188 header('HTTP/1.1 404 Not Found'); |
197 header('HTTP/1.1 404 Not Found'); |
189 echo '<h3>There is no page with this title yet.</h3> |
198 echo '<h3>There is no page with this title yet.</h3> |
190 <p>You have requested a page that doesn\'t exist yet.'; |
199 <p>You have requested a page that doesn\'t exist yet.'; |
191 if($session->get_permissions('create_page')) echo ' You can <a href="'.makeUrl($paths->page, 'do=edit', true).'" onclick="ajaxEditor(); return false;">create this page</a>, or return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.'; |
200 if($session->get_permissions('create_page')) echo ' You can <a href="'.makeUrl($paths->page, 'do=edit', true).'" onclick="ajaxEditor(); return false;">create this page</a>, or return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.'; |
192 else echo ' Return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.</p>'; |
201 else echo ' Return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.</p>'; |
193 if($session->get_permissions('history_rollback')) { |
202 if ( $session->get_permissions('history_rollback') ) |
194 $e = $db->sql_query('SELECT * FROM '.table_prefix.'logs WHERE action=\'delete\' AND page_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace=\''.$pid[1].'\' ORDER BY time_id DESC;'); |
203 { |
195 if(!$e) $db->_die('The deletion log could not be selected.'); |
204 $e = $db->sql_query('SELECT * FROM ' . table_prefix.'logs WHERE action=\'delete\' AND page_id=\'' . $paths->cpage['urlname_nons'] . '\' AND namespace=\'' . $pid[1] . '\' ORDER BY time_id DESC;'); |
196 if($db->numrows() > 0) { |
205 if ( !$e ) |
|
206 { |
|
207 $db->_die('The deletion log could not be selected.'); |
|
208 } |
|
209 if ($db->numrows() > 0 ) |
|
210 { |
197 $r = $db->fetchrow(); |
211 $r = $db->fetchrow(); |
198 echo '<p>This page also appears to have some log entries in the database - it seems that it was deleted on '.$r['date_string'].'. You can probably <a href="'.makeUrl($paths->page, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">roll back</a> the deletion.</p>'; |
212 echo '<p>This page also appears to have some log entries in the database - it seems that it was deleted on ' . $r['date_string'] . '. You can probably <a href="'.makeUrl($paths->page, 'do=rollback&id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">roll back</a> the deletion.</p>'; |
199 } |
213 } |
200 $db->free_result(); |
214 $db->free_result(); |
201 } |
215 } |
202 echo '<p> |
216 echo '<p> |
203 HTTP Error: 404 Not Found |
217 HTTP Error: 404 Not Found |
335 $message = RenderMan::preprocess_text($message, false, false); |
351 $message = RenderMan::preprocess_text($message, false, false); |
336 |
352 |
337 $msg = $db->escape($message); |
353 $msg = $db->escape($message); |
338 |
354 |
339 $minor = $minor ? 'true' : 'false'; |
355 $minor = $minor ? 'true' : 'false'; |
340 $q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \''.$paths->cpage['urlname_nons'].'\', \''.$paths->namespace.'\', \''.$msg.'\', \''.$uid.'\', \''.$session->username.'\', \''.$db->escape(htmlspecialchars($summary)).'\', '.$minor.');'; |
356 $q='INSERT INTO ' . table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $paths->cpage['urlname_nons'] . '\', \'' . $paths->namespace . '\', \'' . $msg . '\', \'' . $uid . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($summary)) . '\', ' . $minor . ');'; |
341 if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.'); |
357 if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.'); |
342 |
358 |
343 $q = 'UPDATE '.table_prefix.'page_text SET page_text=\''.$msg.'\',char_tag=\''.$uid.'\' WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';'; |
359 $q = 'UPDATE ' . table_prefix.'page_text SET page_text=\'' . $msg . '\',char_tag=\'' . $uid . '\' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';'; |
344 $e = $db->sql_query($q); |
360 $e = $db->sql_query($q); |
345 if(!$e) $db->_die('Enano was unable to save the page contents. Your changes have been lost <tt>:\'(</tt>.'); |
361 if(!$e) $db->_die('Enano was unable to save the page contents. Your changes have been lost <tt>:\'(</tt>.'); |
346 |
362 |
347 $paths->rebuild_page_index($page_id, $namespace); |
363 $paths->rebuild_page_index($page_id, $namespace); |
348 |
364 |
360 { |
376 { |
361 global $db, $session, $paths, $template, $plugins; // Common objects |
377 global $db, $session, $paths, $template, $plugins; // Common objects |
362 if(in_array($namespace, Array('Special', 'Admin'))) |
378 if(in_array($namespace, Array('Special', 'Admin'))) |
363 { |
379 { |
364 // echo '<b>Notice:</b> PageUtils::createPage: You can\'t create a special page in the database<br />'; |
380 // echo '<b>Notice:</b> PageUtils::createPage: You can\'t create a special page in the database<br />'; |
365 return false; // Can't create a special page |
381 return 'You can\'t create a special page in the database'; |
366 } |
382 } |
367 |
383 |
368 if(!isset($paths->nslist[$namespace])) |
384 if(!isset($paths->nslist[$namespace])) |
369 { |
385 { |
370 // echo '<b>Notice:</b> PageUtils::createPage: Couldn\'t look up the namespace<br />'; |
386 // echo '<b>Notice:</b> PageUtils::createPage: Couldn\'t look up the namespace<br />'; |
371 return false; // Couldn't look up namespace |
387 return 'Couldn\'t look up the namespace'; |
372 } |
388 } |
373 |
389 |
374 $pname = $paths->nslist[$namespace] . $page_id; |
390 $pname = $paths->nslist[$namespace] . $page_id; |
375 if(isset($paths->pages[$pname])) |
391 if(isset($paths->pages[$pname])) |
376 { |
392 { |
377 // echo '<b>Notice:</b> PageUtils::createPage: Page already exists<br />'; |
393 // echo '<b>Notice:</b> PageUtils::createPage: Page already exists<br />'; |
378 return false; // Page already exists |
394 return 'Page already exists'; |
379 } |
395 } |
380 |
396 |
381 if(!$session->get_permissions('create_page')) |
397 if(!$session->get_permissions('create_page')) |
382 { |
398 { |
383 // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create pages<br />'; |
399 // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create pages<br />'; |
384 return false; // Access denied |
400 return 'Not authorized to create pages'; |
385 } |
401 } |
386 |
402 |
387 if($session->user_level < USER_LEVEL_ADMIN && $namespace == 'System') |
403 if($session->user_level < USER_LEVEL_ADMIN && $namespace == 'System') |
388 { |
404 { |
389 // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />'; |
405 // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />'; |
390 return false; // Not authorized to create system messages |
406 return 'Not authorized to create system messages'; |
|
407 } |
|
408 |
|
409 if ( substr($page_id, 0, 8) == 'Project:' ) |
|
410 { |
|
411 // echo '<b>Notice:</b> PageUtils::createPage: Prefix "Project:" is reserved<br />'; |
|
412 return 'The prefix "Project:" is reserved for a parser shortcut; if a page was created using this prefix, it would not be possible to link to it.'; |
391 } |
413 } |
392 |
414 |
393 $page_id = dirtify_page_id($page_id); |
415 $page_id = dirtify_page_id($page_id); |
394 |
416 |
395 if ( !$name ) |
417 if ( !$name ) |
396 $name = str_replace('_', ' ', $page_id); |
418 $name = str_replace('_', ' ', $page_id); |
397 $regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is'; |
419 $regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is'; |
398 if(!preg_match($regex, $page)) |
420 if(!preg_match($regex, $page)) |
399 { |
421 { |
400 //echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />'; |
422 //echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />'; |
401 return false; // Name contains invalid characters |
423 return 'Name contains invalid characters'; |
402 } |
424 } |
403 |
425 |
404 $page_id = sanitize_page_id( $page_id ); |
426 $page_id = sanitize_page_id( $page_id ); |
405 |
427 |
406 $prot = ( $namespace == 'System' ) ? 1 : 0; |
428 $prot = ( $namespace == 'System' ) ? 1 : 0; |
419 |
441 |
420 // die('PageUtils::createpage: Creating page with this data:<pre>' . print_r($page_data, true) . '</pre>'); |
442 // die('PageUtils::createpage: Creating page with this data:<pre>' . print_r($page_data, true) . '</pre>'); |
421 |
443 |
422 $paths->add_page($page_data); |
444 $paths->add_page($page_data); |
423 |
445 |
424 $qa = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\''.$db->escape($name).'\', \''.$db->escape($page_id).'\', \''.$namespace.'\', '. ( $visible ? '1' : '0' ) .', '.$prot.', \'' . $db->escape(serialize($ips)) . '\');'); |
