
+ − 803 'error' => 'invalid_parameter'
+ − 804 );
+ − 805 }
+ − 806
+ − 807 // Log the action
+ − 808 $username = $db->escape($session->username);
+ − 809 $page_name = $db->escape($page_name);
+ − 810 $time = time();
+ − 811
+ − 812 $q = $db->sql_query('INSERT INTO ' . table_prefix . "logs ( log_type, action, page_id, namespace, author, edit_summary, time_id, date_string ) VALUES\n"
+ − 813 . " ( 'page', 'rename', '{$this->page_id}', '{$this->namespace}', '$username', '$page_name', '$time', 'DATE_STRING COLUMN OBSOLETE, USE time_id' );");
+ − 814 if ( !$q )
+ − 815 $db->_die();
+ − 816
+ − 817 // Not much to do but to rename it now
+ − 818 $new_name = $db->escape($new_name);
+ − 819 $q = $db->sql_query('UPDATE ' . table_prefix . "pages SET name = '$new_name' WHERE urlname = '{$this->page_id}' AND namespace = '{$this->namespace}';");
+ − 820 if ( !$q )
+ − 821 $db->_die();
+ − 822
600
46abecc238e7
Fixed missing require() on stats.php in pageprocess; made pageprocess update the metadata cache on page rename
Dan
diff
changeset
+ − 823 // Update the cache
46abecc238e7
Fixed missing require() on stats.php in pageprocess; made pageprocess update the metadata cache on page rename
Dan
diff
changeset
+ − 824 $paths->update_metadata_cache();
46abecc238e7
Fixed missing require() on stats.php in pageprocess; made pageprocess update the metadata cache on page rename
Dan
diff
changeset
+ − 825
468
+ − 826 return array(
+ − 827 'success' => true
+ − 828 );
+ − 829 }
+ − 830
+ − 831 /**
+ − 832 * Sets the protection level of the page
+ − 833 * @param int Protection level, one of PROTECT_{FULL,SEMI,NONE}
+ − 834 * @param string Reason for protection - required
+ − 835 */
+ − 836
+ − 837 function protect_page($protection_level, $reason)
+ − 838 {
+ − 839 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 840
+ − 841 // Validate permissions
+ − 842 if ( !$this->perms->get_permissions('protect') )
+ − 843 {
+ − 844 return array(
+ − 845 'success' => false,
+ − 846 'error' => 'access_denied'
+ − 847 );
+ − 848 }
+ − 849
+ − 850 // Validate input
+ − 851 $reason = trim($reason);
+ − 852 if ( !in_array($protection_level, array(PROTECT_NONE, PROTECT_FULL, PROTECT_SEMI)) || empty($reason) )
+ − 853 {
+ − 854 return array(
+ − 855 'success' => false,
+ − 856 'error' => 'invalid_parameter'
+ − 857 );
+ − 858 }
+ − 859
+ − 860 // Retrieve page metadata
+ − 861 $pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
+ − 862 if ( !isset($paths->pages[$pathskey]) )
+ − 863 {
+ − 864 return array(
+ − 865 'success' => false,
+ − 866 'error' => 'page_metadata_not_found'
+ − 867 );
+ − 868 }
+ − 869 $metadata =& $paths->pages[$pathskey];
+ − 870
+ − 871 // Log the action
+ − 872 $username = $db->escape($session->username);
+ − 873 $time = time();
+ − 874 $existing_protection = intval($metadata['protected']);
+ − 875 $reason = $db->escape($reason);
+ − 876
481
+ − 877 if ( $existing_protection == $protection_level )
+ − 878 {
+ − 879 return array(
+ − 880 'success' => false,
+ − 881 'error' => 'protection_already_there'
+ − 882 );
+ − 883 }
+ − 884
468
+ − 885 $action = '[ insanity ]';
+ − 886 switch($protection_level)
+ − 887 {
+ − 888 case PROTECT_FULL: $action = 'prot'; break;
+ − 889 case PROTECT_NONE: $action = 'unprot'; break;
+ − 890 case PROTECT_SEMI: $action = 'semiprot'; break;
+ − 891 }
+ − 892
+ − 893 $sql = 'INSERT INTO ' . table_prefix . "logs ( log_type, action, page_id, namespace, author, edit_summary, time_id, page_text, date_string ) VALUES\n"
+ − 894 . " ( 'page', '$action', '{$this->page_id}', '{$this->namespace}', '$username', '$reason', '$time', '$existing_protection', 'DATE_STRING COLUMN OBSOLETE, USE time_id' );";
+ − 895 if ( !$db->sql_query($sql) )
+ − 896 {
481
+ − 897 $db->die_json();
468
+ − 898 }
+ − 899
+ − 900 // Perform the actual protection
+ − 901 $q = $db->sql_query('UPDATE ' . table_prefix . "pages SET protected = $protection_level WHERE urlname = '{$this->page_id}' AND namespace = '{$this->namespace}';");
+ − 902 if ( !$q )
481
+ − 903 $db->die_json();
468
+ − 904
+ − 905 return array(
+ − 906 'success' => true
+ − 907 );
+ − 908 }
+ − 909
+ − 910 /**
1
+ − 911 * Sets internal variables.
