1
+ − 1 /*
+ − 2 * AJAX applets
+ − 3 */
+ − 4
+ − 5 function ajaxGet(uri, f) {
+ − 6 if (window.XMLHttpRequest) {
+ − 7 ajax = new XMLHttpRequest();
+ − 8 } else {
+ − 9 if (window.ActiveXObject) {
+ − 10 ajax = new ActiveXObject("Microsoft.XMLHTTP");
+ − 11 } else {
+ − 12 alert('Enano client-side runtime error: No AJAX support, unable to continue');
+ − 13 return;
+ − 14 }
+ − 15 }
+ − 16 ajax.onreadystatechange = f;
+ − 17 ajax.open('GET', uri, true);
+ − 18 ajax.setRequestHeader( "If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT" );
+ − 19 ajax.send(null);
+ − 20 }
+ − 21
+ − 22 function ajaxPost(uri, parms, f) {
+ − 23 if (window.XMLHttpRequest) {
+ − 24 ajax = new XMLHttpRequest();
+ − 25 } else {
+ − 26 if (window.ActiveXObject) {
+ − 27 ajax = new ActiveXObject("Microsoft.XMLHTTP");
+ − 28 } else {
+ − 29 alert('Enano client-side runtime error: No AJAX support, unable to continue');
+ − 30 return;
+ − 31 }
+ − 32 }
+ − 33 ajax.onreadystatechange = f;
+ − 34 ajax.open('POST', uri, true);
+ − 35 ajax.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+ − 36 ajax.setRequestHeader("Content-length", parms.length);
+ − 37 ajax.setRequestHeader("Connection", "close");
+ − 38 ajax.send(parms);
+ − 39 }
+ − 40
+ − 41 function ajaxEscape(text)
+ − 42 {
+ − 43 text = escape(text);
+ − 44 text = text.replace(/\+/g, '%2B', text);
+ − 45 return text;
+ − 46 }
+ − 47
+ − 48 // Page editor
+ − 49
+ − 50 function ajaxEditor() {
+ − 51 setAjaxLoading();
+ − 52 ajaxGet(stdAjaxPrefix+'&_mode=getsource', function() {
+ − 53 if(ajax.readyState == 4) {
+ − 54 unsetAjaxLoading();
+ − 55 if(edit_open) {
+ − 56 c=confirm('Do you really want to revert your changes?');
+ − 57 if(!c) return;
+ − 58 }
+ − 59 edit_open = true;
+ − 60 selectButtonMajor('article');
+ − 61 selectButtonMinor('edit');
+ − 62 if(in_array('ajaxEditArea', grippied_textareas))
+ − 63 {
+ − 64 // Allow the textarea grippifier to re-create the resizer control on the textarea
+ − 65 grippied_textareas.pop(in_array('ajaxEditArea', grippied_textareas));
+ − 66 }
+ − 67 disableUnload('If you do, any changes that you have made to this page will be lost.');
+ − 68 var switcher = ( readCookie('enano_editor_mode') == 'tinymce' ) ?