446 $qa = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\'' . $db->escape($name) . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\', '. ( $visible ? '1' : '0' ) .', ' . $prot . ', \'' . $db->escape(serialize($ips)) . '\');'); |
425 $qb = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace) VALUES(\''.$db->escape($page_id).'\', \''.$namespace.'\');'); |
447 $qb = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace) VALUES(\'' . $db->escape($page_id) . '\', \'' . $namespace . '\');'); |
426 $qc = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'create\', \''.$session->username.'\', \''.$db->escape($page_id).'\', \''.$namespace.'\');'); |
448 $qc = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'create\', \'' . $session->username . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\');'); |
427 |
449 |
428 if($qa && $qb && $qc) |
450 if($qa && $qb && $qc) |
429 return true; |
451 return 'good'; |
430 else |
452 else |
431 { |
453 { |
432 echo $db->get_error(); |
454 return $db->get_error(); |
433 return false; |
|
434 } |
455 } |
435 } |
456 } |
436 |
457 |
437 /** |
458 /** |
438 * Sets the protection level on a page. |
459 * Sets the protection level on a page. |
448 |
469 |
449 $pname = $paths->nslist[$namespace] . $page_id; |
470 $pname = $paths->nslist[$namespace] . $page_id; |
450 $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false; |
471 $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false; |
451 $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false; |
472 $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false; |
452 |
473 |
453 if(!$session->get_permissions('protect')) return('Insufficient access rights'); |
474 if ( !$session->get_permissions('protect') ) |
454 if(!$wiki) return('Page protection only has an effect when Wiki Mode is enabled.'); |
475 { |
455 if(!preg_match('#^([0-9]+){1}$#', (string)$level)) return('Invalid $level parameter.'); |
476 return('Insufficient access rights'); |
456 |
477 } |
457 if($reason!='NO_REASON') { |
478 if ( !$wiki ) |
458 switch($level) |
479 { |
459 { |
480 return('Page protection only has an effect when Wiki Mode is enabled.'); |
460 case 0: |
481 } |
461 $q = 'INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'unprot\', \''.$session->username.'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape(htmlspecialchars($reason)).'\');'; |
482 if ( !preg_match('#^([0-9]+){1}$#', (string)$level) ) |
462 break; |
483 { |
463 case 1: |
484 return('Invalid $level parameter.'); |
464 $q = 'INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'prot\', \''.$session->username.'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape(htmlspecialchars($reason)).'\');'; |
485 } |
465 break; |
486 |
466 case 2: |
487 switch($level) |
467 $q = 'INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'semiprot\', \''.$session->username.'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape(htmlspecialchars($reason)).'\');'; |
488 { |
468 break; |
489 case 0: |
469 default: |
490 $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'unprot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');'; |
470 return 'PageUtils::protect(): Invalid value for $level'; |
491 break; |
471 break; |
492 case 1: |
472 } |
493 $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'prot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');'; |
473 if(!$db->sql_query($q)) $db->_die('The log entry for the page protection could not be inserted.'); |
494 break; |
474 } |
495 case 2: |
475 |
496 $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'semiprot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');'; |
476 $q = $db->sql_query('UPDATE '.table_prefix.'pages SET protected='.$_POST['level'].' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\';'); |
497 break; |
477 if(!$q) $db->_die('The pages table was not updated.'); |
498 default: |
|
499 return 'PageUtils::protect(): Invalid value for $level'; |
|
500 break; |
|
501 } |
|
502 if(!$db->sql_query($q)) $db->_die('The log entry for the page protection could not be inserted.'); |
|
503 |
|
504 $q = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=' . $level . ' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';'); |
|
505 if ( !$q ) |
|
506 { |
|
507 $db->_die('The pages table was not updated.'); |
|
508 } |
478 |
509 |
479 return('good'); |
510 return('good'); |
480 } |
511 } |
481 |
512 |
482 /** |
513 /** |
549 else |
580 else |
550 { |
581 { |
551 $s1 = ''; |
582 $s1 = ''; |
552 $s2 = ''; |
583 $s2 = ''; |
553 } |
584 } |
554 if($ticker > 1) echo '<td class="'.$cls.'" style="padding: 0;"><input '.$s1.'name="diff1" type="radio" value="'.$r['time_id'].'" id="diff1_'.$r['time_id'].'" class="clsDiff1Radio" onclick="selectDiff1Button(this);" /></td>'."\n"; else echo '<td class="'.$cls.'"></td>'; |
585 if($ticker > 1) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s1 . 'name="diff1" type="radio" value="' . $r['time_id'] . '" id="diff1_' . $r['time_id'] . '" class="clsDiff1Radio" onclick="selectDiff1Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>'; |
555 if($ticker < $numrows) echo '<td class="'.$cls.'" style="padding: 0;"><input '.$s2.'name="diff2" type="radio" value="'.$r['time_id'].'" id="diff2_'.$r['time_id'].'" class="clsDiff2Radio" onclick="selectDiff2Button(this);" /></td>'."\n"; else echo '<td class="'.$cls.'"></td>'; |
586 if($ticker < $numrows) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s2 . 'name="diff2" type="radio" value="' . $r['time_id'] . '" id="diff2_' . $r['time_id'] . '" class="clsDiff2Radio" onclick="selectDiff2Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>'; |
556 |
587 |
557 // Date and time |
588 // Date and time |
558 echo '<td class="'.$cls.'">'.$r['date_string'].'</td class="'.$cls.'">'."\n"; |
589 echo '<td class="' . $cls . '">' . $r['date_string'] . '</td class="' . $cls . '">'."\n"; |
559 |
590 |
560 // User |
591 // User |
561 if($session->get_permissions('mod_misc') && preg_match('#^([0-9]*){1,3}\.([0-9]*){1,3}\.([0-9]*){1,3}\.([0-9]*){1,3}$#', $r['author'])) $rc = ' style="cursor: pointer;" title="Click cell background for reverse DNS info" onclick="ajaxReverseDNS(this, \''.$r['author'].'\');"'; |
592 if ( $session->get_permissions('mod_misc') && is_valid_ip($r['author']) ) |
562 else $rc = ''; |
593 { |
563 echo '<td class="'.$cls.'"'.$rc.'><a href="'.makeUrlNS('User', $r['author']).'" '; |
594 $rc = ' style="cursor: pointer;" title="Click cell background for reverse DNS info" onclick="ajaxReverseDNS(this, \'' . $r['author'] . '\');"'; |
564 if(!isPage($paths->nslist['User'] . $r['author'])) echo 'class="wikilink-nonexistent"'; |
595 } |
565 echo '>'.$r['author'].'</a></td class="'.$cls.'">'."\n"; |
596 else |
|
597 { |
|
598 $rc = ''; |
|
599 } |
|
600 echo '<td class="' . $cls . '"' . $rc . '><a href="'.makeUrlNS('User', $r['author']).'" '; |
|
601 if ( !isPage($paths->nslist['User'] . $r['author']) ) |
|
602 { |
|
603 echo 'class="wikilink-nonexistent"'; |
|
604 } |
|
605 echo '>' . $r['author'] . '</a></td class="' . $cls . '">'."\n"; |
566 |
606 |
567 // Edit summary |
607 // Edit summary |
568 echo '<td class="'.$cls.'">'.$r['edit_summary'].'</td>'."\n"; |
608 echo '<td class="' . $cls . '">' . $r['edit_summary'] . '</td>'."\n"; |
569 |
609 |
570 // Minor edit |
610 // Minor edit |
571 echo '<td class="'.$cls.'" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'."\n"; |
611 echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'."\n"; |
572 |
612 |
573 // Actions! |
613 // Actions! |
574 echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'oldid='.$r['time_id']).'" onclick="ajaxHistView(\''.$r['time_id'].'\'); return false;">View revision</a></td>'."\n"; |
614 echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'oldid=' . $r['time_id']) . '" onclick="ajaxHistView(\'' . $r['time_id'] . '\'); return false;">View revision</a></td>'."\n"; |
575 echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/'.$r['author']).'">View user contribs</a></td>'."\n"; |
615 echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">View user contribs</a></td>'."\n"; |
576 echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">Revert to this revision</a></td>'."\n"; |
616 echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">Revert to this revision</a></td>'."\n"; |
577 |
617 |
578 echo '</tr>'."\n"."\n"; |
618 echo '</tr>'."\n"."\n"; |
579 |
619 |
580 } |
620 } |
