1 <?php |
1 <?php |
2 /* |
2 /* |
3 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
3 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
4 * Version 1.0 release candidate 3 (Druid) |
4 * Version 1.0 (Banshee) |
5 * Copyright (C) 2006-2007 Dan Fuhry |
5 * Copyright (C) 2006-2007 Dan Fuhry |
6 * pageutils.php - a class that handles raw page manipulations, used mostly by AJAX requests or their old-fashioned form-based counterparts |
6 * pageutils.php - a class that handles raw page manipulations, used mostly by AJAX requests or their old-fashioned form-based counterparts |
7 * |
7 * |
8 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
8 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
9 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
9 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
322 |
322 |
323 if(!isset($paths->pages[$pname])) |
323 if(!isset($paths->pages[$pname])) |
324 { |
324 { |
325 if(!PageUtils::createPage($page_id, $namespace)) |
325 if(!PageUtils::createPage($page_id, $namespace)) |
326 return 'The page did not exist, and I was not able to create it. Permissions problem?'; |
326 return 'The page did not exist, and I was not able to create it. Permissions problem?'; |
|
327 $paths->page_exists = true; |
327 } |
328 } |
328 |
329 |
329 $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false; |
330 $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false; |
330 $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false; |
331 $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false; |
331 if(($prot || !$wiki) && $session->user_level < USER_LEVEL_ADMIN ) return('You are not authorized to edit this page.'); |
332 if(($prot || !$wiki) && $session->user_level < USER_LEVEL_ADMIN ) return('You are not authorized to edit this page.'); |
332 |
333 |
333 // Strip potentially harmful tags and PHP from the message, if we are in wiki mode and the user is not an administrator |
334 // Strip potentially harmful tags and PHP from the message, dependent upon permissions settings |
334 $message = RenderMan::preprocess_text($message, false, false); |
335 $message = RenderMan::preprocess_text($message, false, false); |
335 |
336 |
336 $msg=$db->escape($message); |
337 $msg = $db->escape($message); |
337 |
338 |
338 $minor = $minor ? 'true' : 'false'; |
339 $minor = $minor ? 'true' : 'false'; |
339 $q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \''.$paths->cpage['urlname_nons'].'\', \''.$paths->namespace.'\', \''.$msg.'\', \''.$uid.'\', \''.$session->username.'\', \''.$db->escape(htmlspecialchars($summary)).'\', '.$minor.');'; |
340 $q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \''.$paths->cpage['urlname_nons'].'\', \''.$paths->namespace.'\', \''.$msg.'\', \''.$uid.'\', \''.$session->username.'\', \''.$db->escape(htmlspecialchars($summary)).'\', '.$minor.');'; |
340 if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.'); |
341 if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.'); |
341 |
342 |
387 { |
388 { |
388 // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />'; |
389 // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />'; |
389 return false; // Not authorized to create system messages |
390 return false; // Not authorized to create system messages |
390 } |
391 } |
391 |
392 |
|
393 $page_id = dirtify_page_id($page_id); |
|
394 |
392 if ( !$name ) |
395 if ( !$name ) |
393 $name = str_replace('_', ' ', $page_id); |
396 $name = str_replace('_', ' ', $page_id); |
394 $page = str_replace(' ', '_', $page_id); |
|
395 $regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is'; |
397 $regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is'; |
396 if(!preg_match($regex, $page)) |
398 if(!preg_match($regex, $page)) |
397 { |
399 { |
398 //echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />'; |
400 //echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />'; |
399 return false; // Name contains invalid characters |
401 return false; // Name contains invalid characters |
400 } |
402 } |
401 |
403 |
|
404 $page_id = sanitize_page_id( $page_id ); |
|
405 |
402 $prot = ( $namespace == 'System' ) ? 1 : 0; |
406 $prot = ( $namespace == 'System' ) ? 1 : 0; |
403 |
407 |
404 $paths->add_page(Array( |
408 $page_data = Array( |
405 'name'=>$name, |
409 'name'=>$name, |
406 'urlname'=>$page, |
410 'urlname'=>$page_id, |
407 'namespace'=>$namespace, |
411 'namespace'=>$namespace, |
408 'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>$prot,'delvotes'=>0,'delvote_ips'=>'','wiki_mode'=>2, |
412 'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>$prot,'delvotes'=>0,'delvote_ips'=>'','wiki_mode'=>2, |
409 )); |
413 ); |
410 |
414 |
411 $qa = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,visible,protected) VALUES(\''.$db->escape($name).'\', \''.$db->escape($page).'\', \''.$namespace.'\', '. ( $visible ? '1' : '0' ) .', '.$prot.');'); |
415 // die('PageUtils::createpage: Creating page with this data:<pre>' . print_r($page_data, true) . '</pre>'); |
412 $qb = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace) VALUES(\''.$db->escape($page).'\', \''.$namespace.'\');'); |
416 |
413 $qc = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'create\', \''.$session->username.'\', \''.$db->escape($page).'\', \''.$namespace.'\');'); |
417 $paths->add_page($page_data); |
|
418 |
|
419 $qa = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,visible,protected) VALUES(\''.$db->escape($name).'\', \''.$db->escape($page_id).'\', \''.$namespace.'\', '. ( $visible ? '1' : '0' ) .', '.$prot.');'); |
|
420 $qb = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace) VALUES(\''.$db->escape($page_id).'\', \''.$namespace.'\');'); |
|
421 $qc = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'create\', \''.$session->username.'\', \''.$db->escape($page_id).'\', \''.$namespace.'\');'); |
414 |
422 |
415 if($qa && $qb && $qc) |
423 if($qa && $qb && $qc) |
416 return true; |
424 return true; |
417 else |
425 else |
418 { |
426 { |