includes/pageutils.php
changeset 214 a6ed8b6cdbe1
parent 213 1316404e4ea8
child 218 e878bcf0227e
equal deleted inserted replaced
213:1316404e4ea8 214:a6ed8b6cdbe1
  1362    */
  1362    */
  1363    
  1363    
  1364   function rename($page_id, $namespace, $name)
  1364   function rename($page_id, $namespace, $name)
  1365   {
  1365   {
  1366     global $db, $session, $paths, $template, $plugins; // Common objects
  1366     global $db, $session, $paths, $template, $plugins; // Common objects
       
  1367     global $lang;
  1367     
  1368     
  1368     $pname = $paths->nslist[$namespace] . $page_id;
  1369     $pname = $paths->nslist[$namespace] . $page_id;
  1369     
  1370     
  1370     $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
  1371     $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
  1371     $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
  1372     $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
  1372     
  1373     
  1373     if( empty($name)) 
  1374     if( empty($name)) 
  1374     {
  1375     {
  1375       die('Name is too short');
  1376       return($lang->get('ajax_rename_too_short'));
  1376     }
  1377     }
  1377     if( ( $session->get_permissions('rename') && ( ( $prot && $session->get_permissions('even_when_protected') ) || !$prot ) ) && ( $paths->namespace != 'Special' && $paths->namespace != 'Admin' ))
  1378     if( ( $session->get_permissions('rename') && ( ( $prot && $session->get_permissions('even_when_protected') ) || !$prot ) ) && ( $paths->namespace != 'Special' && $paths->namespace != 'Admin' ))
  1378     {
  1379     {
  1379       $e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'rename\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $paths->namespace . '\', \'' . $db->escape($session->username) . '\', \'' . $db->escape($paths->cpage['name']) . '\')');
  1380       $e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'rename\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $paths->namespace . '\', \'' . $db->escape($session->username) . '\', \'' . $db->escape($paths->cpage['name']) . '\')');
  1380       if ( !$e )
  1381       if ( !$e )
  1386       {
  1387       {
  1387         $db->_die('The page title could not be updated.');
  1388         $db->_die('The page title could not be updated.');
  1388       }
  1389       }
  1389       else
  1390       else
  1390       {
  1391       {
  1391         return('The page "' . $paths->pages[$pname]['name'] . '" has been renamed to "' . $name . '". You are encouraged to leave a comment explaining your action.' . "\n\n" . 'You will see the change take effect the next time you reload this page.');
  1392         $subst = array(
       
  1393           'page_name_old' => $paths->pages[$pname]['name'],
       
  1394           'page_name_new' => $name
       
  1395           );
       
  1396         return $lang->get('ajax_rename_success', $subst);
  1392       }
  1397       }
  1393     }
  1398     }
  1394     else
  1399     else
  1395     {
  1400     {
  1396       return('Access is denied.');
  1401       return($lang->get('etc_access_denied'));
  1397     }
  1402     }
  1398   }
  1403   }
  1399   
  1404   
  1400   /**
  1405   /**
  1401    * Flushes (clears) the action logs for a given page
  1406    * Flushes (clears) the action logs for a given page
  1405    */
  1410    */
  1406    
  1411    
  1407   function flushlogs($page_id, $namespace)
  1412   function flushlogs($page_id, $namespace)
  1408   {
  1413   {
  1409     global $db, $session, $paths, $template, $plugins; // Common objects
  1414     global $db, $session, $paths, $template, $plugins; // Common objects
  1410     if(!$session->get_permissions('clear_logs')) die('Administrative privileges are required to flush logs, you loser.');
  1415     global $lang;
       
  1416     if(!$session->get_permissions('clear_logs'))
       
  1417     {
       
  1418       return $lang->get('etc_access_denied');
       