581 echo '</table> |
621 echo '</table> |
601 else $cls = 'row2'; |
641 else $cls = 'row2'; |
602 |
642 |
603 echo '<tr>'; |
643 echo '<tr>'; |
604 |
644 |
605 // Date and time |
645 // Date and time |
606 echo '<td class="'.$cls.'">'.$r['date_string'].'</td class="'.$cls.'">'; |
646 echo '<td class="' . $cls . '">' . $r['date_string'] . '</td class="' . $cls . '">'; |
607 |
647 |
608 // User |
648 // User |
609 echo '<td class="'.$cls.'"><a href="'.makeUrlNS('User', $r['author']).'" '; |
649 echo '<td class="' . $cls . '"><a href="'.makeUrlNS('User', $r['author']).'" '; |
610 if(!isPage($paths->nslist['User'] . $r['author'])) echo 'class="wikilink-nonexistent"'; |
650 if(!isPage($paths->nslist['User'] . $r['author'])) echo 'class="wikilink-nonexistent"'; |
611 echo '>'.$r['author'].'</a></td class="'.$cls.'">'; |
651 echo '>' . $r['author'] . '</a></td class="' . $cls . '">'; |
612 |
652 |
613 |
653 |
614 // Minor edit |
654 // Minor edit |
615 echo '<td class="'.$cls.'" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'; |
655 echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'; |
616 |
656 |
617 // Action taken |
657 // Action taken |
618 echo '<td class="'.$cls.'">'; |
658 echo '<td class="' . $cls . '">'; |
619 // Some of these are sanitized at insert-time. Others follow the newer Enano policy of stripping HTML at runtime. |
659 // Some of these are sanitized at insert-time. Others follow the newer Enano policy of stripping HTML at runtime. |
620 if ($r['action']=='prot') echo 'Protected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary']; |
660 if ($r['action']=='prot') echo 'Protected page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary']; |
621 elseif($r['action']=='unprot') echo 'Unprotected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary']; |
661 elseif($r['action']=='unprot') echo 'Unprotected page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary']; |
622 elseif($r['action']=='semiprot') echo 'Semi-protected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary']; |
662 elseif($r['action']=='semiprot') echo 'Semi-protected page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary']; |
623 elseif($r['action']=='rename') echo 'Renamed page</td><td class="'.$cls.'">Old title: '.htmlspecialchars($r['edit_summary']); |
663 elseif($r['action']=='rename') echo 'Renamed page</td><td class="' . $cls . '">Old title: '.htmlspecialchars($r['edit_summary']); |
624 elseif($r['action']=='create') echo 'Created page</td><td class="'.$cls.'">'; |
664 elseif($r['action']=='create') echo 'Created page</td><td class="' . $cls . '">'; |
625 elseif($r['action']=='delete') echo 'Deleted page</td><td class="'.$cls.'">Reason: '.$r['edit_summary']; |
665 elseif($r['action']=='delete') echo 'Deleted page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary']; |
626 elseif($r['action']=='reupload') echo 'Uploaded new file version</td><td class="'.$cls.'">Reason: '.htmlspecialchars($r['edit_summary']); |
666 elseif($r['action']=='reupload') echo 'Uploaded new file version</td><td class="' . $cls . '">Reason: '.htmlspecialchars($r['edit_summary']); |
627 echo '</td>'; |
667 echo '</td>'; |
628 |
668 |
629 // Actions! |
669 // Actions! |
630 echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/'.$r['author']).'">View user contribs</a></td>'; |
670 echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">View user contribs</a></td>'; |
631 echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">Revert action</a></td>'; |
671 echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">Revert action</a></td>'; |
632 |
672 |
633 //echo '(<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">rollback</a>) <i>'.$r['date_string'].'</i> '.$r['author'].' (<a href="'.makeUrl($paths->nslist['User'].$r['author']).'">Userpage</a>, <a href="'.makeUrl($paths->nslist['Special'].'Contributions/'.$r['author']).'">Contrib</a>): '; |
673 //echo '(<a href="#" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">rollback</a>) <i>' . $r['date_string'] . '</i> ' . $r['author'] . ' (<a href="'.makeUrl($paths->nslist['User'].$r['author']).'">Userpage</a>, <a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">Contrib</a>): '; |
634 |
674 |
635 if($r['minor_edit']) echo '<b> - minor edit</b>'; |
675 if($r['minor_edit']) echo '<b> - minor edit</b>'; |
636 echo '<br />'; |
676 echo '<br />'; |
637 |
677 |
638 echo '</tr>'; |
678 echo '</tr>'; |
716 { |
756 { |
717 case "edit": |
757 case "edit": |
718 if ( !$perms->get_permissions('edit_page') ) |
758 if ( !$perms->get_permissions('edit_page') ) |
719 return "You don't have permission to edit pages, so rolling back edits can't be allowed either."; |
759 return "You don't have permission to edit pages, so rolling back edits can't be allowed either."; |
720 $t = $db->escape($rb['page_text']); |
760 $t = $db->escape($rb['page_text']); |
721 $e = $db->sql_query('UPDATE '.table_prefix.'page_text SET page_text=\''.$t.'\',char_tag=\''.$rb['char_tag'].'\' WHERE page_id=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\''); |
761 $e = $db->sql_query('UPDATE ' . table_prefix.'page_text SET page_text=\'' . $t . '\',char_tag=\'' . $rb['char_tag'] . '\' WHERE page_id=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\''); |
722 if ( !$e ) |
762 if ( !$e ) |
723 { |
763 { |
724 return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace()); |
764 return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace()); |
725 } |
765 } |
726 else |
766 else |
727 { |
767 { |
728 return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the state it was in on '.$rb['date_string'].'.'; |
768 return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the state it was in on ' . $rb['date_string'] . '.'; |
729 } |
769 } |
730 break; |
770 break; |
731 case "rename": |
771 case "rename": |
732 if ( !$perms->get_permissions('rename') ) |
772 if ( !$perms->get_permissions('rename') ) |
733 return "You don't have permission to rename pages, so rolling back renames can't be allowed either."; |
773 return "You don't have permission to rename pages, so rolling back renames can't be allowed either."; |
734 $t = $db->escape($rb['edit_summary']); |
774 $t = $db->escape($rb['edit_summary']); |
735 $e = $db->sql_query('UPDATE '.table_prefix.'pages SET name=\''.$t.'\' WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\''); |
775 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET name=\'' . $t . '\' WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\''); |
736 if ( !$e ) |
776 if ( !$e ) |
737 { |
777 { |
738 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace(); |
778 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace(); |
739 } |
779 } |
740 else |
780 else |
741 { |
781 { |
742 return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the name it had ("'.$rb['edit_summary'].'") before '.$rb['date_string'].'.'; |
782 return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the name it had ("' . $rb['edit_summary'] . '") before ' . $rb['date_string'] . '.'; |
743 } |
783 } |
744 break; |
784 break; |
745 case "prot": |
785 case "prot": |
746 if ( !$perms->get_permissions('protect') ) |
786 if ( !$perms->get_permissions('protect') ) |
747 return "You don't have permission to protect pages, so rolling back protection can't be allowed either."; |
787 return "You don't have permission to protect pages, so rolling back protection can't be allowed either."; |
748 $e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=0 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\''); |
788 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=0 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\''); |
749 if ( !$e ) |
789 if ( !$e ) |
750 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace(); |
790 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace(); |
751 else |
791 else |
752 return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at '.$rb['date_string'].'.'; |
792 return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at ' . $rb['date_string'] . '.'; |
753 break; |
793 break; |
754 case "semiprot": |
794 case "semiprot": |
755 if ( !$perms->get_permissions('protect') ) |
795 if ( !$perms->get_permissions('protect') ) |
756 return "You don't have permission to protect pages, so rolling back protection can't be allowed either."; |
796 return "You don't have permission to protect pages, so rolling back protection can't be allowed either."; |