+ − 912 * @access private
+ − 913 */
+ − 914
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 915 function _setup($page_id, $namespace, $revision_id)
1
+ − 916 {
+ − 917 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 918
+ − 919 $page_id_cleaned = sanitize_page_id($page_id);
+ − 920
+ − 921 $this->page_id = $page_id_cleaned;
+ − 922 $this->namespace = $namespace;
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 923 $this->revision_id = $revision_id;
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 924 $this->page_id_unclean = dirtify_page_id($page_id);
1
+ − 925
+ − 926 $this->perms = $session->fetch_page_acl( $page_id, $namespace );
+ − 927
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 928 // resolve namespace
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 929 $this->ns = namespace_factory($this->page_id, $this->namespace, $this->revision_id);
426
+ − 930
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 931 $this->page_exists = $this->ns->exists();
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 932 $this->title = get_page_title_ns($this->page_id, $this->namespace);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 933
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 934 profiler_log("PageProcessor [{$this->namespace}:{$this->page_id}]: Ran _setup()");
1
+ − 935 }
+ − 936
+ − 937 /**
+ − 938 * Renders it all in one go, and echoes it out. This assumes that the text is in the DB.
+ − 939 * @access private
+ − 940 */
+ − 941
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 942 function render($incl_inner_headers = true, $_errormsg = false)
1
+ − 943 {
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 944 global $db, $session, $paths, $template, $plugins; // Common objects
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 945 global $output, $lang;
592
+ − 946
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 947 if ( count($this->redirect_stack) > 0 )
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 948 {
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 949 $stack = array_reverse($this->redirect_stack);
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 950 foreach ( $stack as $oldtarget )
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 951 {
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 952 $url = makeUrlNS($oldtarget[1], $oldtarget[0], 'redirect=no', true);
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 953 $page_id_key = $paths->nslist[ $oldtarget[1] ] . $oldtarget[0];
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 954 $page_data = $paths->pages[$page_id_key];
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 955 $title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$oldtarget[1]] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $oldtarget[0] ) ) );
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 956 $a = '<a href="' . $url . '">' . $title . '</a>';
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 957 $output->add_after_header('<small>' . $lang->get('page_msg_redirected_from', array('from' => $a)) . '<br /></small>');
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 958 }
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 959 }
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 960 $this->ns->send($incl_inner_headers, $_errormsg);
1
+ − 961 }
+ − 962
+ − 963 /**
+ − 964 * Sends the page header, dependent on, of course, whether we're supposed to.
+ − 965 */
+ − 966
+ − 967 function header()
+ − 968 {
+ − 969 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 970 if ( $this->send_headers )
+ − 971 $template->header();
+ − 972 }
+ − 973
+ − 974 /**
+ − 975 * Sends the page footer, dependent on, of course, whether we're supposed to.
+ − 976 */
+ − 977
+ − 978 function footer()
+ − 979 {
+ − 980 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 981 if ( $this->send_headers )
+ − 982 $template->footer();
+ − 983 }
+ − 984
+ − 985 /**
+ − 986 * Fetches the raw, unfiltered page text.
+ − 987 * @access public
+ − 988 */
+ − 989
+ − 990 function fetch_text()
+ − 991 {
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 992 return $this->ns->fetch_text();
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 993 }
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 994
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 995 /**
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 996 * Pushes to the redirect stack and resets the instance. This depends on the page ID and namespace already being validated and sanitized, and does not check the size of the redirect stack.