  1419     }
  1411     $e = $db->sql_query('DELETE FROM ' . table_prefix.'logs WHERE page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';');
  1420     $e = $db->sql_query('DELETE FROM ' . table_prefix.'logs WHERE page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';');
  1412     if(!$e) $db->_die('The log entries could not be deleted.');
  1421     if(!$e) $db->_die('The log entries could not be deleted.');
  1413     
  1422     
  1414     // If the page exists, make a backup of it in case it gets spammed/vandalized
  1423     // If the page exists, make a backup of it in case it gets spammed/vandalized
  1415     // If not, the admin's probably deleting a trash page
  1424     // If not, the admin's probably deleting a trash page
  1420       $row = $db->fetchrow();
  1429       $row = $db->fetchrow();
  1421       $db->free_result();
  1430       $db->free_result();
  1422       $q='INSERT INTO ' . table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape($row['page_text']) . '\', \'' . $row['char_tag'] . '\', \'' . $session->username . '\', \''."Automatic backup created when logs were purged".'\', '.'false'.');';
  1431       $q='INSERT INTO ' . table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape($row['page_text']) . '\', \'' . $row['char_tag'] . '\', \'' . $session->username . '\', \''."Automatic backup created when logs were purged".'\', '.'false'.');';
  1423       if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
  1432       if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
  1424     }
  1433     }
  1425     return('The logs for this page have been cleared. A backup of this page has been added to the logs table so that this page can be restored in case of vandalism or spam later.');
  1434     return $lang->get('ajax_clearlogs_success');
  1426   }
  1435   }
  1427   
  1436   
  1428   /**
  1437   /**
  1429    * Deletes a page.
  1438    * Deletes a page.
  1430    * @param string $page_id the condemned page ID
  1439    * @param string $page_id the condemned page ID
  1434    */
  1443    */
  1435    
  1444    
  1436   function deletepage($page_id, $namespace, $reason)
  1445   function deletepage($page_id, $namespace, $reason)
  1437   {
  1446   {
  1438     global $db, $session, $paths, $template, $plugins; // Common objects
  1447     global $db, $session, $paths, $template, $plugins; // Common objects
       
  1448     global $lang;
  1439     $perms = $session->fetch_page_acl($page_id, $namespace);
  1449     $perms = $session->fetch_page_acl($page_id, $namespace);
  1440     $x = trim($reason);
  1450     $x = trim($reason);
  1441     if ( empty($x) )
  1451     if ( empty($x) )
  1442     {
  1452     {
  1443       return 'Invalid reason for deletion passed';
  1453       return $lang->get('ajax_delete_need_reason');
  1444     }
  1454     }
  1445     if(!$perms->get_permissions('delete_page')) return('Administrative privileges are required to delete pages, you loser.');
  1455     if(!$perms->get_permissions('delete_page')) return('Administrative privileges are required to delete pages, you loser.');
  1446     $e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'delete\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\')');
  1456     $e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'delete\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\')');
  1447     if(!$e) $db->_die('The page log entry could not be inserted.');
  1457     if(!$e) $db->_die('The page log entry could not be inserted.');
  1448     $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
  1458     $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
  1453     if(!$e) $db->_die('The page text entry could not be deleted.');
  1463     if(!$e) $db->_die('The page text entry could not be deleted.');
  1454     $e = $db->sql_query('DELETE FROM ' . table_prefix.'pages WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
  1464     $e = $db->sql_query('DELETE FROM ' . table_prefix.'pages WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
  1455     if(!$e) $db->_die('The page entry could not be deleted.');
  1465     if(!$e) $db->_die('The page entry could not be deleted.');
  1456     $e = $db->sql_query('DELETE FROM ' . table_prefix.'files WHERE page_id=\'' . $page_id . '\'');
  1466     $e = $db->sql_query('DELETE FROM ' . table_prefix.'files WHERE page_id=\'' . $page_id . '\'');
  1457     if(!$e) $db->_die('The file entry could not be deleted.');
  1467     if(!$e) $db->_die('The file entry could not be deleted.');
  1458     return('This page has been deleted. Note that there is still a log of edits and actions in the database, and anyone with admin rights can raise this page from the dead unless the log is cleared. If the deleted file is an image, there may still be cached thumbnails of it in the cache/ directory, which is inaccessible to users.');
  1468     return $lang->get('ajax_delete_success');
  1459   }
  1469   }
  1460   
  1470   
  1461   /**
  1471   /**
  1462    * Increments the deletion votes for a page by 1, and adds the current username/IP to the list of users that have voted for the page to prevent dual-voting
  1472    * Increments the deletion votes for a page by 1, and adds the current username/IP to the list of users that have voted for the page to prevent dual-voting
  1463    * @param $page_id the page ID
  1473    * @param $page_id the page ID
  1466    */
  1476    */
  1467    
  1477    
  1468   function delvote($page_id, $namespace)
  1478   function delvote($page_id, $namespace)
  1469   {
  1479   {
  1470     global $db, $session, $paths, $template, $plugins; // Common objects
  1480     global $db, $session, $paths, $template, $plugins; // Common objects
       
