0
+ − 1
<?php
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 2
0
+ − 3
/*
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
142
ca9118d9c0f2
Rebrand as 1.0.2 (Coblynau); internal links are now parsed by RenderMan::parse_internal_links()
Dan
diff
changeset
+ − 5
* Version 1.0.2 (Coblynau)
0
+ − 6
* Copyright (C) 2006-2007 Dan Fuhry
+ − 7
*
+ − 8
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 9
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 10
*
+ − 11
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 12
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 13
*/
+ − 14
144
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 15
// fillusername should be done without the help of the rest of Enano - all we need is the DBAL
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 16
if ( isset($_GET['_mode']) && $_GET['_mode'] == 'fillusername' )
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 17
{
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 18
// setup and load a very basic, specialized instance of the Enano API
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 19
function dc_here($m) { return false; }
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 20
function dc_dump($a, $g) { return false; }
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 21
function dc_watch($n) { return false; }
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 22
function dc_start_timer($u) { return false; }
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 23
function dc_stop_timer($m) { return false; }
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 24
// Determine directory (special case for development servers)
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 25
if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') )
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 26
{
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 27
$filename = str_replace('/repo/', '/', __FILE__);
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 28
}
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 29
else
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 30
{
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 31
$filename = __FILE__;
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 32
}
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 33
define('ENANO_ROOT', dirname($filename));
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 34
require(ENANO_ROOT.'/includes/functions.php');
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 35
require(ENANO_ROOT.'/includes/dbal.php');
184
+ − 36
require(ENANO_ROOT.'/includes/json.php');
144
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 37
$db = new mysql();
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 38
$db->connect();
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 39
184
+ − 40
// result is sent using JSON
+ − 41
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 42
$return = Array(
+ − 43
'mode' => 'success',
+ − 44
'users_real' => Array()
+ − 45
);
+ − 46
+ − 47
// should be connected to the DB now
144
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 48
$name = (isset($_GET['name'])) ? $db->escape($_GET['name']) : false;
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 49
if ( !$name )
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 50
{
184
+ − 51
$return = array(
+ − 52
'mode' => 'error',
+ − 53
'error' => 'Invalid URI'
+ − 54
);
+ − 55
die( $json->encode($return) );
144
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 56
}
184
+ − 57
$allowanon = ( isset($_GET['allowanon']) && $_GET['allowanon'] == '1' ) ? '' : ' AND user_id > 1';
+ − 58
$q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE lcase(username) LIKE lcase(\'%'.$name.'%\')' . $allowanon . ' ORDER BY username ASC;');
144
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 59
if ( !$q )
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 60
{
184
+ − 61
$return = array(
+ − 62
'mode' => 'error',
+ − 63
'error' => 'MySQL error selecting username data: '.addslashes(mysql_error())
+ − 64
);
+ − 65
die( $json->encode($return) );
144
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 66
}
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 67
$i = 0;
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 68
while($r = $db->fetchrow())
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 69
{
184
+ − 70
$return['users_real'][] = $r['username'];
144
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 71
$i++;
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 72
}
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 73
$db->free_result();
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 74
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 75
// all done! :-)
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 76
$db->close();
184
+ − 77
+ − 78
echo $json->encode( $return );
+ − 79
144
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 80
exit;
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 81
}
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 82
0
+ − 83
require('includes/common.php');
+ − 84
+ − 85
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 86
if(!isset($_GET['_mode'])) die('This script cannot be accessed directly.');
+ − 87
+ − 88
$_ob = '';
+ − 89
+ − 90
switch($_GET['_mode']) {
+ − 91
case "checkusername":
+ − 92
echo PageUtils::checkusername($_GET['name']);
+ − 93
break;
+ − 94
case "getsource":
+ − 95
$p = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
+ − 96
echo PageUtils::getsource($paths->page, $p);
+ − 97
break;
+ − 98
case "getpage":
+ − 99
// echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 100
$revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 101