757 $e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=0 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\''); |
797 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=0 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\''); |
758 if ( !$e ) |
798 if ( !$e ) |
759 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace(); |
799 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace(); |
760 else |
800 else |
761 return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at '.$rb['date_string'].'.'; |
801 return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at ' . $rb['date_string'] . '.'; |
762 break; |
802 break; |
763 case "unprot": |
803 case "unprot": |
764 if ( !$perms->get_permissions('protect') ) |
804 if ( !$perms->get_permissions('protect') ) |
765 return "You don't have permission to protect pages, so rolling back protection can't be allowed either."; |
805 return "You don't have permission to protect pages, so rolling back protection can't be allowed either."; |
766 $e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=1 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\''); |
806 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=1 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\''); |
767 if ( !$e ) |
807 if ( !$e ) |
768 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace(); |
808 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace(); |
769 else |
809 else |
770 return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been protected according to the log created at '.$rb['date_string'].'.'; |
810 return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been protected according to the log created at ' . $rb['date_string'] . '.'; |
771 break; |
811 break; |
772 case "delete": |
812 case "delete": |
773 if ( !$perms->get_permissions('history_rollback_extra') ) |
813 if ( !$perms->get_permissions('history_rollback_extra') ) |
774 return 'Administrative privileges are required for page undeletion.'; |
814 return 'Administrative privileges are required for page undeletion.'; |
775 if ( isset($paths->pages[$paths->cpage['urlname']]) ) |
815 if ( isset($paths->pages[$paths->cpage['urlname']]) ) |
776 return 'You cannot raise a dead page that is alive.'; |
816 return 'You cannot raise a dead page that is alive.'; |
777 $name = str_replace('_', ' ', $rb['page_id']); |
817 $name = str_replace('_', ' ', $rb['page_id']); |
778 $e = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace) VALUES( \''.$name.'\', \''.$rb['page_id'].'\',\''.$rb['namespace'].'\' )');if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace()); |
818 $e = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace) VALUES( \'' . $name . '\', \'' . $rb['page_id'] . '\',\'' . $rb['namespace'] . '\' )');if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace()); |
779 $e = $db->sql_query('SELECT page_text,char_tag FROM '.table_prefix.'logs WHERE page_id=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\' AND log_type=\'page\' AND action=\'edit\' ORDER BY time_id DESC;'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace()); |
819 $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'logs WHERE page_id=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\' AND log_type=\'page\' AND action=\'edit\' ORDER BY time_id DESC;'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace()); |
780 $r = $db->fetchrow(); |
820 $r = $db->fetchrow(); |
781 $e = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\''.$rb['page_id'].'\',\''.$rb['namespace'].'\',\''.$db->escape($r['page_text']).'\',\''.$r['char_tag'].'\')'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace()); |
821 $e = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\'' . $rb['page_id'] . '\',\'' . $rb['namespace'] . '\',\'' . $db->escape($r['page_text']) . '\',\'' . $r['char_tag'] . '\')'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace()); |
782 return 'The page "'.$name.'" has been undeleted according to the log created at '.$rb['date_string'].'.'; |
822 return 'The page "' . $name . '" has been undeleted according to the log created at ' . $rb['date_string'] . '.'; |
783 break; |
823 break; |
784 case "reupload": |
824 case "reupload": |
785 if ( !$session->get_permissions('history_rollbacks_extra') ) |
825 if ( !$session->get_permissions('history_rollbacks_extra') ) |
786 { |
826 { |
787 return 'Administrative privileges are required for file rollbacks.'; |
827 return 'Administrative privileges are required for file rollbacks.'; |
788 } |
828 } |
789 $newtime = time(); |
829 $newtime = time(); |
790 $newdate = date('d M Y h:i a'); |
830 $newdate = date('d M Y h:i a'); |
791 if(!$db->sql_query('UPDATE '.table_prefix.'logs SET time_id='.$newtime.',date_string=\''.$newdate.'\' WHERE time_id='.$id)) |
831 if(!$db->sql_query('UPDATE ' . table_prefix.'logs SET time_id=' . $newtime . ',date_string=\'' . $newdate . '\' WHERE time_id=' . $id)) |
792 return 'Error during query: '.mysql_error(); |
832 return 'Error during query: '.mysql_error(); |
793 if(!$db->sql_query('UPDATE '.table_prefix.'files SET time_id='.$newtime.' WHERE time_id='.$id)) |
833 if(!$db->sql_query('UPDATE ' . table_prefix.'files SET time_id=' . $newtime . ' WHERE time_id=' . $id)) |
794 return 'Error during query: '.mysql_error(); |
834 return 'Error during query: '.mysql_error(); |
795 return 'The file has been rolled back to the version uploaded on '.date('d M Y h:i a', (int)$id).'.'; |
835 return 'The file has been rolled back to the version uploaded on '.date('d M Y h:i a', (int)$id).'.'; |
796 break; |
836 break; |
797 default: |
837 default: |
798 return('Rollback of the action "'.$rb['action'].'" is not yet supported.'); |
838 return('Rollback of the action "' . $rb['action'] . '" is not yet supported.'); |
799 break; |
839 break; |
800 } |
840 } |
801 break; |
841 break; |
802 case "security": |
842 case "security": |
803 case "login": |
843 case "login": |
804 return('A '.$rb['log_type'].'-related log entry cannot be rolled back.'); |
844 return('A ' . $rb['log_type'] . '-related log entry cannot be rolled back.'); |
805 break; |
845 break; |
806 default: |
846 default: |
807 return('Unknown log entry type: "'.$rb['log_type'].'"'); |
847 return('Unknown log entry type: "' . $rb['log_type'] . '"'); |
808 } |
848 } |
809 } |
849 } |
810 |
850 |
811 /** |
851 /** |
812 * Posts a comment. |
852 * Posts a comment. |
833 } |
873 } |
834 $text = RenderMan::preprocess_text($text); |
874 $text = RenderMan::preprocess_text($text); |
835 $name = $session->user_logged_in ? RenderMan::preprocess_text($session->username) : RenderMan::preprocess_text($name); |
875 $name = $session->user_logged_in ? RenderMan::preprocess_text($session->username) : RenderMan::preprocess_text($name); |
836 $subj = RenderMan::preprocess_text($subject); |
876 $subj = RenderMan::preprocess_text($subject); |
837 if(getConfig('approve_comments')=='1') $appr = '0'; else $appr = '1'; |
877 if(getConfig('approve_comments')=='1') $appr = '0'; else $appr = '1'; |
838 $q = 'INSERT INTO '.table_prefix.'comments(page_id,namespace,subject,comment_data,name,user_id,approved,time) VALUES(\''.$page_id.'\',\''.$namespace.'\',\''.$subj.'\',\''.$text.'\',\''.$name.'\','.$session->user_id.','.$appr.','.time().')'; |
878 $q = 'INSERT INTO ' . table_prefix.'comments(page_id,namespace,subject,comment_data,name,user_id,approved,time) VALUES(\'' . $page_id . '\',\'' . $namespace . '\',\'' . $subj . '\',\'' . $text . '\',\'' . $name . '\',' . $session->user_id . ',' . $appr . ','.time().')'; |
839 $e = $db->sql_query($q); |
879 $e = $db->sql_query($q); |
840 if(!$e) die('alert(unescape(\''.rawurlencode('Error inserting comment data: '.mysql_error().'\n\nQuery:\n'.$q).'\'))'); |
880 if(!$e) die('alert(unescape(\''.rawurlencode('Error inserting comment data: '.mysql_error().'\n\nQuery:\n' . $q) . '\'))'); |
841 else $_ob .= '<div class="info-box">Your comment has been posted.</div>'; |
881 else $_ob .= '<div class="info-box">Your comment has been posted.</div>'; |
842 return PageUtils::comments($page_id, $namespace, false, Array(), $_ob); |
882 return PageUtils::comments($page_id, $namespace, false, Array(), $_ob); |
843 } |
883 } |
844 |
884 |
845 /** |
885 /** |
865 { |
905 { |
866 switch($action) { |
906 switch($action) { |
867 case "delete": |
907 case "delete": |
868 if(isset($flags['id'])) |
908 if(isset($flags['id'])) |
869 { |
909 { |
870 $q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND comment_id='.intval($flags['id']).' LIMIT 1;'; |