  1481     global $lang;
  1471     if ( !$session->get_permissions('vote_delete') )
  1482     if ( !$session->get_permissions('vote_delete') )
  1472     {
  1483     {
  1473       return 'Access denied';
  1484       return $lang->get('etc_access_denied');
  1474     }
  1485     }
  1475     
  1486     
  1476     if ( $namespace == 'Admin' || $namespace == 'Special' || $namespace == 'System' )
  1487     if ( $namespace == 'Admin' || $namespace == 'Special' || $namespace == 'System' )
  1477     {
  1488     {
  1478       return 'Special pages and system messages can\'t be voted for deletion.';
  1489       return 'Special pages and system messages can\'t be voted for deletion.';
  1507       }
  1518       }
  1508     }
  1519     }
  1509     
  1520     
  1510     if ( in_array($session->username, $ips['u']) || in_array($_SERVER['REMOTE_ADDR'], $ips['ip']) )
  1521     if ( in_array($session->username, $ips['u']) || in_array($_SERVER['REMOTE_ADDR'], $ips['ip']) )
  1511     {
  1522     {
  1512       return 'It appears that you have already voted to have this page deleted.';
  1523       return $lang->get('ajax_delvote_already_voted');
  1513     }
  1524     }
  1514     
  1525     
  1515     $ips['u'][] = $session->username;
  1526     $ips['u'][] = $session->username;
  1516     $ips['ip'][] = $_SERVER['REMOTE_ADDR'];
  1527     $ips['ip'][] = $_SERVER['REMOTE_ADDR'];
  1517     $ips = $db->escape( serialize($ips) );
  1528     $ips = $db->escape( serialize($ips) );
  1519     $cv++;
  1530     $cv++;
  1520     
  1531     
  1521     $q = 'UPDATE ' . table_prefix.'pages SET delvotes=' . $cv . ',delvote_ips=\'' . $ips . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
  1532     $q = 'UPDATE ' . table_prefix.'pages SET delvotes=' . $cv . ',delvote_ips=\'' . $ips . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
  1522     $w = $db->sql_query($q);
  1533     $w = $db->sql_query($q);
  1523     
  1534     
  1524     return 'Your vote to have this page deleted has been cast.'."\nYou are encouraged to leave a comment explaining the reason for your vote.";
  1535     return $lang->get('ajax_delvote_success');
  1525   }
  1536   }
  1526   
  1537   
  1527   /**
  1538   /**
  1528    * Resets the number of votes against a page to 0.
  1539    * Resets the number of votes against a page to 0.
  1529    * @param $page_id the page ID
  1540    * @param $page_id the page ID
  1532    */
  1543    */
  1533   
  1544   
  1534   function resetdelvotes($page_id, $namespace)
  1545   function resetdelvotes($page_id, $namespace)
  1535   {
  1546   {
  1536     global $db, $session, $paths, $template, $plugins; // Common objects
  1547     global $db, $session, $paths, $template, $plugins; // Common objects
  1537     if(!$session->get_permissions('vote_reset')) die('You need moderator rights in order to do this, stinkin\' hacker.');
  1548     global $lang;
       
  1549     if(!$session->get_permissions('vote_reset'))
       
  1550     {
       
  1551       return $lang->get('etc_access_denied');
       