$page = new PageProcessor( $paths->cpage['urlname_nons'], $paths->namespace, $revision_id );
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 102
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 103
$pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 104
$page->password = $pagepass;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 105
0
+ − 106
$page->send();
+ − 107
break;
+ − 108
case "savepage":
+ − 109
$summ = ( isset($_POST['summary']) ) ? $_POST['summary'] : '';
+ − 110
$minor = isset($_POST['minor']);
+ − 111
$e = PageUtils::savepage($paths->cpage['urlname_nons'], $paths->namespace, $_POST['text'], $summ, $minor);
+ − 112
if($e=='good')
+ − 113
{
+ − 114
$page = new PageProcessor($paths->cpage['urlname_nons'], $paths->namespace);
+ − 115
$page->send();
+ − 116
}
+ − 117
else
+ − 118
{
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 119
echo '<p>Error saving the page: '.$e.'</p>';
0
+ − 120
}
+ − 121
break;
+ − 122
case "protect":
+ − 123
echo PageUtils::protect($paths->cpage['urlname_nons'], $paths->namespace, (int)$_POST['level'], $_POST['reason']);
+ − 124
break;
+ − 125
case "histlist":
+ − 126
echo PageUtils::histlist($paths->cpage['urlname_nons'], $paths->namespace);
+ − 127
break;
+ − 128
case "rollback":
+ − 129
echo PageUtils::rollback( (int)$_GET['id'] );
+ − 130
break;
+ − 131
case "comments":
+ − 132
$comments = new Comments($paths->cpage['urlname_nons'], $paths->namespace);
+ − 133
if ( isset($_POST['data']) )
+ − 134
{
+ − 135
$comments->process_json($_POST['data']);
+ − 136
}
+ − 137
else
+ − 138
{
+ − 139
die('{ "mode" : "error", "error" : "No input" }');
+ − 140
}
+ − 141
break;
+ − 142
case "rename":
+ − 143
echo PageUtils::rename($paths->cpage['urlname_nons'], $paths->namespace, $_POST['newtitle']);
+ − 144
break;
+ − 145
case "flushlogs":
+ − 146
echo PageUtils::flushlogs($paths->cpage['urlname_nons'], $paths->namespace);
+ − 147
break;
+ − 148
case "deletepage":
28
+ − 149
$reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
+ − 150
if ( empty($reason) )
+ − 151
die('Please enter a reason for deleting this page.');
+ − 152
echo PageUtils::deletepage($paths->cpage['urlname_nons'], $paths->namespace, $reason);
0
+ − 153
break;
+ − 154
case "delvote":
+ − 155
echo PageUtils::delvote($paths->cpage['urlname_nons'], $paths->namespace);
+ − 156
break;
+ − 157
case "resetdelvotes":
+ − 158
echo PageUtils::resetdelvotes($paths->cpage['urlname_nons'], $paths->namespace);
+ − 159
break;
+ − 160
case "getstyles":
+ − 161
echo PageUtils::getstyles($_GET['id']);
+ − 162
break;
+ − 163
case "catedit":
+ − 164
echo PageUtils::catedit($paths->cpage['urlname_nons'], $paths->namespace);
+ − 165
break;
+ − 166
case "catsave":
+ − 167
echo PageUtils::catsave($paths->cpage['urlname_nons'], $paths->namespace, $_POST);
+ − 168
break;
+ − 169
case "setwikimode":
+ − 170
echo PageUtils::setwikimode($paths->cpage['urlname_nons'], $paths->namespace, (int)$_GET['mode']);
+ − 171
break;
+ − 172
case "setpass":
+ − 173
echo PageUtils::setpass($paths->cpage['urlname_nons'], $paths->namespace, $_POST['password']);
+ − 174
break;
+ − 175
case "fillusername":
+ − 176
break;
+ − 177
case "fillpagename":
+ − 178
$name = (isset($_GET['name'])) ? $_GET['name'] : false;
+ − 179
if(!$name) die('userlist = new Array(); namelist = new Array(); errorstring=\'Invalid URI\'');
+ − 180
$nd = RenderMan::strToPageID($name);
+ − 181
$c = 0;
+ − 182
$u = Array();
+ − 183
$n = Array();
22
+ − 184
+ − 185
$name = sanitize_page_id($name);
+ − 186
$name = str_replace('_', ' ', $name);
+ − 187
0
+ − 188
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 189
{
+ − 190
if( (
+ − 191
preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['name']) ||
+ − 192
preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname']) ||
+ − 193
preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname_nons']) ||
+ − 194
preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['name']) ||
+ − 195
preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname']) ||
+ − 196
preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname_nons'])
+ − 197
) &&
+ − 198
( ( $nd[1] != 'Article' && $paths->pages[$i]['namespace'] == $nd[1] ) || $nd[1] == 'Article' )
+ − 199
&& $paths->pages[$i]['visible']
+ − 200
)
+ − 201
{
+ − 202
$c++;
+ − 203
$u[] = $paths->pages[$i]['name'];
+ − 204
$n[] = $paths->pages[$i]['urlname'];
+ − 205
}
+ − 206
}
+ − 207
if($c > 0)
+ − 208
{
+ − 209
echo 'userlist = new Array(); namelist = new Array(); errorstring = false; '."\n";
+ − 210
for($i=0;$i<sizeof($u);$i++) // Can't use foreach because we need the value of $i and we need to use both $u and $n
+ − 211
{
+ − 212
echo "userlist[$i] = '".addslashes($n[$i])."';\n";
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 213
echo "namelist[$i] = '".addslashes(htmlspecialchars($u[$i]))."';\n";
0
+ − 214
}
+ − 215
} else {
+ − 216
die('userlist = new Array(); namelist = new Array(); errorstring=\'No page matches found.\'');
+ − 217
}
+ − 218
break;
+ − 219
case "preview":
+ − 220
echo PageUtils::genPreview($_POST['text']);
+ − 221
break;
+ − 222
case "pagediff":
+ − 223
$id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
+ − 224
$id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
+ − 225
if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
+ − 226
if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) ||
+ − 227
!preg_match('#^([0-9]+)$#', (string)$_GET['diff2'] )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
+ − 228
echo PageUtils::pagediff($paths->cpage['urlname_nons'], $paths->namespace, $id1, $id2);
+ − 229
break;
+ − 230
case "jsres":
+ − 231
die('// ERROR: this section is deprecated and has moved to includes/clientside/static/enano-lib-basic.js.');
+ − 232
break;
+ − 233
case "rdns":
+ − 234
if(!$session->get_permissions('mod_misc')) die('Go somewhere else for your reverse DNS info!');