+ − 69 '<a href="#" onclick="setEditorText(); return false;">wikitext editor</a> | graphical editor' :
+ − 70 'wikitext editor | <a href="#" onclick="setEditorMCE(); return false;">graphical editor</a>' ;
+ − 71 document.getElementById('ajaxEditContainer').innerHTML = '\
+ − 72 <div id="mdgPreviewContainer"></div> \
+ − 73 <span id="switcher">' + switcher + '</span><br />\
+ − 74 <form name="mdgAjaxEditor" method="get" action="#" onsubmit="ajaxSavePage(); return false;">\
+ − 75 <textarea id="ajaxEditArea" rows="20" cols="60" style="display: block; margin: 1em 0 1em 1em; width: 96.5%;">'+ajax.responseText+'</textarea><br />\
+ − 76 Edit summary: <input id="ajaxEditSummary" size="40" /><br />\
+ − 77 <input id="ajaxEditMinor" name="minor" type="checkbox" /> <label for="ajaxEditMinor">This is a minor edit</label><br />\
+ − 78 <a href="#" onclick="void(ajaxSavePage()); return false;">save changes</a> | <a href="#" onclick="void(ajaxShowPreview()); return false;">preview changes</a> | <a href="#" onclick="void(ajaxEditor()); return false;">revert changes</a> | <a href="#" onclick="void(ajaxDiscard()); return false;">discard changes</a> | <a href="#" onclick="ajaxWikiEditHelp(); return false;">formatting help</a>\
+ − 79 <br />\
+ − 80 '+editNotice+'\
+ − 81 </form>';
+ − 82 // initTextareas();
+ − 83 if(readCookie('enano_editor_mode') == 'tinymce')
+ − 84 {
+ − 85 $('ajaxEditArea').switchToMCE();
+ − 86 }
+ − 87 }
+ − 88 });
+ − 89 }
+ − 90
+ − 91 function setEditorMCE()
+ − 92 {
+ − 93 $('ajaxEditArea').switchToMCE();
+ − 94 createCookie('enano_editor_mode', 'tinymce', 365);
+ − 95 $('switcher').object.innerHTML = '<a href="#" onclick="setEditorText(); return false;">wikitext editor</a> | graphical editor';
+ − 96 }
+ − 97
+ − 98 function setEditorText()
+ − 99 {
+ − 100 $('ajaxEditArea').destroyMCE();
+ − 101 createCookie('enano_editor_mode', 'text', 365);
+ − 102 $('switcher').object.innerHTML = 'wikitext editor | <a href="#" onclick="setEditorMCE(); return false;">graphical editor</a>';
+ − 103 }
+ − 104
+ − 105 function ajaxViewSource() {
+ − 106 setAjaxLoading();
+ − 107 ajaxGet(stdAjaxPrefix+'&_mode=getsource', function() {
+ − 108 if(ajax.readyState == 4) {
+ − 109 unsetAjaxLoading();
+ − 110 if(edit_open) {
+ − 111 c=confirm('Do you really want to revert your changes?');
+ − 112 if(!c) return;
+ − 113 }
+ − 114 edit_open = true;
+ − 115 selectButtonMajor('article');
+ − 116 selectButtonMinor('edit');
+ − 117 if(in_array('ajaxEditArea', grippied_textareas))
+ − 118 {
+ − 119 // Allow the textarea grippifier to re-create the resizer control on the textarea
+ − 120 grippied_textareas.pop(in_array('ajaxEditArea', grippied_textareas));
+ − 121 }
+ − 122 document.getElementById('ajaxEditContainer').innerHTML = '\
+ − 123 <form method="get" action="#" onsubmit="ajaxSavePage(); return false;">\
+ − 124 <textarea readonly="readonly" id="ajaxEditArea" rows="20" cols="60" style="display: block; margin: 1em 0 1em 1em; width: 96.5%;">'+ajax.responseText+'</textarea><br />\
+ − 125 <a href="#" onclick="void(ajaxReset()); return false;">close viewer</a>\
+ − 126 </form>';
+ − 127 initTextareas();
+ − 128 }
+ − 129 });
+ − 130 }
+ − 131
+ − 132 function ajaxShowPreview()
+ − 133 {
+ − 134 goBusy('Loading preview...');
+ − 135 var text = ajaxEscape($('ajaxEditArea').getContent());
+ − 136 if(document.mdgAjaxEditor.minor.checked) minor='&minor';
+ − 137 else minor='';
+ − 138 ajaxPost(stdAjaxPrefix+'&_mode=preview', 'summary='+document.getElementById('ajaxEditSummary').value+minor+'&text='+text, function() {
+ − 139 if(ajax.readyState == 4) {
+ − 140 unBusy();
+ − 141 edit_open = false;
+ − 142 document.getElementById('mdgPreviewContainer').innerHTML = ajax.responseText;
