321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 1 <?php
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 2
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 3 /*
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 4 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
536
+ − 5 * Version 1.1.4 (Caoineag alpha 4)
+ − 6 * Copyright (C) 2006-2008 Dan Fuhry
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 7 *
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 8 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 9 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 10 *
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 11 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 12 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 13 */
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 14
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 15 define('ENANO_INTERFACE_AJAX', '');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 16
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 17 // fillusername should be done without the help of the rest of Enano - all we need is the DBAL
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 18 if ( isset($_GET['_mode']) && $_GET['_mode'] == 'fillusername' )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 19 {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 20 // setup and load a very basic, specialized instance of the Enano API
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 21 function microtime_float()
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 22 {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 23 list($usec, $sec) = explode(" ", microtime());
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 24 return ((float)$usec + (float)$sec);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 25 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 26 // Determine directory (special case for development servers)
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 27 if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 28 {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 29 $filename = str_replace('/repo/', '/', __FILE__);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 30 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 31 else
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 32 {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 33 $filename = __FILE__;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 34 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 35 define('ENANO_ROOT', dirname($filename));
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 36 require(ENANO_ROOT.'/includes/functions.php');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 37 require(ENANO_ROOT.'/includes/dbal.php');
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 38 require(ENANO_ROOT.'/includes/json2.php');
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 39
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 40 require(ENANO_ROOT . '/config.php');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 41 unset($dbuser, $dbpasswd);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 42 if ( !isset($dbdriver) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 43 $dbdriver = 'mysql';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 44
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 45 $db = new $dbdriver();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 46
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 47 $db->connect();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 48
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 49 // result is sent using JSON
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 50 $return = Array(
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 51 'mode' => 'success',
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 52 'users_real' => Array()
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 53 );
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 54
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 55 // should be connected to the DB now
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 56 $name = (isset($_GET['name'])) ? $db->escape($_GET['name']) : false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 57 if ( !$name )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 58 {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 59 $return = array(
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 60 'mode' => 'error',
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 61 'error' => 'Invalid URI'
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 62 );
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 63 die( enano_json_encode($return) );
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 64 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 65 $allowanon = ( isset($_GET['allowanon']) && $_GET['allowanon'] == '1' ) ? '' : ' AND user_id > 1';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 66 $q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE ' . ENANO_SQLFUNC_LOWERCASE . '(username) LIKE ' . ENANO_SQLFUNC_LOWERCASE . '(\'%'.$name.'%\')' . $allowanon . ' ORDER BY username ASC;');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 67 if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 68 {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 69 $db->die_json();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 70 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 71 $i = 0;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 72 while($r = $db->fetchrow())
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 73 {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 74 $return['users_real'][] = $r['username'];
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 75 $i++;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 76 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 77 $db->free_result();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 78
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 79 // all done! :-)
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 80 $db->close();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 81
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 82 echo enano_json_encode( $return );
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 83
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 84 exit;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 85 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 86
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 87 require('includes/common.php');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 88
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 89 global $db, $session, $paths, $template, $plugins; // Common objects
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 90 if(!isset($_GET['_mode'])) die('This script cannot be accessed directly.');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 91
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 92 $_ob = '';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 93
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 94 switch($_GET['_mode']) {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 95 case "checkusername":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 96 echo PageUtils::checkusername($_GET['name']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 97 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 98 case "getsource":
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 99 header('Content-type: text/plain');
324
+ − 100 $password = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 101 $revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0;
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 102 $page = new PageProcessor($paths->page_id, $paths->namespace, $revid);
324
+ − 103 $page->password = $password;
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 104 $have_draft = false;
324
+ − 105 if ( $src = $page->fetch_source() )