+ − 235
$ip = $_GET['ip'];
+ − 236
$rdns = gethostbyaddr($ip);
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 237
if($rdns == $ip) echo 'Unable to get reverse DNS information. Perhaps the DNS server is down or the PTR record no longer exists.';
0
+ − 238
else echo $rdns;
+ − 239
break;
+ − 240
case 'acljson':
+ − 241
$parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false;
+ − 242
echo PageUtils::acl_json($parms);
+ − 243
break;
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 244
case "change_theme":
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 245
if ( !isset($_POST['theme_id']) || !isset($_POST['style_id']) )
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 246
{
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 247
die('Invalid input');
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 248
}
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 249
if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme_id']) || !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style_id']) )
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 250
{
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 251
die('Invalid input');
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 252
}
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 253
if ( !file_exists(ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css') )
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 254
{
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 255
die('Can\'t find theme file: ' . ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css');
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 256
}
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 257
if ( !$session->user_logged_in )
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 258
{
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 259
die('You must be logged in to change your theme');
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 260
}
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 261
// Just in case something slipped through...
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 262
$theme_id = $db->escape($_POST['theme_id']);
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 263
$style_id = $db->escape($_POST['style_id']);
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 264
$e = $db->sql_query('UPDATE ' . table_prefix . "users SET theme='$theme_id', style='$style_id' WHERE user_id=$session->user_id;");
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 265
if ( !$e )
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 266
die( $db->get_error() );
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 267
die('GOOD');
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 268
break;
76
+ − 269
case 'get_tags':
+ − 270
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 271
+ − 272
$ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 273
$q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user FROM '.table_prefix.'tags AS t
76
+ − 274
LEFT JOIN '.table_prefix.'page_groups AS pg
+ − 275
ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
+ − 276
WHERE t.page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
+ − 277
if ( !$q )
+ − 278
$db->_die();
+ − 279
+ − 280
while ( $row = $db->fetchrow() )
+ − 281
{
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 282
$can_del = true;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 283
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 284
$perm = ( $row['user'] != $session->user_id ) ?
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 285
'tag_delete_other' :
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 286
'tag_delete_own';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 287
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 288
if ( $row['user'] == 1 && !$session->user_logged_in )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 289
// anonymous user trying to delete tag (hardcode blacklisted)
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 290
$can_del = false;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 291
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 292
if ( !$session->get_permissions($perm) )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 293
$can_del = false;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 294
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 295
if ( $row['used_in_acl'] == 1 && !$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 296
$can_del = false;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 297
76
+ − 298
$ret['tags'][] = array(
+ − 299
'id' => $row['tag_id'],
+ − 300
'name' => $row['tag_name'],
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 301
'can_del' => $can_del,
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 302
'acl' => ( $row['used_in_acl'] == 1 )
76
+ − 303
);
+ − 304
}
+ − 305
+ − 306
echo $json->encode($ret);
+ − 307
+ − 308
break;
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 309
case 'addtag':
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 310
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 311
$resp = array(
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 312
'success' => false,
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 313
'error' => 'No error',
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 314
'can_del' => ( $session->get_permissions('tag_delete_own') && $session->user_logged_in ),
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 315
'in_acl' => false
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 316
);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 317
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 318
// first of course, are we allowed to tag pages?