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 997 * @param string Page ID to redirect to
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 998 * @param string Namespace to redirect to
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 999 * @access private
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1000 */
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1001
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1002 function _handle_redirect($page_id, $namespace)
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1003 {
92
+ − 1004 global $db, $session, $paths, $template, $plugins; // Common objects
314
+ − 1005 global $lang;
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1006 $arr_pid = array($this->page_id, $this->namespace);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1007 if ( $namespace == 'Special' || $namespace == 'Admin' )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1008 {
314
+ − 1009 return $lang->get('page_err_redirect_to_special');
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1010 }
314
+ − 1011 $looped = false;
+ − 1012 foreach ( $this->redirect_stack as $page )
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1013 {
314
+ − 1014 if ( $page[0] == $arr_pid[0] && $page[1] == $arr_pid[1] )
+ − 1015 {
+ − 1016 $looped = true;
+ − 1017 break;
+ − 1018 }
+ − 1019 }
+ − 1020 if ( $looped )
+ − 1021 {
+ − 1022 return $lang->get('page_err_redirect_infinite_loop');
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1023 }
92
+ − 1024 $page_id_key = $paths->nslist[ $namespace ] . sanitize_page_id($page_id);
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1025 if ( !isset($paths->pages[$page_id_key]) )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1026 {
314
+ − 1027 return $lang->get('page_err_redirect_to_nonexistent');
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1028 }
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1029 $this->redirect_stack[] = $arr_pid;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1030
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1031
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1032 // Nuke the text cache to avoid infinite loops, gah...
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1033 $this->text_cache = '';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1034 $this->_setup($page_id, $namespace, 0);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1035 $this->send();
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1036 return true;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1037 }
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1038
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1039 /**
1
+ − 1040 * Send the error message to the user that the access to this page is denied.
+ − 1041 * @access private
+ − 1042 */
+ − 1043
+ − 1044 function err_access_denied()
+ − 1045 {
+ − 1046 global $db, $session, $paths, $template, $plugins; // Common objects
314
+ − 1047 global $lang;
+ − 1048 global $email;
1
+ − 1049
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1050 // Log it for crying out loud
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1051 $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'illegal_page\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$db->escape($session->username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(serialize(array($this->page_id, $this->namespace))) . '\')');
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1052
1
+ − 1053 $ob = '';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1054 //$template->tpl_strings['PAGE_NAME'] = 'Access denied';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1055 $template->tpl_strings['PAGE_NAME'] = htmlspecialchars( $this->title );
1
+ − 1056
+ − 1057 if ( $this->send_headers )
+ − 1058 {
+ − 1059 $ob .= $template->getHeader();
+ − 1060 }
+ − 1061
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1062 if ( count($this->redirect_stack) > 0 )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1063 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1064 $stack = array_reverse($this->redirect_stack);
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1065 foreach ( $stack as $oldtarget )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1066 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1067 $url = makeUrlNS($oldtarget[1], $oldtarget[0], 'redirect=no', true);
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1068 $page_id_key = $paths->nslist[ $oldtarget[1] ] . $oldtarget[0];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1069 $page_data = $paths->pages[$page_id_key];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1070 $title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$oldtarget[1]] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $oldtarget[0] ) ) );
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1071 $a = '<a href="' . $url . '">' . $title . '</a>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1072
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1073 $url = makeUrlNS($this->namespace, $this->page_id, 'redirect=no', true);
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1074 $page_id_key = $paths->nslist[ $this->namespace ] . $this->page_id;
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1075 $page_data = $paths->pages[$page_id_key];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1076 $title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$this->namespace] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $this->page_id ) ) );
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1077 $b = '<a href="' . $url . '">' . $title . '</a>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1078
369
+ − 1079 $ob .= '<small>' . $lang->get('page_msg_redirected_from_to', array('from' => $a, 'to' => $b)) . '<br /></small>';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1080 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1081 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1082
314
+ − 1083 $email_link = $email->encryptEmail(getConfig('contact_email'), '', '', $lang->get('page_err_access_denied_siteadmin'));
+ − 1084
+ − 1085 $ob .= "<h3>" . $lang->get('page_err_access_denied_title') . "</h3>";
+ − 1086 $ob .= "<p>" . $lang->get('page_err_access_denied_body', array('site_administration' => $email_link)) . "</p>";
1
+ − 1087
+ − 1088 if ( $this->send_headers )
+ − 1089 {
+ − 1090 $ob .= $template->getFooter();
+ − 1091 }
+ − 1092 echo $ob;
+ − 1093 }
+ − 1094
+ − 1095 /**
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1096 * Inform the user of an incorrect or absent password
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1097 * @access private
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1098 */
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1099
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1100 function err_wrong_password()
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1101 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1102 global $db, $session, $paths, $template, $plugins; // Common objects
369
+ − 1103 global $lang;
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1104
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 1105 $title = $lang->get('page_msg_passrequired_title');
369
+ − 1106 $message = ( empty($this->password) ) ?