  1552     }
  1538     $q = 'UPDATE ' . table_prefix.'pages SET delvotes=0,delvote_ips=\'' . $db->escape(serialize(array('ip'=>array(),'u'=>array()))) . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
  1553     $q = 'UPDATE ' . table_prefix.'pages SET delvotes=0,delvote_ips=\'' . $db->escape(serialize(array('ip'=>array(),'u'=>array()))) . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
  1539     $e = $db->sql_query($q);
  1554     $e = $db->sql_query($q);
  1540     if(!$e) $db->_die('The number of delete votes was not reset.');
  1555     if(!$e) $db->_die('The number of delete votes was not reset.');
  1541     else return('The number of votes for having this page deleted has been reset to zero.');
  1556     else
       
  1557     {
       
  1558       return $lang->get('ajax_delvote_reset_success');
       
  1559     }
  1542   }
  1560   }
  1543   
  1561   
  1544   /**
  1562   /**
  1545    * Gets a list of styles for a given theme name. As of Banshee, this returns JSON.
  1563    * Gets a list of styles for a given theme name. As of Banshee, this returns JSON.
  1546    * @param $id the name of the directory for the theme
  1564    * @param $id the name of the directory for the theme
  1597    */
  1615    */
  1598    
  1616    
  1599   function catedit_raw($page_id, $namespace)
  1617   function catedit_raw($page_id, $namespace)
  1600   {
  1618   {
  1601     global $db, $session, $paths, $template, $plugins; // Common objects
  1619     global $db, $session, $paths, $template, $plugins; // Common objects
       
  1620     global $lang;
       
  1621     
  1602     ob_start();
  1622     ob_start();
  1603     $_ob = '';
  1623     $_ob = '';
  1604     $e = $db->sql_query('SELECT category_id FROM ' . table_prefix.'categories WHERE page_id=\'' . $paths->cpage['urlname_nons'] . '\' AND namespace=\'' . $paths->namespace . '\'');
  1624     $e = $db->sql_query('SELECT category_id FROM ' . table_prefix.'categories WHERE page_id=\'' . $paths->cpage['urlname_nons'] . '\' AND namespace=\'' . $paths->namespace . '\'');
  1605     if(!$e) jsdie('Error selecting category information for current page: '.mysql_error());
  1625     if(!$e) jsdie('Error selecting category information for current page: '.mysql_error());
  1606     $cat_current = Array();
  1626     $cat_current = Array();
  1634       $un = $cat_info[$i]['urlname_nons'];
  1654       $un = $cat_info[$i]['urlname_nons'];
  1635       $cat_info[$i] = $cat_info[$un];
  1655       $cat_info[$i] = $cat_info[$un];
  1636     }
  1656     }
  1637     
  1657     
  1638     echo 'catlist = new Array();'; // Initialize the client-side category list
  1658     echo 'catlist = new Array();'; // Initialize the client-side category list
  1639     $_ob .= '<h3>Select which categories this page should be included in.</h3>
  1659     $_ob .= '<h3>' . $lang->get('catedit_title') . '</h3>
  1640              <form name="mdgCatForm" action="'.makeUrlNS($namespace, $page_id, 'do=catedit').'" method="post">';
  1660              <form name="mdgCatForm" action="'.makeUrlNS($namespace, $page_id, 'do=catedit').'" method="post">';
  1641     if ( sizeof($cat_info) < 1 )
  1661     if ( sizeof($cat_info) < 1 )
  1642     {
  1662     {
  1643       $_ob .= '<p>There are no categories on this site yet.</p>';
  1663       $_ob .= '<p>' . $lang->get('catedit_no_categories') . '</p>';
  1644     }
  1664     }
  1645     for ( $i = 0; $i < sizeof($cat_info) / 2; $i++ )
  1665     for ( $i = 0; $i < sizeof($cat_info) / 2; $i++ )
  1646     {
  1666     {
  1647       // Protection code added 1/3/07
  1667       // Protection code added 1/3/07
  1648       // Updated 3/4/07
  1668       // Updated 3/4/07
  1659       $_ob .= '/>  <label for="mdgCat_' . $cat_info[$i]['urlname_nons'] . '">' . $cat_info[$i]['name'].$prottext.'</label></span><br />';
  1679       $_ob .= '/>  <label for="mdgCat_' . $cat_info[$i]['urlname_nons'] . '">' . $cat_info[$i]['name'].$prottext.'</label></span><br />';
  1660     }
  1680     }
  1661     
  1681     
  1662     $disabled = ( sizeof($cat_info) < 1 ) ? 'disabled="disabled"' : '';
  1682     $disabled = ( sizeof($cat_info) < 1 ) ? 'disabled="disabled"' : '';
  1663       
  1683       
  1664     $_ob .= '<div style="border-top: 1px solid #CCC; padding-top: 5px; margin-top: 10px;"><input name="__enanoSaveButton" ' . $disabled . ' style="font-weight: bold;" type="submit" onclick="ajaxCatSave(); return false;" value="Save changes" /> <input name="__enanoCatCancel" type="submit" onclick="ajaxReset(); return false;" value="Cancel" /></div></form>';
  1684     $_ob .= '<div style="border-top: 1px solid #CCC; padding-top: 5px; margin-top: 10px;"><input name="__enanoSaveButton" ' . $disabled . ' style="font-weight: bold;" type="submit" onclick="ajaxCatSave(); return false;" value="' . $lang->get('etc_save_changes') . '" /> <input name="__enanoCatCancel" type="submit" onclick="ajaxReset(); return false;" value="' . $lang->get('etc_cancel') . '" /></div></form>';
  1665     
  1685     
  1666     $cont = ob_get_contents();
  1686     $cont = ob_get_contents();
  1667     ob_end_clean();
  1687     ob_end_clean();
  1668     return Array($cont, $_ob);
  1688     return Array($cont, $_ob);
  1669   }
  1689   }
  1774    */
  1794    */
  1775   
  1795   
  1776   function setpass($page_id, $namespace, $pass)
  1796   function setpass($page_id, $namespace, $pass)
  1777   {
  1797   {
  1778     global $db, $session, $paths, $template, $plugins; // Common objects
  1798     global $db, $session, $paths, $template, $plugins; // Common objects
       