910 $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id='.intval($flags['id']).' LIMIT 1;'; |
871 } else { |
911 } else { |
872 $n = $db->escape($flags['name']); |
912 $n = $db->escape($flags['name']); |
873 $s = $db->escape($flags['subj']); |
913 $s = $db->escape($flags['subj']); |
874 $t = $db->escape($flags['text']); |
914 $t = $db->escape($flags['text']); |
875 $q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND name=\''.$n.'\' AND subject=\''.$s.'\' AND comment_data=\''.$t.'\' LIMIT 1;'; |
915 $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;'; |
876 } |
916 } |
877 $e=$db->sql_query($q); |
917 $e=$db->sql_query($q); |
878 if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));'); |
918 if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));'); |
879 break; |
919 break; |
880 case "approve": |
920 case "approve": |
881 if(isset($flags['id'])) |
921 if(isset($flags['id'])) |
882 { |
922 { |
883 $where = 'comment_id='.intval($flags['id']); |
923 $where = 'comment_id='.intval($flags['id']); |
884 } else { |
924 } else { |
885 $n = $db->escape($flags['name']); |
925 $n = $db->escape($flags['name']); |
886 $s = $db->escape($flags['subj']); |
926 $s = $db->escape($flags['subj']); |
887 $t = $db->escape($flags['text']); |
927 $t = $db->escape($flags['text']); |
888 $where = 'name=\''.$n.'\' AND subject=\''.$s.'\' AND comment_data=\''.$t.'\''; |
928 $where = 'name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\''; |
889 } |
929 } |
890 $q = 'SELECT approved FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND '.$where.' LIMIT 1;'; |
930 $q = 'SELECT approved FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ' LIMIT 1;'; |
891 $e = $db->sql_query($q); |
931 $e = $db->sql_query($q); |
892 if(!$e) die('alert(unesape(\''.rawurlencode('Error selecting approval status: '.mysql_error().'\n\nQuery:\n'.$q).'\'));'); |
932 if(!$e) die('alert(unesape(\''.rawurlencode('Error selecting approval status: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));'); |
893 $r = $db->fetchrow(); |
933 $r = $db->fetchrow(); |
894 $db->free_result(); |
934 $db->free_result(); |
895 $a = ( $r['approved'] ) ? '0' : '1'; |
935 $a = ( $r['approved'] ) ? '0' : '1'; |
896 $q = 'UPDATE '.table_prefix.'comments SET approved='.$a.' WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND '.$where.';'; |
936 $q = 'UPDATE ' . table_prefix.'comments SET approved=' . $a . ' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ';'; |
897 $e=$db->sql_query($q); |
937 $e=$db->sql_query($q); |
898 if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));'); |
938 if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));'); |
899 if($a=='1') $v = 'Unapprove'; |
939 if($a=='1') $v = 'Unapprove'; |
900 else $v = 'Approve'; |
940 else $v = 'Approve'; |
901 echo 'document.getElementById("mdgApproveLink'.$_GET['id'].'").innerHTML="'.$v.'";'; |
941 echo 'document.getElementById("mdgApproveLink'.intval($_GET['id']).'").innerHTML="' . $v . '";'; |
902 break; |
942 break; |
903 } |
943 } |
904 } |
944 } |
905 |
945 |
906 if(!defined('ENANO_TEMPLATE_LOADED')) |
946 if(!defined('ENANO_TEMPLATE_LOADED')) |
908 $template->load_theme($session->theme, $session->style); |
948 $template->load_theme($session->theme, $session->style); |
909 } |
949 } |
910 |
950 |
911 $tpl = $template->makeParser('comment.tpl'); |
951 $tpl = $template->makeParser('comment.tpl'); |
912 |
952 |
913 $e = $db->sql_query('SELECT * FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND approved=0;'); |
953 $e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=0;'); |
914 if(!$e) $db->_die('The comment text data could not be selected.'); |
954 if(!$e) $db->_die('The comment text data could not be selected.'); |
915 $num_unapp = $db->numrows(); |
955 $num_unapp = $db->numrows(); |
916 $db->free_result(); |
956 $db->free_result(); |
917 $e = $db->sql_query('SELECT * FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND approved=1;'); |
957 $e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=1;'); |
918 if(!$e) $db->_die('The comment text data could not be selected.'); |
958 if(!$e) $db->_die('The comment text data could not be selected.'); |
919 $num_app = $db->numrows(); |
959 $num_app = $db->numrows(); |
920 $db->free_result(); |
960 $db->free_result(); |
921 $lq = $db->sql_query('SELECT c.comment_id,c.subject,c.name,c.comment_data,c.approved,c.time,c.user_id,u.user_level,u.signature |
961 $lq = $db->sql_query('SELECT c.comment_id,c.subject,c.name,c.comment_data,c.approved,c.time,c.user_id,u.user_level,u.signature |
922 FROM '.table_prefix.'comments AS c |
962 FROM ' . table_prefix.'comments AS c |
923 LEFT JOIN '.table_prefix.'users AS u |
963 LEFT JOIN ' . table_prefix.'users AS u |
924 ON c.user_id=u.user_id |
964 ON c.user_id=u.user_id |
925 WHERE page_id=\''.$page_id.'\' |
965 WHERE page_id=\'' . $page_id . '\' |
926 AND namespace=\''.$namespace.'\' ORDER BY c.time ASC;'); |
966 AND namespace=\'' . $namespace . '\' ORDER BY c.time ASC;'); |
927 if(!$lq) _die('The comment text data could not be selected. '.mysql_error()); |
967 if(!$lq) _die('The comment text data could not be selected. '.mysql_error()); |
928 $_ob .= '<h3>Article Comments</h3>'; |
968 $_ob .= '<h3>Article Comments</h3>'; |
929 $n = ( $session->get_permissions('mod_comments')) ? $db->numrows() : $num_app; |
969 $n = ( $session->get_permissions('mod_comments')) ? $db->numrows() : $num_app; |
930 if($n==1) $s = 'is '.$n.' comment'; else $s = 'are '.$n.' comments'; |
970 if($n==1) $s = 'is ' . $n . ' comment'; else $s = 'are ' . $n . ' comments'; |
931 if($n < 1) |
971 if($n < 1) |
932 { |
972 { |
933 $_ob .= '<p>There are currently no comments on this '.strtolower($namespace).''; |
973 $_ob .= '<p>There are currently no comments on this '.strtolower($namespace).''; |
934 if($namespace != 'Article') $_ob .= ' page'; |
974 if($namespace != 'Article') $_ob .= ' page'; |
935 $_ob .= '.</p>'; |
975 $_ob .= '.</p>'; |
936 } else $_ob .= '<p>There '.$s.' on this article.'; |
976 } else $_ob .= '<p>There ' . $s . ' on this article.'; |
937 if($session->get_permissions('mod_comments') && $num_unapp > 0) $_ob .= ' <span style="color: #D84308">'.$num_unapp.' of those are unapproved.</span>'; |
977 if($session->get_permissions('mod_comments') && $num_unapp > 0) $_ob .= ' <span style="color: #D84308">' . $num_unapp . ' of those are unapproved.</span>'; |
938 elseif(!$session->get_permissions('mod_comments') && $num_unapp > 0) { $u = ($num_unapp == 1) ? "is $num_unapp comment" : "are $num_unapp comments"; $_ob .= ' However, there ' . $u . ' awating approval.'; } |
978 elseif(!$session->get_permissions('mod_comments') && $num_unapp > 0) { $u = ($num_unapp == 1) ? "is $num_unapp comment" : "are $num_unapp comments"; $_ob .= ' However, there ' . $u . ' awating approval.'; } |
939 $_ob .= '</p>'; |
979 $_ob .= '</p>'; |
940 $list = 'list = { '; |
980 $list = 'list = { '; |
941 // _die(htmlspecialchars($ttext)); |
981 // _die(htmlspecialchars($ttext)); |
942 $i = -1; |
982 $i = -1; |
943 while($row = $db->fetchrow($lq)) |
983 while($row = $db->fetchrow($lq)) |
944 { |
984 { |
945 $i++; |
985 $i++; |
946 $strings = Array(); |
986 $strings = Array(); |
947 $bool = Array(); |
987 $bool = Array(); |
948 if($session->get_permissions('mod_comments') || $row['approved']) { |
988 if ( $session->get_permissions('mod_comments') || $row['approved'] ) |
|
989 { |
949 $list .= $i . ' : { \'comment\' : unescape(\''.rawurlencode($row['comment_data']).'\'), \'name\' : unescape(\''.rawurlencode($row['name']).'\'), \'subject\' : unescape(\''.rawurlencode($row['subject']).'\'), }, '; |
990 $list .= $i . ' : { \'comment\' : unescape(\''.rawurlencode($row['comment_data']).'\'), \'name\' : unescape(\''.rawurlencode($row['name']).'\'), \'subject\' : unescape(\''.rawurlencode($row['subject']).'\'), }, '; |
950 |
991 |
951 // Comment ID (used in the Javascript apps) |
992 // Comment ID (used in the Javascript apps) |
952 $strings['ID'] = (string)$i; |
993 $strings['ID'] = (string)$i; |
953 |
994 |
1004 // Delete link |
1045 // Delete link |
1005 $strings['DELETE_LINK'] = ''; |
1046 $strings['DELETE_LINK'] = ''; |
1006 } |
1047 } |
1007 |
1048 |
1008 // Send PM link |
1049 // Send PM link |
1009 $strings['SEND_PM_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/To/'.$row['name']).'">Send private message</a><br />' : ''; |
