includes/pageutils.php
changeset 21 663fcf528726
parent 19 5d003b6c9e89
child 28 dd2edcdc6c03
equal deleted inserted replaced
20:40105681f495 21:663fcf528726
     1 <?php
     1 <?php
     2 /*
     2 /*
     3  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
     3  * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
     4  * Version 1.0 release candidate 3 (Druid)
     4  * Version 1.0 (Banshee)
     5  * Copyright (C) 2006-2007 Dan Fuhry
     5  * Copyright (C) 2006-2007 Dan Fuhry
     6  * pageutils.php - a class that handles raw page manipulations, used mostly by AJAX requests or their old-fashioned form-based counterparts
     6  * pageutils.php - a class that handles raw page manipulations, used mostly by AJAX requests or their old-fashioned form-based counterparts
     7  *
     7  *
     8  * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
     8  * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
     9  * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
     9  * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
   322     
   322     
   323     if(!isset($paths->pages[$pname]))
   323     if(!isset($paths->pages[$pname]))
   324     {
   324     {
   325       if(!PageUtils::createPage($page_id, $namespace))
   325       if(!PageUtils::createPage($page_id, $namespace))
   326         return 'The page did not exist, and I was not able to create it. Permissions problem?';
   326         return 'The page did not exist, and I was not able to create it. Permissions problem?';
       
   327       $paths->page_exists = true;
   327     }
   328     }
   328     
   329     
   329     $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
   330     $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
   330     $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
   331     $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
   331     if(($prot || !$wiki) && $session->user_level < USER_LEVEL_ADMIN ) return('You are not authorized to edit this page.');
   332     if(($prot || !$wiki) && $session->user_level < USER_LEVEL_ADMIN ) return('You are not authorized to edit this page.');
   332     
   333     
   333     // Strip potentially harmful tags and PHP from the message, if we are in wiki mode and the user is not an administrator
   334     // Strip potentially harmful tags and PHP from the message, dependent upon permissions settings
   334     $message = RenderMan::preprocess_text($message, false, false);
   335     $message = RenderMan::preprocess_text($message, false, false);
   335     
   336     
   336     $msg=$db->escape($message);
   337     $msg = $db->escape($message);
   337     
   338     
   338     $minor = $minor ? 'true' : 'false';
   339     $minor = $minor ? 'true' : 'false';
   339     $q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \''.$paths->cpage['urlname_nons'].'\', \''.$paths->namespace.'\', \''.$msg.'\', \''.$uid.'\', \''.$session->username.'\', \''.$db->escape(htmlspecialchars($summary)).'\', '.$minor.');';
   340     $q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \''.$paths->cpage['urlname_nons'].'\', \''.$paths->namespace.'\', \''.$msg.'\', \''.$uid.'\', \''.$session->username.'\', \''.$db->escape(htmlspecialchars($summary)).'\', '.$minor.');';
   340     if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
   341     if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
   341     
   342     
   387     {
   388     {
   388       // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />';
   389       // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />';
   389       return false; // Not authorized to create system messages
   390       return false; // Not authorized to create system messages
   390     }
   391     }
   391     
   392     
       
   393     $page_id = dirtify_page_id($page_id);
       
   394     
   392     if ( !$name )
   395     if ( !$name )
   393       $name = str_replace('_', ' ', $page_id);
   396       $name = str_replace('_', ' ', $page_id);
   394     $page = str_replace(' ', '_', $page_id);
       
   395     $regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is';
   397     $regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is';
   396     if(!preg_match($regex, $page))
   398     if(!preg_match($regex, $page))
   397     {
   399     {
   398       //echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />';
   400       //echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />';
   399       return false; // Name contains invalid characters
   401       return false; // Name contains invalid characters
   400     }
   402     }
   401     
   403     
       
   404     $page_id = sanitize_page_id( $page_id );
       
   405     
   402     $prot = ( $namespace == 'System' ) ? 1 : 0;
   406     $prot = ( $namespace == 'System' ) ? 1 : 0;
   403     
   407     
   404     $paths->add_page(Array(
   408     $page_data = Array(
   405       'name'=>$name,
   409       'name'=>$name,
   406       'urlname'=>$page,
   410       'urlname'=>$page_id,
   407       'namespace'=>$namespace,
   411       'namespace'=>$namespace,
   408       'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>$prot,'delvotes'=>0,'delvote_ips'=>'','wiki_mode'=>2,
   412       'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>$prot,'delvotes'=>0,'delvote_ips'=>'','wiki_mode'=>2,
   409     ));
   413     );
   410     
   414     
   411     $qa = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,visible,protected) VALUES(\''.$db->escape($name).'\', \''.$db->escape($page).'\', \''.$namespace.'\', '. ( $visible ? '1' : '0' ) .', '.$prot.');');
   415     // die('PageUtils::createpage: Creating page with this data:<pre>' . print_r($page_data, true) . '</pre>');
   412     $qb = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace) VALUES(\''.$db->escape($page).'\', \''.$namespace.'\');');
   416     
   413     $qc = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'create\', \''.$session->username.'\', \''.$db->escape($page).'\', \''.$namespace.'\');');
   417     $paths->add_page($page_data);
       
   418     
       
   419     $qa = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,visible,protected) VALUES(\''.$db->escape($name).'\', \''.$db->escape($page_id).'\', \''.$namespace.'\', '. ( $visible ? '1' : '0' ) .', '.$prot.');');
       
   420     $qb = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace) VALUES(\''.$db->escape($page_id).'\', \''.$namespace.'\');');
       
   421     $qc = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'create\', \''.$session->username.'\', \''.$db->escape($page_id).'\', \''.$namespace.'\');');
   414     
   422     
   415     if($qa && $qb && $qc)
   423     if($qa && $qb && $qc)
   416       return true;
   424       return true;
   417     else
   425     else
   418     {
   426     {