+ − 1107 '<p>' . $lang->get('page_msg_passrequired') . '</p>' :
+ − 1108 '<p>' . $lang->get('page_msg_pass_wrong') . '</p>';
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1109 $message .= '<form action="' . makeUrlNS($this->namespace, $this->page_id) . '" method="post">
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1110 <p>
800
9cdfe82c56cd
Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
diff
changeset
+ − 1111 <label>' . $lang->get('page_lbl_password') . ' <input name="pagepass" type="password" /></label> <input type="submit" value="' . $lang->get('page_btn_password_submit') . '" />
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1112 </p>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1113 </form>';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1114 if ( $this->send_headers )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1115 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1116 $template->tpl_strings['PAGE_NAME'] = $title;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1117 $template->header();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1118 echo "$message";
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1119 $template->footer();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1120 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1121 else
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1122 {
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1123 echo "<h2>$title</h2>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1124 $message";
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1125 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1126 }
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1127
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1128 /**
1
+ − 1129 * Send the error message to the user complaining that there weren't any rows.
+ − 1130 * @access private
+ − 1131 */
+ − 1132
+ − 1133 function err_no_rows()
+ − 1134 {
+ − 1135 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1136
+ − 1137 $title = 'No text rows';
+ − 1138 $message = 'While the page\'s existence was verified, there were no rows in the database that matched the query for the text. This may indicate a bug with the software; ask the webmaster for more information. The offending query was:<pre>' . $db->latest_query . '</pre>';
+ − 1139 if ( $this->send_headers )
+ − 1140 {
+ − 1141 $template->tpl_strings['PAGE_NAME'] = $title;
+ − 1142 $template->header();
+ − 1143 echo "<p>$message</p>";
+ − 1144 $template->footer();
+ − 1145 }
+ − 1146 else
+ − 1147 {
+ − 1148 echo "<h2>$title</h2>
+ − 1149 <p>$message</p>";
+ − 1150 }
+ − 1151 }
+ − 1152
+ − 1153 /**
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1154 * Send an error message and die. For debugging or critical technical errors only - nothing that would under normal circumstances be shown to the user.
468
+ − 1155 * @param string Error message
+ − 1156 * @param bool If true, send DBAL's debugging information as well
1
+ − 1157 */
+ − 1158
+ − 1159 function send_error($message, $sql = false)
+ − 1160 {
+ − 1161 global $db, $session, $paths, $template, $plugins; // Common objects
369
+ − 1162 global $lang;
1
+ − 1163
+ − 1164 $content = "<p>$message</p>";
369
+ − 1165 $template->tpl_strings['PAGE_NAME'] = $lang->get('page_msg_general_error');
1
+ − 1166
+ − 1167 if ( $this->debug['works'] )
+ − 1168 {
+ − 1169 $content .= $this->debug['backtrace'];
+ − 1170 }
+ − 1171
+ − 1172 header('HTTP/1.1 500 Internal Server Error');
+ − 1173
+ − 1174 $template->header();
+ − 1175 echo $content;
+ − 1176 $template->footer();
+ − 1177
+ − 1178 $db->close();
+ − 1179
+ − 1180 exit;
+ − 1181
+ − 1182 }
+ − 1183
322
+ − 1184 /**
+ − 1185 * Raises an error.
+ − 1186 * @param string Error string
+ − 1187 */
+ − 1188
+ − 1189 function raise_error($string)
+ − 1190 {
+ − 1191 if ( !is_string($string) )
+ − 1192 return false;
+ − 1193 $this->_errors[] = $string;
+ − 1194 }
+ − 1195
+ − 1196 /**
+ − 1197 * Retrieves the latest error from the error stack and returns it ('pops' the error stack)
+ − 1198 * @return string
+ − 1199 */
+ − 1200
+ − 1201 function pop_error()
+ − 1202 {
+ − 1203 if ( count($this->_errors) < 1 )
+ − 1204 return false;
+ − 1205 return array_pop($this->_errors);
+ − 1206 }
+ − 1207
1
+ − 1208 } // class PageProcessor
+ − 1209
+ − 1210 ?>