+ − 106 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 107 $allowed = true;
417
+ − 108 $q = $db->sql_query('SELECT author, time_id, page_text, edit_summary FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 109 AND page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 110 AND namespace = \'' . $db->escape($paths->namespace) . '\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 111 AND is_draft = 1;');
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 112 if ( !$q )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 113 $db->die_json();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 114
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 115 if ( $db->numrows() > 0 )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 116 {
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 117 $have_draft = true;
419
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
diff
changeset
+ − 118 $draft_row = $db->fetchrow($q);
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 119 }
324
+ − 120 }
325
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 121 else if ( $src !== false )
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 122 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 123 $allowed = true;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 124 $src = '';
325
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 125 }
324
+ − 126 else
+ − 127 {
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 128 $allowed = false;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 129 $src = '';
324
+ − 130 }
336
+ − 131
+ − 132 $auth_edit = ( $session->get_permissions('edit_page') && ( $session->get_permissions('even_when_protected') || !$paths->page_protected ) );
387
92664d2efab8
Rebranded source code as 1.1.1; added TinyMCE ACL rule as per Vadi's request: http://forum.enanocms.org/viewtopic.php?f=7&t=54
Dan
diff
changeset
+ − 133 $auth_wysiwyg = ( $session->get_permissions('edit_wysiwyg') );
336
+ − 134
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 135 $return = array(
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 136 'mode' => 'editor',
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 137 'src' => $src,
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 138 'auth_view_source' => $allowed,
336
+ − 139 'auth_edit' => $auth_edit,
+ − 140 'time' => time(),
+ − 141 'require_captcha' => false,
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 142 'allow_wysiwyg' => $auth_wysiwyg,
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 143 'revid' => $revid,
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 144 'have_draft' => false
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 145 );
336
+ − 146
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 147 if ( $have_draft )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 148 {
419
b8b4e38825db
Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
diff
changeset
+ − 149 $row =& $draft_row;
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 150 $return['have_draft'] = true;
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 151 $return['draft_author'] = $row['author'];
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 152 $return['draft_time'] = enano_date('d M Y h:i a', intval($row['time_id']));
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 153 if ( isset($_GET['get_draft']) && @$_GET['get_draft'] === '1' )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 154 {
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 155 $return['src'] = $row['page_text'];
417
+ − 156 $return['edit_summary'] = $row['edit_summary'];
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 157 }
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 158 }
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 159
468
+ − 160 $return['undo_info'] = array();
+ − 161
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 162 if ( $revid > 0 )
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 163 {
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 164 // Retrieve information about this revision and the current one
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 165 $q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 166 LEFT JOIN ' . table_prefix . 'logs AS l2
468
+ − 167 ON ( l2.log_id = ' . $revid . '
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 168 AND l2.log_type = \'page\'
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 169 AND l2.action = \'edit\'
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 170 AND l2.page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 171 AND l2.namespace = \'' . $db->escape($paths->namespace) . '\'
468
+ − 172 AND l2.is_draft != 1
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 173 )
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 174 WHERE l1.log_type = \'page\'
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 175 AND l1.action = \'edit\'
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 176 AND l1.page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 177 AND l1.namespace = \'' . $db->escape($paths->namespace) . '\'
468
+ − 178 AND l1.time_id > ' . $page->revision_time . '
+ − 179 AND l1.is_draft != 1
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 180 ORDER BY l1.time_id DESC;');
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 181 if ( !$q )
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 182 $db->die_json();
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 183
468
+ − 184 if ( $db->numrows() > 0 )
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 185 {
468
+ − 186 $rev_count = $db->numrows() - 1;
+ − 187 if ( $rev_count == -1 )
+ − 188 {
+ − 189 $return = array(
+ − 190 'mode' => 'error',
+ − 191 'error' => '[Internal] No rows returned by revision info query. SQL:<pre>' . $db->latest_query . '</pre>'
+ − 192 );
+ − 193 }
+ − 194 else
+ − 195 {
+ − 196 $row = $db->fetchrow();
+ − 197 $return['undo_info'] = array(
+ − 198 'old_author' => $row['oldrev_author'],
+ − 199 'current_author' => $row['currentrev_author'],
+ − 200 'undo_count' => $rev_count
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 201 );
468
+ − 202 }
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 203 }
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 204 else
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 205 {
468
+ − 206 $return['revid'] = $revid = 0;
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 207 }
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 208 }
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 209
336
+ − 210 if ( $auth_edit && !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
+ − 211 {
+ − 212 $return['require_captcha'] = true;
+ − 213 $return['captcha_id'] = $session->make_captcha();
+ − 214 }
+ − 215
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 216 $template->load_theme();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 217 $return['toolbar_templates'] = $template->extract_vars('toolbar.tpl');
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 218
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 219 echo enano_json_encode($return);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 220 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 221 case "getpage":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 222 // echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 223 $revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
324
+ − 224 $page = new PageProcessor( $paths->page_id, $paths->namespace, $revision_id );
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 225
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 226 $pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : '';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 227 $page->password = $pagepass;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 228
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 229 $page->send();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 230 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 231 case "savepage":