+ − 143 }
+ − 144 });
+ − 145 }
+ − 146
+ − 147 function ajaxSavePage() {
+ − 148 goBusy('Saving page...');
+ − 149 var text = ajaxEscape($('ajaxEditArea').getContent());
+ − 150 if(document.mdgAjaxEditor.minor.checked) minor='&minor';
+ − 151 else minor='';
+ − 152 ajaxPost(stdAjaxPrefix+'&_mode=savepage', 'summary='+document.getElementById('ajaxEditSummary').value+minor+'&text='+text, function() {
+ − 153 if(ajax.readyState == 4) {
+ − 154 unBusy();
+ − 155 edit_open = false;
+ − 156 document.getElementById('ajaxEditContainer').innerHTML = ajax.responseText;
+ − 157 enableUnload();
+ − 158 unselectAllButtonsMinor();
+ − 159 }
+ − 160 });
+ − 161 }
+ − 162
+ − 163 function ajaxDiscard() {
+ − 164 c = confirm('Do you really want to discard your changes?');
+ − 165 if(!c) return;
+ − 166 ajaxReset();
+ − 167 }
+ − 168
+ − 169 function ajaxReset() {
+ − 170 enableUnload();
+ − 171 setAjaxLoading();
+ − 172 ajaxGet(stdAjaxPrefix+'&_mode=getpage&noheaders', function() {
+ − 173 if(ajax.readyState == 4) {
+ − 174 unsetAjaxLoading();
+ − 175 edit_open = false;
+ − 176 document.getElementById('ajaxEditContainer').innerHTML = ajax.responseText;
+ − 177 selectButtonMajor('article');
+ − 178 unselectAllButtonsMinor();
+ − 179 }
+ − 180 });
+ − 181 }
+ − 182
+ − 183 // Miscellaneous AJAX applets
+ − 184
+ − 185 function ajaxProtect(l) {
+ − 186 if(shift) {
+ − 187 r = 'NO_REASON';
+ − 188 } else {
+ − 189 r = prompt('Reason for (un)protecting:');
+ − 190 if(!r || r=='') return;
+ − 191 }
+ − 192 setAjaxLoading();
+ − 193 document.getElementById('protbtn_0').style.textDecoration = 'none';
+ − 194 document.getElementById('protbtn_1').style.textDecoration = 'none';
+ − 195 document.getElementById('protbtn_2').style.textDecoration = 'none';
+ − 196 document.getElementById('protbtn_'+l).style.textDecoration = 'underline';
+ − 197 ajaxPost(stdAjaxPrefix+'&_mode=protect', 'reason='+escape(r)+'&level='+l, function() {
+ − 198 if(ajax.readyState == 4) {
+ − 199 unsetAjaxLoading();
+ − 200 if(ajax.responseText != 'good')
+ − 201 alert(ajax.responseText);
+ − 202 }
+ − 203 });
+ − 204 }
+ − 205
+ − 206 function ajaxRename() {
+ − 207 r = prompt('What title should this page be renamed to?\nNote: This does not and will never change the URL of this page, that must be done from the admin panel.');
+ − 208 if(!r || r=='') return;
+ − 209 setAjaxLoading();
+ − 210 ajaxPost(stdAjaxPrefix+'&_mode=rename', 'newtitle='+escape(r), function() {
+ − 211 if(ajax.readyState == 4) {
+ − 212 unsetAjaxLoading();
+ − 213 alert(ajax.responseText);
+ − 214 }
+ − 215 });
+ − 216 }
+ − 217
+ − 218 function ajaxMakePage() {
+ − 219 setAjaxLoading();
+ − 220 ajaxPost(ENANO_SPECIAL_CREATEPAGE, ENANO_CREATEPAGE_PARAMS, function() {
+ − 221 if(ajax.readyState == 4) {
+ − 222 unsetAjaxLoading();
+ − 223 window.location.reload();
+ − 224 }
+ − 225 });
+ − 226 }
+ − 227
+ − 228 function ajaxDeletePage() {
28
+ − 229 var reason = prompt('Please enter you reason for deleting this page.');
+ − 230 if ( !reason || reason == '' )
+ − 231 {
+ − 232 return false;
+ − 233 }
1
+ − 234 c = confirm('You are about to DESTROY this page. Do you REALLY want to do this?');
28
+ − 235 if(!c)
+ − 236 {
+ − 237 return;
+ − 238 }
1
+ − 239 setAjaxLoading();
28
+ − 240 ajaxPost(stdAjaxPrefix+'&_mode=deletepage', 'reason=' + escape(reason), function() {
1
+ − 241 if(ajax.readyState == 4) {
+ − 242 unsetAjaxLoading();
+ − 243 alert(ajax.responseText);
+ − 244 window.location.reload();
+ − 245 }
+ − 246 });
+ − 247 }
+ − 248
+ − 249 function ajaxDelVote() {
+ − 250 c = confirm('Are you sure that you want to vote that this page be deleted?');
+ − 251 if(!c) return;