  1799     global $lang;
  1779     // Determine permissions
  1800     // Determine permissions
  1780     if($paths->pages[$paths->nslist[$namespace].$page_id]['password'] != '')
  1801     if($paths->pages[$paths->nslist[$namespace].$page_id]['password'] != '')
  1781       $a = $session->get_permissions('password_reset');
  1802       $a = $session->get_permissions('password_reset');
  1782     else
  1803     else
  1783       $a = $session->get_permissions('password_set');
  1804       $a = $session->get_permissions('password_set');
  1784     if(!$a)
  1805     if(!$a)
  1785       return 'Access is denied';
  1806       return $lang->get('etc_access_denied');
  1786     if(!isset($pass)) return('Password was not set on URL');
  1807     if(!isset($pass)) return('Password was not set on URL');
  1787     $p = $pass;
  1808     $p = $pass;
  1788     if ( !preg_match('#([0-9a-f]){40,40}#', $p) )
  1809     if ( !preg_match('#([0-9a-f]){40,40}#', $p) )
  1789     {
  1810     {
  1790       $p = sha1($p);
  1811       $p = sha1($p);
  1798       die('PageUtils::setpass(): Error during update query: '.mysql_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
  1819       die('PageUtils::setpass(): Error during update query: '.mysql_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
  1799     }
  1820     }
  1800     // Is the new password blank?
  1821     // Is the new password blank?
  1801     if ( $p == '' )
  1822     if ( $p == '' )
  1802     {
  1823     {
  1803       return('The password for this page has been disabled.');
  1824       return $lang->get('ajax_password_disable_success');
  1804     }
  1825     }
  1805     else return('The password for this page has been set.');
  1826     else
       
  1827     {
       
  1828       return $lang->get('ajax_password_success');
       
  1829     }
  1806   }
  1830   }
  1807   
  1831   
  1808   /**
  1832   /**
  1809    * Generates some preview HTML
  1833    * Generates some preview HTML
  1810    * @param $text string the wikitext to use
  1834    * @param $text string the wikitext to use
  1811    * @return string
  1835    * @return string
  1812    */
  1836    */
  1813    
  1837    
  1814   function genPreview($text)
  1838   function genPreview($text)
  1815   {
  1839   {
  1816     $ret = '<div class="info-box"><b>Reminder:</b> This is only a preview - your changes to this page have not yet been saved.</div><div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: 250px; overflow: auto; margin: 1em 0 1em 1em;">';
  1840     global $lang;
       