468
+ − 232 /* **** OBSOLETE **** */
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 233 $summ = ( isset($_POST['summary']) ) ? $_POST['summary'] : '';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 234 $minor = isset($_POST['minor']);
324
+ − 235 $e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['text'], $summ, $minor);
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 236 if ( $e == 'good' )
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 237 {
324
+ − 238 $page = new PageProcessor($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 239 $page->send();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 240 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 241 else
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 242 {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 243 echo '<p>Error saving the page: '.$e.'</p>';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 244 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 245 break;
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 246 case "savepage_json":
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 247 header('Content-type: application/json');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 248 if ( !isset($_POST['r']) )
550
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 249 die('Invalid request');
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 250
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 251 $request = enano_json_decode($_POST['r']);
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 252 if ( !isset($request['src']) || !isset($request['summary']) || !isset($request['minor_edit']) || !isset($request['time']) || !isset($request['draft']) )
550
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 253 die('Invalid request');
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 254
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 255 $time = intval($request['time']);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 256
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 257 if ( $request['draft'] )
336
+ − 258 {
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 259 //
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 260 // The user wants to save a draft version of the page.
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 261 //
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 262
550
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 263 // Validate permissions
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 264 if ( !$session->get_permissions('edit_page') )
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 265 {
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 266 $return = array(
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 267 'mode' => 'error',
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 268 'error' => 'access_denied'
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 269 );
550
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 270 }
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 271 else
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 272 {
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 273 // Delete any draft copies if they exist
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 274 $q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 275 AND page_id = \'' . $db->escape($paths->page_id) . '\'
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 276 AND namespace = \'' . $db->escape($paths->namespace) . '\'
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 277 AND is_draft = 1;');
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 278 if ( !$q )
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 279 $db->die_json();
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 280
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 281 // are we just supposed to delete the draft?
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 282 if ( $request['src'] === -1 )
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 283 {
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 284 $return = array(
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 285 'mode' => 'success',
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 286 'is_draft' => 'delete'
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 287 );
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 288 }
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 289 else
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 290 {
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 291 $src = RenderMan::preprocess_text($request['src'], false, false);
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 292
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 293 // Save the draft
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 294 $q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs ( log_type, action, page_id, namespace, author, edit_summary, page_text, is_draft, time_id )
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 295 VALUES (
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 296 \'page\',
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 297 \'edit\',
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 298 \'' . $db->escape($paths->page_id) . '\',
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 299 \'' . $db->escape($paths->namespace) . '\',
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 300 \'' . $db->escape($session->username) . '\',
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 301 \'' . $db->escape($request['summary']) . '\',
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 302 \'' . $db->escape($src) . '\',
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 303 1,
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 304 ' . time() . '
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 305 );');
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 306
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 307 // Done!
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 308 $return = array(
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 309 'mode' => 'success',
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 310 'is_draft' => true
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 311 );
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 312 }
685e839d934e
Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
diff
changeset
+ − 313 }
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 314 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 315 else
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 316 {
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 317 // Verify that no edits have been made since the editor was requested
416
+ − 318 $q = $db->sql_query('SELECT time_id, author FROM ' . table_prefix . "logs WHERE log_type = 'page' AND action = 'edit' AND page_id = '{$paths->page_id}' AND namespace = '{$paths->namespace}' AND is_draft != 1 ORDER BY time_id DESC LIMIT 1;");
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 319 if ( !$q )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 320 $db->die_json();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 321
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 322 $row = $db->fetchrow();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 323 $db->free_result();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 324
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 325 if ( $row['time_id'] > $time )
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 326 {
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 327 $return = array(
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 328 'mode' => 'obsolete',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 329 'author' => $row['author'],
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 330 'date_string' => enano_date('d M Y h:i a', $row['time_id']),
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 331 'time' => $row['time_id'] // time() ???