1050 $strings['SEND_PM_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/To/' . $row['name']) . '">Send private message</a><br />' : ''; |
1010 |
1051 |
1011 // Add Buddy link |
1052 // Add Buddy link |
1012 $strings['ADD_BUDDY_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add/'.$row['name']).'">Add to buddy list</a>' : ''; |
1053 $strings['ADD_BUDDY_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add/' . $row['name']) . '">Add to buddy list</a>' : ''; |
1013 |
1054 |
1014 // Mod links |
1055 // Mod links |
1015 $applink = ''; |
1056 $applink = ''; |
1016 $applink .= '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=approve&id='.$row['comment_id']).'" id="mdgApproveLink'.$i.'">'; |
1057 $applink .= '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=approve&id=' . $row['comment_id']) . '" id="mdgApproveLink' . $i . '">'; |
1017 if($row['approved']) $applink .= 'Unapprove'; |
1058 if($row['approved']) $applink .= 'Unapprove'; |
1018 else $applink .= 'Approve'; |
1059 else $applink .= 'Approve'; |
1019 $applink .= '</a>'; |
1060 $applink .= '</a>'; |
1020 $strings['MOD_APPROVE_LINK'] = $applink; unset($applink); |
1061 $strings['MOD_APPROVE_LINK'] = $applink; unset($applink); |
1021 $strings['MOD_DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=delete&id='.$row['comment_id']).'">Delete</a>'; |
1062 $strings['MOD_DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=delete&id=' . $row['comment_id']) . '">Delete</a>'; |
1022 |
1063 |
1023 // Signature |
1064 // Signature |
1024 $strings['SIGNATURE'] = ''; |
1065 $strings['SIGNATURE'] = ''; |
1025 if($row['signature'] != '') $strings['SIGNATURE'] = RenderMan::render($row['signature']); |
1066 if($row['signature'] != '') $strings['SIGNATURE'] = RenderMan::render($row['signature']); |
1026 |
1067 |
1043 else |
1084 else |
1044 { |
1085 { |
1045 $_ob .= '<h3>Got something to say?</h3>If you have comments or suggestions on this article, you can shout it out here.'; |
1086 $_ob .= '<h3>Got something to say?</h3>If you have comments or suggestions on this article, you can shout it out here.'; |
1046 if(getConfig('approve_comments')=='1') $_ob .= ' Before your comment will be visible to the public, a moderator will have to approve it.'; |
1087 if(getConfig('approve_comments')=='1') $_ob .= ' Before your comment will be visible to the public, a moderator will have to approve it.'; |
1047 if(getConfig('comments_need_login') == '1' && !$session->user_logged_in) $_ob .= ' Because you are not logged in, you will need to enter a visual confirmation before your comment will be posted.'; |
1088 if(getConfig('comments_need_login') == '1' && !$session->user_logged_in) $_ob .= ' Because you are not logged in, you will need to enter a visual confirmation before your comment will be posted.'; |
1048 $sn = $session->user_logged_in ? $session->username . '<input name="name" id="mdgScreenName" type="hidden" value="'.$session->username.'" />' : '<input name="name" id="mdgScreenName" type="text" size="35" />'; |
1089 $sn = $session->user_logged_in ? $session->username . '<input name="name" id="mdgScreenName" type="hidden" value="' . $session->username . '" />' : '<input name="name" id="mdgScreenName" type="text" size="35" />'; |
1049 $_ob .= ' <a href="#" id="mdgCommentFormLink" style="display: none;" onclick="document.getElementById(\'mdgCommentForm\').style.display=\'block\';this.style.display=\'none\';return false;">Leave a comment...</a> |
1090 $_ob .= ' <a href="#" id="mdgCommentFormLink" style="display: none;" onclick="document.getElementById(\'mdgCommentForm\').style.display=\'block\';this.style.display=\'none\';return false;">Leave a comment...</a> |
1050 <div id="mdgCommentForm"> |
1091 <div id="mdgCommentForm"> |
1051 <h3>Comment form</h3> |
1092 <h3>Comment form</h3> |
1052 <form action="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=postcomment').'" method="post" style="margin-left: 1em"> |
1093 <form action="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=postcomment').'" method="post" style="margin-left: 1em"> |
1053 <table border="0"> |
1094 <table border="0"> |
1054 <tr><td>Your name or screen name:</td><td>'.$sn.'</td></tr> |
1095 <tr><td>Your name or screen name:</td><td>' . $sn . '</td></tr> |
1055 <tr><td>Comment subject:</td><td><input name="subj" id="mdgSubject" type="text" size="35" /></td></tr>'; |
1096 <tr><td>Comment subject:</td><td><input name="subj" id="mdgSubject" type="text" size="35" /></td></tr>'; |
1056 if(getConfig('comments_need_login') == '1' && !$session->user_logged_in) |
1097 if(getConfig('comments_need_login') == '1' && !$session->user_logged_in) |
1057 { |
1098 { |
1058 $session->kill_captcha(); |
1099 $session->kill_captcha(); |
1059 $captcha = $session->make_captcha(); |
1100 $captcha = $session->make_captcha(); |
1060 $_ob .= '<tr><td>Visual confirmation:<br /><small>Please enter the code you see on the right.</small></td><td><img src="'.makeUrlNS('Special', 'Captcha/'.$captcha).'" alt="Visual confirmation" style="cursor: pointer;" onclick="this.src = \''.makeUrlNS("Special", "Captcha/".$captcha).'/\'+Math.floor(Math.random() * 100000);" /><input name="captcha_id" id="mdgCaptchaID" type="hidden" value="'.$captcha.'" /><br />Code: <input name="captcha_input" id="mdgCaptchaInput" type="text" size="10" /><br /><small><script type="text/javascript">document.write("If you can\'t read the code, click on the image to generate a new one.");</script><noscript>If you can\'t read the code, please refresh this page to generate a new one.</noscript></small></td></tr>'; |
1101 $_ob .= '<tr><td>Visual confirmation:<br /><small>Please enter the code you see on the right.</small></td><td><img src="'.makeUrlNS('Special', 'Captcha/' . $captcha) . '" alt="Visual confirmation" style="cursor: pointer;" onclick="this.src = \''.makeUrlNS("Special", "Captcha/".$captcha).'/\'+Math.floor(Math.random() * 100000);" /><input name="captcha_id" id="mdgCaptchaID" type="hidden" value="' . $captcha . '" /><br />Code: <input name="captcha_input" id="mdgCaptchaInput" type="text" size="10" /><br /><small><script type="text/javascript">document.write("If you can\'t read the code, click on the image to generate a new one.");</script><noscript>If you can\'t read the code, please refresh this page to generate a new one.</noscript></small></td></tr>'; |
1061 } |
1102 } |
1062 $_ob .= ' |
1103 $_ob .= ' |
1063 <tr><td valign="top">Comment text:<br />(most HTML will be stripped)</td><td><textarea name="text" id="mdgCommentArea" rows="10" cols="40"></textarea></td></tr> |
1104 <tr><td valign="top">Comment text:<br />(most HTML will be stripped)</td><td><textarea name="text" id="mdgCommentArea" rows="10" cols="40"></textarea></td></tr> |
1064 <tr><td colspan="2" style="text-align: center;"><input type="submit" value="Submit Comment" /></td></tr> |
1105 <tr><td colspan="2" style="text-align: center;"><input type="submit" value="Submit Comment" /></td></tr> |
1065 </table> |
1106 </table> |
1066 </form> |
1107 </form> |
1067 </div>'; |
1108 </div>'; |
1068 } |
1109 } |
1069 } else { |
1110 } else { |
1070 $_ob .= '<h3>Got something to say?</h3><p>You need to be logged in to post comments. <a href="'.makeUrlNS('Special', 'Login/'.$pname.'%2523comments').'">Log in</a></p>'; |
1111 $_ob .= '<h3>Got something to say?</h3><p>You need to be logged in to post comments. <a href="'.makeUrlNS('Special', 'Login/' . $pname . '%2523comments').'">Log in</a></p>'; |
1071 } |
1112 } |
1072 $list .= '};'; |
1113 $list .= '};'; |
1073 echo 'document.getElementById(\'ajaxEditContainer\').innerHTML = unescape(\''. rawurlencode($_ob) .'\'); |
1114 echo 'document.getElementById(\'ajaxEditContainer\').innerHTML = unescape(\''. rawurlencode($_ob) .'\'); |
1074 ' . $list; |
1115 ' . $list; |
1075 echo 'Fat.fade_all(); document.getElementById(\'mdgCommentForm\').style.display = \'none\'; document.getElementById(\'mdgCommentFormLink\').style.display="inline";'; |
1116 echo 'Fat.fade_all(); document.getElementById(\'mdgCommentForm\').style.display = \'none\'; document.getElementById(\'mdgCommentFormLink\').style.display="inline";'; |
1136 $old_subject = $db->escape($old_subject); |
1177 $old_subject = $db->escape($old_subject); |
1137 // Safety check - username/login |
1178 // Safety check - username/login |
1138 if(!$session->get_permissions('mod_comments')) // allow mods to edit comments |
1179 if(!$session->get_permissions('mod_comments')) // allow mods to edit comments |
1139 { |
1180 { |
1140 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.'); |