+ − 252 setAjaxLoading();
+ − 253 ajaxGet(stdAjaxPrefix+'&_mode=delvote', function() {
+ − 254 if(ajax.readyState == 4) {
+ − 255 unsetAjaxLoading();
+ − 256 alert(ajax.responseText);
+ − 257 }
+ − 258 });
+ − 259 }
+ − 260
+ − 261 function ajaxResetDelVotes() {
+ − 262 c = confirm('This will reset the number of votes against this page to zero. Do you really want to do this?');
+ − 263 if(!c) return;
+ − 264 setAjaxLoading();
+ − 265 ajaxGet(stdAjaxPrefix+'&_mode=resetdelvotes', function() {
+ − 266 if(ajax.readyState == 4) {
+ − 267 unsetAjaxLoading();
+ − 268 alert(ajax.responseText);
+ − 269 item = document.getElementById('mdgDeleteVoteNoticeBox');
+ − 270 if(item)
+ − 271 {
+ − 272 opacity('mdgDeleteVoteNoticeBox', 100, 0, 1000);
+ − 273 setTimeout("document.getElementById('mdgDeleteVoteNoticeBox').style.display = 'none';", 1000);
+ − 274 }
+ − 275 }
+ − 276 });
+ − 277 }
+ − 278
+ − 279 function ajaxSetWikiMode(val) {
+ − 280 setAjaxLoading();
+ − 281 document.getElementById('wikibtn_0').style.textDecoration = 'none';
+ − 282 document.getElementById('wikibtn_1').style.textDecoration = 'none';
+ − 283 document.getElementById('wikibtn_2').style.textDecoration = 'none';
+ − 284 document.getElementById('wikibtn_'+val).style.textDecoration = 'underline';
+ − 285 ajaxGet(stdAjaxPrefix+'&_mode=setwikimode&mode='+val, function() {
+ − 286 if(ajax.readyState == 4) {
+ − 287 unsetAjaxLoading();
+ − 288 if(ajax.responseText!='GOOD')
+ − 289 {
+ − 290 alert(ajax.responseText);
+ − 291 }
+ − 292 }
+ − 293 });
+ − 294 }
+ − 295
+ − 296 // Editing/saving category information
+ − 297 // This was not easy to write, I hope enjoy it, and dang I swear I'm gonna
+ − 298 // find someone to work on just the Javascript part of Enano...
+ − 299
+ − 300 function ajaxCatEdit() {
+ − 301 setAjaxLoading();
+ − 302 ajaxGet(stdAjaxPrefix+'&_mode=catedit', function() {
+ − 303 if(ajax.readyState == 4) {
+ − 304 unsetAjaxLoading();
+ − 305 edit_open = false;
+ − 306 eval(ajax.responseText);
+ − 307 }
+ − 308 });
+ − 309 }
+ − 310
+ − 311 function ajaxCatSave()
+ − 312 {
+ − 313 if(!catlist)
+ − 314 {
+ − 315 alert('Var catlist has no properties');
+ − 316 return;
+ − 317 }
+ − 318 query='';
+ − 319 for(i=0;i<catlist.length;i++)
+ − 320 {
+ − 321 l = 'if(document.forms.mdgCatForm.mdgCat_'+catlist[i]+'.checked) s = true; else s = false;';
+ − 322 eval(l);
+ − 323 if(s) query = query + '&' + catlist[i] + '=true';
+ − 324 }
+ − 325 setAjaxLoading();
+ − 326 query = query.substring(1, query.length);
+ − 327 ajaxPost(stdAjaxPrefix+'&_mode=catsave', query, function() {
+ − 328 if(ajax.readyState == 4) {
+ − 329 unsetAjaxLoading();
+ − 330 edit_open = false;
+ − 331 if(ajax.responseText != 'GOOD') alert(ajax.responseText);
+ − 332 ajaxReset();
+ − 333 }
+ − 334 });
+ − 335 }
+ − 336
+ − 337 // History stuff
+ − 338
+ − 339 function ajaxHistory() {
+ − 340 setAjaxLoading();
+ − 341 ajaxGet(stdAjaxPrefix+'&_mode=histlist', function() {
+ − 342 if(ajax.readyState == 4) {
+ − 343 unsetAjaxLoading();
+ − 344 edit_open = false;
+ − 345 selectButtonMajor('article');
+ − 346 selectButtonMinor('history');
+ − 347 document.getElementById('ajaxEditContainer').innerHTML = ajax.responseText;
+ − 348 buildDiffList();
+ − 349 }
+ − 350 });
+ − 351 }
+ − 352
+ − 353 function ajaxHistView(oldid, tit) {
+ − 354 if(!tit) tit=title;
+ − 355 setAjaxLoading();
+ − 356 ajaxGet(append_sid(scriptPath+'/ajax.php?title='+tit+'&_mode=getpage&oldid='+oldid), function() {
+ − 357 if(ajax.readyState == 4) {
+ − 358 unsetAjaxLoading();
+ − 359 edit_open = false;
+ − 360 document.getElementById('ajaxEditContainer').innerHTML = ajax.responseText;
+ − 361 }
+ − 362 });
+ − 363 }
+ − 364