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 332 );
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 333 echo enano_json_encode($return);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 334 break;
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 335 }
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 336
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 337 // Verify captcha, if needed
555
ac4c6a7f01d8
Added user preference for disabling visual effects in Javascript applets; added re-import button to installed plugins
Dan
diff
changeset
+ − 338 if ( false && !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
336
+ − 339 {
413
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 340 if ( !isset($request['captcha_id']) || !isset($request['captcha_code']) )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 341 {
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 342 die('Invalid request, need captcha metadata');
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 343 }
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 344 $code_correct = strtolower($session->get_captcha($request['captcha_id']));
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 345 $code_input = strtolower($request['captcha_code']);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 346 if ( $code_correct !== $code_input )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 347 {
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 348 $return = array(
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 349 'mode' => 'errors',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 350 'errors' => array($lang->get('editor_err_captcha_wrong')),
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 351 'new_captcha' => $session->make_captcha()
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 352 );
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 353 echo enano_json_encode($return);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 354 break;
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 355 }
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 356 }
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 357
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 358 // Verification complete. Start the PageProcessor and let it do the dirty work for us.
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 359 $page = new PageProcessor($paths->page_id, $paths->namespace);
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 360 if ( $page->update_page($request['src'], $request['summary'], ( $request['minor_edit'] == 1 )) )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 361 {
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 362 $return = array(
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 363 'mode' => 'success',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 364 'is_draft' => false
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 365 );
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 366 }
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 367 else
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 368 {
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 369 $errors = array();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 370 while ( $err = $page->pop_error() )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 371 {
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 372 $errors[] = $err;
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 373 }
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 374 $return = array(
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 375 'mode' => 'errors',
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 376 'errors' => array_values($errors)
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 377 );
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 378 if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 379 {
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 380 $return['new_captcha'] = $session->make_captcha();
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 381 }
6607cd646d6d
Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
diff
changeset
+ − 382 }
468
+ − 383 }
+ − 384
+ − 385 // If this is based on a draft version, delete the draft - we no longer need it.
472
bc4b58034f4d
Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
diff
changeset
+ − 386 if ( @$request['used_draft'] && !$request['draft'] )
468
+ − 387 {
+ − 388 $q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
+ − 389 AND page_id = \'' . $db->escape($paths->page_id) . '\'
+ − 390 AND namespace = \'' . $db->escape($paths->namespace) . '\'
+ − 391 AND is_draft = 1;');
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 392 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 393
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 394 echo enano_json_encode($return);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 395
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 396 break;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 397 case "diff_cur":
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 398
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 399 // Lie about our content type to fool ad scripts
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 400 header('Content-type: application/xhtml+xml');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 401
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 402 if ( !isset($_POST['text']) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 403 die('Invalid request');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 404
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 405 $page = new PageProcessor($paths->page_id, $paths->namespace);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 406 if ( !($src = $page->fetch_source()) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 407 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 408 die('Access denied');
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 409 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 410
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 411 $diff = RenderMan::diff($src, $_POST['text']);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 412 if ( $diff == '<table class="diff"></table>' )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 413 {
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 414 $diff = '<p>' . $lang->get('editor_msg_diff_empty') . '</p>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 415 }
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 416
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 417 echo '<div class="info-box">' . $lang->get('editor_msg_diff') . '</div>';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 418 echo $diff;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 419
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 420 break;
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 421 case "protect":
468
+ − 422 // echo PageUtils::protect($paths->page_id, $paths->namespace, (int)$_POST['level'], $_POST['reason']);
481
+ − 423
+ − 424 if ( @$_POST['reason'] === '__ROLLBACK__' )
+ − 425 {
+ − 426 // __ROLLBACK__ is a keyword for log entries.