  1841     $ret = '<div class="info-box">' . $lang->get('editor_preview_blurb') . '</div><div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: 250px; overflow: auto; margin: 1em 0 1em 1em;">';
  1817     $text = RenderMan::render(RenderMan::preprocess_text($text, false, false));
  1842     $text = RenderMan::render(RenderMan::preprocess_text($text, false, false));
  1818     ob_start();
  1843     ob_start();
  1819     eval('?>' . $text);
  1844     eval('?>' . $text);
  1820     $text = ob_get_contents();
  1845     $text = ob_get_contents();
  1821     ob_end_clean();
  1846     ob_end_clean();
  1848   function pagediff($page_id, $namespace, $id1, $id2)
  1873   function pagediff($page_id, $namespace, $id1, $id2)
  1849   {
  1874   {
  1850     global $db, $session, $paths, $template, $plugins; // Common objects
  1875     global $db, $session, $paths, $template, $plugins; // Common objects
  1851     global $lang;
  1876     global $lang;
  1852     if(!$session->get_permissions('history_view'))
  1877     if(!$session->get_permissions('history_view'))
  1853       return 'Access denied';
  1878       return $lang->get('etc_access_denied');
  1854     if(!preg_match('#^([0-9]+)$#', (string)$id1) ||
  1879     if(!preg_match('#^([0-9]+)$#', (string)$id1) ||
  1855        !preg_match('#^([0-9]+)$#', (string)$id2  )) return 'SQL injection attempt';
  1880        !preg_match('#^([0-9]+)$#', (string)$id2  )) return 'SQL injection attempt';
  1856     // OK we made it through security
  1881     // OK we made it through security
  1857     // Safest way to make sure we don't end up with the revisions in wrong columns is to make 2 queries
  1882     // Safest way to make sure we don't end up with the revisions in wrong columns is to make 2 queries
  1858     if(!$q1 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id1 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: '.mysql_error();
  1883     if(!$q1 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id1 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: '.mysql_error();
  1876     return $_ob;
  1901     return $_ob;
  1877   }
  1902   }
  1878   
  1903   
  1879   /**
  1904   /**
  1880    * Gets ACL information about the selected page for target type X and target ID Y.
  1905    * Gets ACL information about the selected page for target type X and target ID Y.
  1881    * @param string $page_id The page ID
       
  1882    * @param string $namespace The namespace
       
  1883    * @param array $parms What to select. This is an array purely for JSON compatibility. It should be an associative array with keys target_type and target_id.
  1906    * @param array $parms What to select. This is an array purely for JSON compatibility. It should be an associative array with keys target_type and target_id.
  1884    * @return array
  1907    * @return array
  1885    */
  1908    */
  1886    
  1909    
  1887   function acl_editor($parms = Array())
  1910   function acl_editor($parms = Array())
  1907     $return = Array();
  1930     $return = Array();
  1908     if ( !file_exists(ENANO_ROOT . '/themes/' . $session->theme . '/acledit.tpl') )
  1931     if ( !file_exists(ENANO_ROOT . '/themes/' . $session->theme . '/acledit.tpl') )
  1909     {
  1932     {
  1910       return Array(
  1933       return Array(
  1911         'mode' => 'error',
  1934         'mode' => 'error',
  1912         'error' => 'It seems that (a) the file acledit.tpl is missing from these theme, and (b) the JSON response is working.',
  1935         'error' => 'It seems that (a) the file acledit.tpl is missing from this theme, and (b) the JSON response is working.',
  1913       );
  1936       );
  1914     }
  1937     }
  1915     $return['template'] = $template->extract_vars('acledit.tpl');
  1938     $return['template'] = $template->extract_vars('acledit.tpl');
  1916     $return['page_id'] = $page_id;
  1939     $return['page_id'] = $page_id;
  1917     $return['namespace'] = $namespace;
  1940     $return['namespace'] = $namespace;