+ − 365 function ajaxRollback(id) {
+ − 366 setAjaxLoading();
+ − 367 ajaxGet(stdAjaxPrefix+'&_mode=rollback&id='+id, function() {
+ − 368 if(ajax.readyState == 4) {
+ − 369 unsetAjaxLoading();
+ − 370 alert(ajax.responseText);
+ − 371 }
+ − 372 });
+ − 373 }
+ − 374
+ − 375 function ajaxClearLogs() {
+ − 376 c = confirm('You are about to DESTROY all log entries for this page. As opposed to (example) deleting this page, this action is completely IRREVERSIBLE and should not be used except in dire circumstances. Do you REALLY want to do this?');
+ − 377 if(!c) return;
+ − 378 c = confirm('You\'re ABSOLUTELY sure???');
+ − 379 if(!c) return;
+ − 380 setAjaxLoading();
+ − 381 ajaxGet(stdAjaxPrefix+'&_mode=flushlogs', function() {
+ − 382 if(ajax.readyState == 4) {
+ − 383 unsetAjaxLoading();
+ − 384 alert(ajax.responseText);
+ − 385 window.location.reload();
+ − 386 }
+ − 387 });
+ − 388 }
+ − 389
+ − 390 var timelist;
+ − 391
+ − 392 function buildDiffList()
+ − 393 {
+ − 394 arrDiff1Buttons = getElementsByClassName(document, 'input', 'clsDiff1Radio');
+ − 395 arrDiff2Buttons = getElementsByClassName(document, 'input', 'clsDiff2Radio');
+ − 396 var len = arrDiff1Buttons.length;
+ − 397 if ( len < 1 )
+ − 398 return false;
+ − 399 timelist = new Array();
+ − 400 for ( var i = 0; i < len; i++ )
+ − 401 {
+ − 402 timelist.push( arrDiff2Buttons[i].id.substr(6) );
+ − 403 }
+ − 404 timelist.push( arrDiff1Buttons[len-1].id.substr(6) );
+ − 405 delete(timelist.toJSONString);
+ − 406 for ( var i = 1; i < timelist.length-1; i++ )
+ − 407 {
+ − 408 if ( i >= timelist.length ) break;
+ − 409 arrDiff2Buttons[i].style.display = 'none';
+ − 410 }
+ − 411 }
+ − 412
+ − 413 function selectDiff1Button(obj)
+ − 414 {
+ − 415 var this_time = obj.id.substr(6);
+ − 416 var index = parseInt(in_array(this_time, timelist));
+ − 417 for ( var i = 0; i < timelist.length - 1; i++ )
+ − 418 {
+ − 419 if ( i < timelist.length - 1 )
+ − 420 {
+ − 421 var state = ( i < index ) ? 'inline' : 'none';
+ − 422 var id = 'diff2_' + timelist[i];
+ − 423 document.getElementById(id).style.display = state;
+ − 424
+ − 425 // alert("Debug:\nIndex: "+index+"\nState: "+state+"\ni: "+i);
+ − 426 }
+ − 427 }
+ − 428 }
+ − 429
+ − 430 function selectDiff2Button(obj)
+ − 431 {
+ − 432 var this_time = obj.id.substr(6);
+ − 433 var index = parseInt(in_array(this_time, timelist));
+ − 434 for ( var i = 1; i < timelist.length; i++ )
+ − 435 {
+ − 436 if ( i < timelist.length - 1 )
+ − 437 {
+ − 438 var state = ( i > index ) ? 'inline' : 'none';
+ − 439 var id = 'diff1_' + timelist[i];
+ − 440 document.getElementById(id).style.display = state;
+ − 441
+ − 442 // alert("Debug:\nIndex: "+index+"\nState: "+state+"\ni: "+i);
+ − 443 }
+ − 444 }
+ − 445 }
+ − 446
+ − 447 function ajaxHistDiff()
+ − 448 {
+ − 449 var id1=false;
+ − 450 var id2=false;
+ − 451 for ( i = 0; i < arrDiff1Buttons.length; i++ )
+ − 452 {
+ − 453 k = i + '';
+ − 454 kpp = i + 1;
+ − 455 kpp = kpp + '';
+ − 456 if(arrDiff1Buttons[k].checked) id1 = arrDiff1Buttons[k].id.substr(6);
+ − 457 if(arrDiff2Buttons[k].checked) id2 = arrDiff2Buttons[k].id.substr(6);
+ − 458 }
+ − 459 if(!id1 || !id2) { alert('BUG: Couldn\'t get checked radiobutton state'); return; }
+ − 460 setAjaxLoading();
+ − 461 ajaxGet(stdAjaxPrefix+'&_mode=pagediff&diff1='+id1+'&diff2='+id2, function()
+ − 462 {
+ − 463 if(ajax.readyState==4)
+ − 464 {
+ − 465 unsetAjaxLoading();
+ − 466 document.getElementById('ajaxEditContainer').innerHTML = ajax.responseText;
+ − 467 }
+ − 468 });
+ − 469 }
+ − 470
+ − 471 // Change the user's preferred style/theme
+ − 472
+ − 473 function ajaxChangeStyle()
+ − 474 {