+ − 427 die('"__ROLLBACK__" ain\'t gonna do it, buddy. Try to _not_ use reserved keywords next time, ok?');
+ − 428 }
+ − 429
468
+ − 430 $page = new PageProcessor($paths->page_id, $paths->namespace);
+ − 431 header('Content-type: application/json');
+ − 432
+ − 433 $result = $page->protect_page(intval($_POST['level']), $_POST['reason']);
+ − 434 echo enano_json_encode($result);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 435 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 436 case "histlist":
324
+ − 437 echo PageUtils::histlist($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 438 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 439 case "rollback":
468
+ − 440 $id = intval(@$_GET['id']);
+ − 441 $page = new PageProcessor($paths->page_id, $paths->namespace);
+ − 442 header('Content-type: application/json');
+ − 443
+ − 444 $result = $page->rollback_log_entry($id);
+ − 445 echo enano_json_encode($result);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 446 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 447 case "comments":
324
+ − 448 $comments = new Comments($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 449 if ( isset($_POST['data']) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 450 {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 451 $comments->process_json($_POST['data']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 452 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 453 else
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 454 {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 455 die('{ "mode" : "error", "error" : "No input" }');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 456 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 457 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 458 case "rename":
468
+ − 459 $page = new PageProcessor($paths->page_id, $paths->namespace);
+ − 460 header('Content-type: application/json');
+ − 461
+ − 462 $result = $page->rename_page($_POST['newtitle']);
+ − 463 echo enano_json_encode($result);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 464 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 465 case "flushlogs":
324
+ − 466 echo PageUtils::flushlogs($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 467 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 468 case "deletepage":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 469 $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 470 if ( empty($reason) )
378
c1c7fa6b329f
Got Enano to load even if there are no plugins; added caching for decrypted session keys to significantly improve performance (in theory at least)
Dan
diff
changeset
+ − 471 die($lang->get('page_err_need_reason'));
324
+ − 472 echo PageUtils::deletepage($paths->page_id, $paths->namespace, $reason);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 473 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 474 case "delvote":
324
+ − 475 echo PageUtils::delvote($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 476 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 477 case "resetdelvotes":
324
+ − 478 echo PageUtils::resetdelvotes($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 479 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 480 case "getstyles":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 481 echo PageUtils::getstyles($_GET['id']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 482 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 483 case "catedit":
324
+ − 484 echo PageUtils::catedit($paths->page_id, $paths->namespace);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 485 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 486 case "catsave":
324
+ − 487 echo PageUtils::catsave($paths->page_id, $paths->namespace, $_POST);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 488 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 489 case "setwikimode":
324
+ − 490 echo PageUtils::setwikimode($paths->page_id, $paths->namespace, (int)$_GET['mode']);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 491 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 492 case "setpass":
324
+ − 493 echo PageUtils::setpass($paths->page_id, $paths->namespace, $_POST['password']);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 494 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 495 case "fillusername":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 496 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 497 case "fillpagename":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 498 $name = (isset($_GET['name'])) ? $_GET['name'] : false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 499 if(!$name) die('userlist = new Array(); namelist = new Array(); errorstring=\'Invalid URI\'');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 500 $nd = RenderMan::strToPageID($name);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 501 $c = 0;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 502 $u = Array();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 503 $n = Array();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 504
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 505 $name = sanitize_page_id($name);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 506 $name = str_replace('_', ' ', $name);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 507
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 508 for($i=0;$i<sizeof($paths->pages)/2;$i++)
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 509 {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 510 if( (
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 511 preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['name']) ||
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 512 preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname']) ||
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 513 preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname_nons']) ||
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 514 preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['name']) ||
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 515 preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname']) ||
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 516 preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname_nons'])
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 517 ) &&
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 518 ( ( $nd[1] != 'Article' && $paths->pages[$i]['namespace'] == $nd[1] ) || $nd[1] == 'Article' )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 519 && $paths->pages[$i]['visible']
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 520 )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 521 {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 522 $c++;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 523 $u[] = $paths->pages[$i]['name'];
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 524 $n[] = $paths->pages[$i]['urlname'];
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 525 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 526 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 527 if($c > 0)
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 528 {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 529 echo 'userlist = new Array(); namelist = new Array(); errorstring = false; '."\n";
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 530 for($i=0;$i<sizeof($u);$i++) // Can't use foreach because we need the value of $i and we need to use both $u and $n
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 531 {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 532 echo "userlist[$i] = '".addslashes($n[$i])."';\n";
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 533 echo "namelist[$i] = '".addslashes(htmlspecialchars($u[$i]))."';\n";