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 319
if ( !$session->get_permissions('tag_create') )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 320
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 321
$resp['error'] = 'You are not permitted to tag pages.';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 322
die($json->encode($resp));
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 323
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 324
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 325
// sanitize the tag name
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 326
$tag = sanitize_tag($_POST['tag']);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 327
$tag = $db->escape($tag);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 328
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 329
if ( strlen($tag) < 2 )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 330
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 331
$resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 332
die($json->encode($resp));
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 333
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 334
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 335
// check if tag is already on page
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 336
$q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 337
if ( !$q )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 338
$db->_die();
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 339
if ( $db->numrows() > 0 )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 340
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 341
$resp['error'] = 'This page already has this tag.';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 342
die($json->encode($resp));
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 343
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 344
$db->free_result();
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 345
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 346
// tricky: make sure this tag isn't being used in some page group, and thus adding it could affect page access
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 347
$can_edit_acl = ( $session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN );
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 348
$q = $db->sql_query('SELECT 1 FROM '.table_prefix.'page_groups WHERE pg_type=' . PAGE_GRP_TAGGED . ' AND pg_target=\'' . $tag . '\';');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 349
if ( !$q )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 350
$db->_die();
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 351
if ( $db->numrows() > 0 && !$can_edit_acl )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 352
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 353
$resp['error'] = 'This tag is used in an ACL page group, and thus can\'t be added to a page by people without administrator privileges.';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 354
die($json->encode($resp));
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 355
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 356
$resp['in_acl'] = ( $db->numrows() > 0 );
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 357
$db->free_result();
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 358
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 359
// we're good
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 360
$q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 361
if ( !$q )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 362
$db->_die();
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 363
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 364
$resp['success'] = true;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 365
$resp['tag'] = $tag;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 366
$resp['tag_id'] = $db->insert_id();
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 367
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 368
echo $json->encode($resp);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 369
break;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 370
case 'deltag':
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 371
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 372
$tag_id = intval($_POST['tag_id']);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 373
if ( empty($tag_id) )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 374
die('Invalid tag ID');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 375
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 376
$q = $db->sql_query('SELECT t.tag_id, t.user, t.page_id, t.namespace, pg.pg_target IS NOT NULL AS used_in_acl FROM '.table_prefix.'tags AS t
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 377
LEFT JOIN '.table_prefix.'page_groups AS pg
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 378
ON ( pg.pg_id IS NULL OR ( pg.pg_target = t.tag_name AND pg.pg_type = ' . PAGE_GRP_TAGGED . ' ) )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 379
WHERE t.tag_id=' . $tag_id . ';');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 380
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 381
if ( !$q )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 382
$db->_die();
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 383
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 384
if ( $db->numrows() < 1 )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 385
die('Could not find a tag with that ID');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 386
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 387
$row = $db->fetchrow();
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 388
$db->free_result();
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 389
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 390
if ( $row['page_id'] == $paths->cpage['urlname_nons'] && $row['namespace'] == $paths->namespace )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 391
$perms =& $session;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 392
else
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 393
$perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 394
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 395
$perm = ( $row['user'] != $session->user_id ) ?
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 396
'tag_delete_other' :
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 397
'tag_delete_own';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 398
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 399
if ( $row['user'] == 1 && !$session->user_logged_in )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 400
// anonymous user trying to delete tag (hardcode blacklisted)
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 401
die('You are not authorized to delete this tag.');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 402
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 403
if ( !$perms->get_permissions($perm) )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 404
die('You are not authorized to delete this tag.');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 405
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 406
if ( $row['used_in_acl'] == 1 && !$perms->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 407
die('You are not authorized to delete this tag.');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 408
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 409
// We're good
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 410
$q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE tag_id = ' . $tag_id . ';');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 411
if ( !$q )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 412
$db->_die();
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 413
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 414
echo 'success';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 415
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 416
break;
118
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 417
case 'ping':
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 418
echo 'pong';
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 419
break;
0
+ − 420
default:
+ − 421
die('Hacking attempt');
+ − 422
break;
+ − 423
}
+ − 424
+ − 425
?>