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 475 var inner_html = '';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 476 inner_html += '';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 477 }
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 478
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 479 /*
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 480 function ajaxChangeStyle()
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 481 {
1
+ − 482 var win = document.getElementById("cn2");
+ − 483 win.innerHTML = ' \
+ − 484 <form action="'+ENANO_SPECIAL_CHANGESTYLE+'" onsubmit="jws.closeWin(\'root2\');" method="post" style="text-align: center"> \
+ − 485 <h3>Select a theme...</h3>\
+ − 486 <select id="mdgThemeID" name="theme" onchange="ajaxGetStyles(this.value);"> \
+ − 487 '+ENANO_THEME_LIST+' \
+ − 488 </select> \
+ − 489 <div id="styleSelector"></div>\
+ − 490 <br /><br />\
+ − 491 <input type="hidden" name="return_to" value="'+title+'" />\
+ − 492 <input id="styleSubmitter" type="submit" style="display: none; font-weight: bold" value="Change theme" /> \
+ − 493 <input type="button" value="Cancel" onclick="jws.closeWin(\'root2\');" /> \
+ − 494 </form> \
+ − 495 ';
+ − 496 ajaxGetStyles(ENANO_CURRENT_THEME);
+ − 497 jws.openWin('root2', 340, 300);
+ − 498 }
+ − 499
+ − 500 function ajaxGetStyles(id) {
+ − 501 setAjaxLoading();
+ − 502 ajaxGet(stdAjaxPrefix+'&_mode=getstyles&id='+id, function() {
+ − 503 if(ajax.readyState == 4) {
+ − 504 unsetAjaxLoading();
+ − 505 eval(ajax.responseText);
+ − 506 html = '<h3>And a style...</h3><select id="mdgStyleID" name="style">';
+ − 507 for(i=0;i<list.length;i++) {
+ − 508 lname = list[i].substr(0, 1).toUpperCase() + list[i].substr(1, list[i].length);
+ − 509 html = html + '<option value="'+list[i]+'">'+lname+'</option>';
+ − 510 }
+ − 511 html = html + '</select>';
+ − 512 document.getElementById('styleSelector').innerHTML = html;
+ − 513 document.getElementById('styleSubmitter').style.display = 'inline';
+ − 514 }
+ − 515 });
+ − 516 }
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 517 */
1
+ − 518
+ − 519 function ajaxSwapCSS() {
+ − 520 setAjaxLoading();
+ − 521 if(_css) {
+ − 522 document.getElementById('mdgCss').href = main_css;
+ − 523 _css = false;
+ − 524 } else {
+ − 525 document.getElementById('mdgCss').href = print_css;
+ − 526 _css = true;
+ − 527 }
+ − 528 unsetAjaxLoading();
+ − 529 menuOff();
+ − 530 }
+ − 531
+ − 532 function ajaxSetPassword()
+ − 533 {
+ − 534 pass = hex_sha1(document.getElementById('mdgPassSetField').value);
+ − 535 setAjaxLoading();
+ − 536 ajaxPost(stdAjaxPrefix+'&_mode=setpass', 'password='+pass, function()
+ − 537 {
+ − 538 unsetAjaxLoading();
+ − 539 if(ajax.readyState==4)
+ − 540 {
+ − 541 alert(ajax.responseText);
+ − 542 }
+ − 543 }
+ − 544 );
+ − 545 }
+ − 546
+ − 547 function ajaxWikiEditHelp()
+ − 548 {
+ − 549 jws.openWin('root3', 640, 480);
+ − 550 setAjaxLoading();
+ − 551 ajaxGet(stdAjaxPrefix+'&_mode=wikihelp', function() {
+ − 552 if(ajax.readyState==4)
+ − 553 {
+ − 554 unsetAjaxLoading();
+ − 555 document.getElementById('cn3').innerHTML = ajax.responseText;
+ − 556 }
+ − 557 });
+ − 558 }
+ − 559
+ − 560 function ajaxStartLogin()
+ − 561 {
+ − 562 ajaxPromptAdminAuth(function(k) {
+ − 563 window.location.reload();
+ − 564 }, 2);
+ − 565 }
+ − 566
+ − 567 function ajaxAdminPage()
+ − 568 {
+ − 569 if ( auth_level < USER_LEVEL_ADMIN )
+ − 570 {
+ − 571 ajaxPromptAdminAuth(function(k) {
+ − 572 ENANO_SID = k;
+ − 573 auth_level = USER_LEVEL_ADMIN;
+ − 574 var loc = String(window.location + '');
+ − 575 window.location = append_sid(loc);
+ − 576 var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'PageManager&source=ajax&page_id=' + ajaxEscape(title));