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 534 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 535 } else {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 536 die('userlist = new Array(); namelist = new Array(); errorstring=\'No page matches found.\'');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 537 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 538 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 539 case "preview":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 540 echo PageUtils::genPreview($_POST['text']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 541 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 542 case "pagediff":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 543 $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 544 $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 545 if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 546 if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) ||
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 547 !preg_match('#^([0-9]+)$#', (string)$_GET['diff2'] )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
324
+ − 548 echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 549 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 550 case "jsres":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 551 die('// ERROR: this section is deprecated and has moved to includes/clientside/static/enano-lib-basic.js.');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 552 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 553 case "rdns":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 554 if(!$session->get_permissions('mod_misc')) die('Go somewhere else for your reverse DNS info!');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 555 $ip = $_GET['ip'];
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 556 $rdns = gethostbyaddr($ip);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 557 if($rdns == $ip) echo 'Unable to get reverse DNS information. Perhaps the DNS server is down or the PTR record no longer exists.';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 558 else echo $rdns;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 559 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 560 case 'acljson':
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 561 $parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 562 echo PageUtils::acl_json($parms);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 563 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 564 case "change_theme":
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 565 if ( !isset($_POST['theme_id']) || !isset($_POST['style_id']) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 566 {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 567 die('Invalid input');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 568 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 569 if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme_id']) || !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style_id']) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 570 {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 571 die('Invalid input');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 572 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 573 if ( !file_exists(ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css') )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 574 {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 575 die('Can\'t find theme file: ' . ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 576 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 577 if ( !$session->user_logged_in )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 578 {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 579 die('You must be logged in to change your theme');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 580 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 581 // Just in case something slipped through...
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 582 $theme_id = $db->escape($_POST['theme_id']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 583 $style_id = $db->escape($_POST['style_id']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 584 $e = $db->sql_query('UPDATE ' . table_prefix . "users SET theme='$theme_id', style='$style_id' WHERE user_id=$session->user_id;");
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 585 if ( !$e )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 586 die( $db->get_error() );
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 587 die('GOOD');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 588 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 589 case 'get_tags':
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 590
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 591 $ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 592 $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user_id FROM '.table_prefix.'tags AS t
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 593 LEFT JOIN '.table_prefix.'page_groups AS pg
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 594 ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
324
+ − 595 WHERE t.page_id=\'' . $db->escape($paths->page_id) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 596 if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 597 $db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 598
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 599 while ( $row = $db->fetchrow() )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 600 {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 601 $can_del = true;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 602
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 603 $perm = ( $row['user_id'] != $session->user_id ) ?
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 604 'tag_delete_other' :
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 605 'tag_delete_own';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 606
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 607 if ( $row['user_id'] == 1 && !$session->user_logged_in )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 608 // anonymous user trying to delete tag (hardcode blacklisted)
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 609 $can_del = false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 610
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 611 if ( !$session->get_permissions($perm) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 612 $can_del = false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 613
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 614 if ( $row['used_in_acl'] == 1 && !$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 615 $can_del = false;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 616
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 617 $ret['tags'][] = array(
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 618 'id' => $row['tag_id'],
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 619 'name' => $row['tag_name'],
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 620 'can_del' => $can_del,
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 621 'acl' => ( $row['used_in_acl'] == 1 )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 622 );
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 623 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 624
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 625 echo enano_json_encode($ret);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 626
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 627 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 628 case 'addtag':
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 629 $resp = array(
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 630 'success' => false,
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 631 'error' => 'No error',
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 632 'can_del' => ( $session->get_permissions('tag_delete_own') && $session->user_logged_in ),
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 633 'in_acl' => false
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 634 );
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 635
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 636 // first of course, are we allowed to tag pages?