1181 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.'); |
1141 $q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_data=\''.$old_text.'\' AND subject=\''.$old_subject.'\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;'; |
1182 $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;'; |
1142 $s = $db->sql_query($q); |
1183 $s = $db->sql_query($q); |
1143 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>'); |
1184 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>'); |
1144 $r = $db->fetchrow($s); |
1185 $r = $db->fetchrow($s); |
1145 $db->free_result(); |
1186 $db->free_result(); |
1146 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.'); |
1187 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.'); |
1147 } |
1188 } |
1148 $s = RenderMan::preprocess_text($subject); |
1189 $s = RenderMan::preprocess_text($subject); |
1149 $t = RenderMan::preprocess_text($text); |
1190 $t = RenderMan::preprocess_text($text); |
1150 $sql = 'UPDATE '.table_prefix.'comments SET subject=\''.$s.'\',comment_data=\''.$t.'\' WHERE comment_data=\''.$old_text.'\' AND subject=\''.$old_subject.'\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\''; |
1191 $sql = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\''; |
1151 $result = $db->sql_query($sql); |
1192 $result = $db->sql_query($sql); |
1152 if($result) |
1193 if($result) |
1153 { |
1194 { |
1154 return 'result="GOOD"; |
1195 return 'result="GOOD"; |
1155 list['.$id.'][\'subject\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $s))))).'\'); |
1196 list[' . $id . '][\'subject\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $s))))).'\'); |
1156 list['.$id.'][\'comment\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t))))).'\'); id = '.$id.'; |
1197 list[' . $id . '][\'comment\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t))))).'\'); id = ' . $id . '; |
1157 s = unescape(\''.rawurlencode($s).'\'); |
1198 s = unescape(\''.rawurlencode($s).'\'); |
1158 t = unescape(\''.str_replace('%5Cn', '<br \\/>', rawurlencode(RenderMan::render(str_replace('{{EnAnO:Newline}}', "\n", stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t)))))).'\');'; |
1199 t = unescape(\''.str_replace('%5Cn', '<br \\/>', rawurlencode(RenderMan::render(str_replace('{{EnAnO:Newline}}', "\n", stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t)))))).'\');'; |
1159 } |
1200 } |
1160 else |
1201 else |
1161 { |
1202 { |
1162 return 'result="BAD"; error=unescape("'.rawurlencode('Enano encountered a problem whilst saving the comment. |
1203 return 'result="BAD"; error=unescape("'.rawurlencode('Enano encountered a problem whilst saving the comment. |
1163 Performed SQL: |
1204 Performed SQL: |
1164 '.$sql.' |
1205 ' . $sql . ' |
1165 |
1206 |
1166 Error returned by MySQL: '.mysql_error()).'");'; |
1207 Error returned by MySQL: '.mysql_error()).'");'; |
1167 } |
1208 } |
1168 } |
1209 } |
1169 |
1210 |
1185 return 'Access denied'; |
1226 return 'Access denied'; |
1186 // Safety check - username/login |
1227 // Safety check - username/login |
1187 if(!$session->get_permissions('mod_comments')) // allow mods to edit comments |
1228 if(!$session->get_permissions('mod_comments')) // allow mods to edit comments |
1188 { |
1229 { |
1189 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.'); |
1230 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.'); |
1190 $q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_id='.$id.' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;'; |
1231 $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;'; |
1191 $s = $db->sql_query($q); |
1232 $s = $db->sql_query($q); |
1192 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>'); |
1233 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>'); |
1193 $r = $db->fetchrow($s); |
1234 $r = $db->fetchrow($s); |
1194 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.'); |
1235 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.'); |
1195 $db->free_result(); |
1236 $db->free_result(); |
1196 } |
1237 } |
1197 $s = RenderMan::preprocess_text($subject); |
1238 $s = RenderMan::preprocess_text($subject); |
1198 $t = RenderMan::preprocess_text($text); |
1239 $t = RenderMan::preprocess_text($text); |
1199 $sql = 'UPDATE '.table_prefix.'comments SET subject=\''.$s.'\',comment_data=\''.$t.'\' WHERE comment_id='.$id.' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\''; |
1240 $sql = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\''; |
1200 $result = $db->sql_query($sql); |
1241 $result = $db->sql_query($sql); |
1201 if($result) |
1242 if($result) |
1202 return 'good'; |
1243 return 'good'; |
1203 else return 'Enano encountered a problem whilst saving the comment. |
1244 else return 'Enano encountered a problem whilst saving the comment. |
1204 Performed SQL: |
1245 Performed SQL: |
1205 '.$sql.' |
1246 ' . $sql . ' |
1206 |
1247 |
1207 Error returned by MySQL: '.mysql_error(); |
1248 Error returned by MySQL: '.mysql_error(); |
1208 } |
1249 } |
1209 |
1250 |
1210 /** |
1251 /** |
1232 |
1273 |
1233 // Safety check - username/login |
1274 // Safety check - username/login |
1234 if(!$session->get_permissions('mod_comments')) // allows mods to delete comments |
1275 if(!$session->get_permissions('mod_comments')) // allows mods to delete comments |
1235 { |
1276 { |
1236 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.'); |
1277 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.'); |
1237 $q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_data=\''.$t.'\' AND subject=\''.$s.'\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;'; |
1278 $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $t . '\' AND subject=\'' . $s . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;'; |
1238 $s = $db->sql_query($q); |
1279 $s = $db->sql_query($q); |
1239 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>'); |
1280 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>'); |
1240 $r = $db->fetchrow($s); |
1281 $r = $db->fetchrow($s); |
1241 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.'); |
1282 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.'); |
1242 $db->free_result(); |
1283 $db->free_result(); |
1243 } |
1284 } |
1244 $q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND name=\''.$n.'\' AND subject=\''.$s.'\' AND comment_data=\''.$t.'\' LIMIT 1;'; |
1285 $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;'; |
1245 $e=$db->sql_query($q); |
1286 $e=$db->sql_query($q); |
1246 if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));'); |
1287 if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));'); |
1247 return('good'); |
1288 return('good'); |
1248 } |
1289 } |
1249 |
1290 |
1250 /** |
1291 /** |
1251 * Deletes a comment in a cleaner fashion. |
1292 * Deletes a comment in a cleaner fashion. |
1266 |
1307 |
1267 // Safety check - username/login |
1308 // Safety check - username/login |
1268 if(!$session->get_permissions('mod_comments')) // allows mods to delete comments |
1309 if(!$session->get_permissions('mod_comments')) // allows mods to delete comments |
1269 { |
1310 { |
1270 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.'); |
1311 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.'); |
1271 $q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_id='.$id.' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;'; |
1312 $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;'; |
1272 $s = $db->sql_query($q); |
1313 $s = $db->sql_query($q); |
1273 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>'); |
1314 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>'); |
1274 $r = $db->fetchrow($s); |
1315 $r = $db->fetchrow($s); |
1275 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.'); |
1316 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.'); |
1276 $db->free_result(); |
1317 $db->free_result(); |
1277 } |
1318 } |
1278 $q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND comment_id='.$id.' LIMIT 1;'; |
1319 $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id=' . $id . ' LIMIT 1;'; |
1279 $e=$db->sql_query($q); |
1320 $e=$db->sql_query($q); |
1280 if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));'); |
1321 if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));'); |
1281 return('good'); |
1322 return('good'); |
1282 } |
1323 } |
1283 |
1324 |
1284 /** |
1325 /** |
1285 * Renames a page. |
1326 * Renames a page. |
1302 { |
1343 { |
1303 die('Name is too short'); |