+ − 577 if ( (ENANO_SID + ' ').length > 1 )
+ − 578 window.location = loc;
+ − 579 }, 9);
+ − 580 return false;
+ − 581 }
+ − 582 var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'PageManager&source=ajax&page_id=' + ajaxEscape(title));
+ − 583 window.location = loc;
+ − 584 }
+ − 585
11
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 586 function ajaxDisableEmbeddedPHP()
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 587 {
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 588 if ( !confirm('Are you really sure you want to do this? Some pages might not function if this emergency-only feature is activated.') )
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 589 return false;
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 590 var $killdiv = $dynano('php_killer');
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 591 if ( !$killdiv.object )
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 592 {
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 593 alert('Can\'t get kill div object');
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 594 return false;
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 595 }
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 596 $killdiv.object.innerHTML = '<img alt="Loading..." src="' + scriptPath + '/images/loading-big.gif" /><br />Making request...';
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 597 var url = makeUrlNS('Admin', 'Home', 'src=ajax');
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 598 ajaxPost(url, 'act=kill_php', function() {
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 599 if ( ajax.readyState == 4 )
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 600 {
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 601 if ( ajax.responseText == '1' )
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 602 {
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 603 var $killdiv = $dynano('php_killer');
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 604 //$killdiv.object.innerHTML = '<img alt="Success" src="' + scriptPath + '/images/error.png" /><br />Embedded PHP in pages has been disabled.';
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 605 $killdiv.object.parentNode.removeChild($killdiv.object);
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 606 var newdiv = document.createElement('div');
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 607 // newdiv.style = $killdiv.object.style;
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 608 newdiv.className = $killdiv.object.className;
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 609 newdiv.innerHTML = '<img alt="Success" src="' + scriptPath + '/images/error.png" /><br />Embedded PHP in pages has been disabled.';
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 610 $killdiv.object.parentNode.appendChild(newdiv);
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 611 $killdiv.object.parentNode.removeChild($killdiv.object);
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 612 }
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 613 else
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 614 {
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 615 var $killdiv = $dynano('php_killer');
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 616 $killdiv.object.innerHTML = ajax.responseText;
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 617 }
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 618 }
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 619 });
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 620 }
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 621