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 637 if ( !$session->get_permissions('tag_create') )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 638 {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 639 $resp['error'] = 'You are not permitted to tag pages.';
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 640 die(enano_json_encode($resp));
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 641 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 642
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 643 // sanitize the tag name
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 644 $tag = sanitize_tag($_POST['tag']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 645 $tag = $db->escape($tag);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 646
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 647 if ( strlen($tag) < 2 )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 648 {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 649 $resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.';
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 650 die(enano_json_encode($resp));
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 651 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 652
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 653 // check if tag is already on page
324
+ − 654 $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';');
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 655 if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 656 $db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 657 if ( $db->numrows() > 0 )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 658 {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 659 $resp['error'] = 'This page already has this tag.';
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 660 die(enano_json_encode($resp));
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 661 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 662 $db->free_result();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 663
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 664 // tricky: make sure this tag isn't being used in some page group, and thus adding it could affect page access
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 665 $can_edit_acl = ( $session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN );
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 666 $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'page_groups WHERE pg_type=' . PAGE_GRP_TAGGED . ' AND pg_target=\'' . $tag . '\';');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 667 if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 668 $db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 669 if ( $db->numrows() > 0 && !$can_edit_acl )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 670 {
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 671 $resp['error'] = 'This tag is used in an ACL page group, and thus can\'t be added to a page by people without administrator privileges.';
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 672 die(enano_json_encode($resp));
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 673 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 674 $resp['in_acl'] = ( $db->numrows() > 0 );
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 675 $db->free_result();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 676
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 677 // we're good
324
+ − 678 $q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user_id) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->page_id) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 679 if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 680 $db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 681
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 682 $resp['success'] = true;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 683 $resp['tag'] = $tag;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 684 $resp['tag_id'] = $db->insert_id();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 685
334
c72b545f1304
More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
diff
changeset
+ − 686 echo enano_json_encode($resp);
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 687 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 688 case 'deltag':
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 689
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 690 $tag_id = intval($_POST['tag_id']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 691 if ( empty($tag_id) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 692 die('Invalid tag ID');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 693
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 694 $q = $db->sql_query('SELECT t.tag_id, t.user_id, t.page_id, t.namespace, pg.pg_target IS NOT NULL AS used_in_acl FROM '.table_prefix.'tags AS t
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 695 LEFT JOIN '.table_prefix.'page_groups AS pg
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 696 ON ( pg.pg_id IS NULL OR ( pg.pg_target = t.tag_name AND pg.pg_type = ' . PAGE_GRP_TAGGED . ' ) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 697 WHERE t.tag_id=' . $tag_id . ';');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 698
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 699 if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 700 $db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 701
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 702 if ( $db->numrows() < 1 )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 703 die('Could not find a tag with that ID');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 704
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 705 $row = $db->fetchrow();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 706 $db->free_result();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 707
324
+ − 708 if ( $row['page_id'] == $paths->page_id && $row['namespace'] == $paths->namespace )
321
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 709 $perms =& $session;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 710 else
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 711 $perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 712
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 713 $perm = ( $row['user_id'] != $session->user_id ) ?
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 714 'tag_delete_other' :
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 715 'tag_delete_own';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 716
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 717 if ( $row['user_id'] == 1 && !$session->user_logged_in )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 718 // anonymous user trying to delete tag (hardcode blacklisted)
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 719 die('You are not authorized to delete this tag.');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 720
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 721 if ( !$perms->get_permissions($perm) )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 722 die('You are not authorized to delete this tag.');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 723
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 724 if ( $row['used_in_acl'] == 1 && !$perms->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 725 die('You are not authorized to delete this tag.');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 726
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 727 // We're good
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 728 $q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE tag_id = ' . $tag_id . ';');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 729 if ( !$q )
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 730 $db->_die();
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 731
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 732 echo 'success';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 733
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 734 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 735 case 'ping':
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 736 echo 'pong';
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 737 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 738 default:
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 739 die('Hacking attempt');
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 740 break;
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 741 }
c0d855cfaf0e
Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
diff
changeset
+ − 742
0
+ − 743 ?>