1344 die('Name is too short'); |
1304 } |
1345 } |
1305 if( ( $session->get_permissions('rename') && ( ( $prot && $session->get_permissions('even_when_protected') ) || !$prot ) ) && ( $paths->namespace != 'Special' && $paths->namespace != 'Admin' )) |
1346 if( ( $session->get_permissions('rename') && ( ( $prot && $session->get_permissions('even_when_protected') ) || !$prot ) ) && ( $paths->namespace != 'Special' && $paths->namespace != 'Admin' )) |
1306 { |
1347 { |
1307 $e = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'rename\', \''.$db->escape($paths->cpage['urlname_nons']).'\', \''.$paths->namespace.'\', \''.$db->escape($session->username).'\', \''.$db->escape($paths->cpage['name']).'\')'); |
1348 $e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'rename\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $paths->namespace . '\', \'' . $db->escape($session->username) . '\', \'' . $db->escape($paths->cpage['name']) . '\')'); |
1308 if ( !$e ) |
1349 if ( !$e ) |
1309 { |
1350 { |
1310 $db->_die('The page title could not be updated.'); |
1351 $db->_die('The page title could not be updated.'); |
1311 } |
1352 } |
1312 $e = $db->sql_query('UPDATE '.table_prefix.'pages SET name=\''.$db->escape($name).'\' WHERE urlname=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\';'); |
1353 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET name=\'' . $db->escape($name) . '\' WHERE urlname=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';'); |
1313 if ( !$e ) |
1354 if ( !$e ) |
1314 { |
1355 { |
1315 $db->_die('The page title could not be updated.'); |
1356 $db->_die('The page title could not be updated.'); |
1316 } |
1357 } |
1317 else |
1358 else |
1318 { |
1359 { |
1319 return('The page "'.$paths->pages[$pname]['name'].'" has been renamed to "'.$name.'". You are encouraged to leave a comment explaining your action.' . "\n\n" . 'You will see the change take effect the next time you reload this page.'); |
1360 return('The page "' . $paths->pages[$pname]['name'] . '" has been renamed to "' . $name . '". You are encouraged to leave a comment explaining your action.' . "\n\n" . 'You will see the change take effect the next time you reload this page.'); |
1320 } |
1361 } |
1321 } |
1362 } |
1322 else |
1363 else |
1323 { |
1364 { |
1324 return('Access is denied.'); |
1365 return('Access is denied.'); |
1334 |
1375 |
1335 function flushlogs($page_id, $namespace) |
1376 function flushlogs($page_id, $namespace) |
1336 { |
1377 { |
1337 global $db, $session, $paths, $template, $plugins; // Common objects |
1378 global $db, $session, $paths, $template, $plugins; // Common objects |
1338 if(!$session->get_permissions('clear_logs')) die('Administrative privileges are required to flush logs, you loser.'); |
1379 if(!$session->get_permissions('clear_logs')) die('Administrative privileges are required to flush logs, you loser.'); |
1339 $e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE page_id=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\';'); |
1380 $e = $db->sql_query('DELETE FROM ' . table_prefix.'logs WHERE page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';'); |
1340 if(!$e) $db->_die('The log entries could not be deleted.'); |
1381 if(!$e) $db->_die('The log entries could not be deleted.'); |
1341 |
1382 |
1342 // If the page exists, make a backup of it in case it gets spammed/vandalized |
1383 // If the page exists, make a backup of it in case it gets spammed/vandalized |
1343 // If not, the admin's probably deleting a trash page |
1384 // If not, the admin's probably deleting a trash page |
1344 if ( isset($paths->pages[ $paths->nslist[$namespace] . $page_id ]) ) |
1385 if ( isset($paths->pages[ $paths->nslist[$namespace] . $page_id ]) ) |
1345 { |
1386 { |
1346 $e = $db->sql_query('SELECT page_text,char_tag FROM '.table_prefix.'page_text WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';'); |
1387 $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';'); |
1347 if(!$e) $db->_die('The current page text could not be selected; as a result, creating the backup of the page failed. Please make a backup copy of the page by clicking Edit this page and then clicking Save Changes.'); |
1388 if(!$e) $db->_die('The current page text could not be selected; as a result, creating the backup of the page failed. Please make a backup copy of the page by clicking Edit this page and then clicking Save Changes.'); |
1348 $row = $db->fetchrow(); |
1389 $row = $db->fetchrow(); |
1349 $db->free_result(); |
1390 $db->free_result(); |
1350 $q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape($row['page_text']).'\', \''.$row['char_tag'].'\', \''.$session->username.'\', \''."Automatic backup created when logs were purged".'\', '.'false'.');'; |
1391 $q='INSERT INTO ' . table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape($row['page_text']) . '\', \'' . $row['char_tag'] . '\', \'' . $session->username . '\', \''."Automatic backup created when logs were purged".'\', '.'false'.');'; |
1351 if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.'); |
1392 if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.'); |
1352 } |
1393 } |
1353 return('The logs for this page have been cleared. A backup of this page has been added to the logs table so that this page can be restored in case of vandalism or spam later.'); |
1394 return('The logs for this page have been cleared. A backup of this page has been added to the logs table so that this page can be restored in case of vandalism or spam later.'); |
1354 } |
1395 } |
1355 |
1396 |
1369 if ( empty($x) ) |
1410 if ( empty($x) ) |
1370 { |
1411 { |
1371 return 'Invalid reason for deletion passed'; |
1412 return 'Invalid reason for deletion passed'; |
1372 } |
1413 } |
1373 if(!$perms->get_permissions('delete_page')) return('Administrative privileges are required to delete pages, you loser.'); |
1414 if(!$perms->get_permissions('delete_page')) return('Administrative privileges are required to delete pages, you loser.'); |
1374 $e = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'delete\', \''.$page_id.'\', \''.$namespace.'\', \''.$session->username.'\', \'' . $db->escape(htmlspecialchars($reason)) . '\')'); |
1415 $e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'delete\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\')'); |
1375 if(!$e) $db->_die('The page log entry could not be inserted.'); |
1416 if(!$e) $db->_die('The page log entry could not be inserted.'); |
1376 $e = $db->sql_query('DELETE FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\''); |
1417 $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\''); |
1377 if(!$e) $db->_die('The page categorization entries could not be deleted.'); |
1418 if(!$e) $db->_die('The page categorization entries could not be deleted.'); |
1378 $e = $db->sql_query('DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\''); |
1419 $e = $db->sql_query('DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\''); |
1379 if(!$e) $db->_die('The page comments could not be deleted.'); |
1420 if(!$e) $db->_die('The page comments could not be deleted.'); |
1380 $e = $db->sql_query('DELETE FROM '.table_prefix.'page_text WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\''); |
1421 $e = $db->sql_query('DELETE FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\''); |
1381 if(!$e) $db->_die('The page text entry could not be deleted.'); |
1422 if(!$e) $db->_die('The page text entry could not be deleted.'); |
1382 $e = $db->sql_query('DELETE FROM '.table_prefix.'pages WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\''); |
1423 $e = $db->sql_query('DELETE FROM ' . table_prefix.'pages WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\''); |
1383 if(!$e) $db->_die('The page entry could not be deleted.'); |
1424 if(!$e) $db->_die('The page entry could not be deleted.'); |
1384 $e = $db->sql_query('DELETE FROM '.table_prefix.'files WHERE page_id=\''.$page_id.'\''); |
1425 $e = $db->sql_query('DELETE FROM ' . table_prefix.'files WHERE page_id=\'' . $page_id . '\''); |
1385 if(!$e) $db->_die('The file entry could not be deleted.'); |
1426 if(!$e) $db->_die('The file entry could not be deleted.'); |
1386 return('This page has been deleted. Note that there is still a log of edits and actions in the database, and anyone with admin rights can raise this page from the dead unless the log is cleared. If the deleted file is an image, there may still be cached thumbnails of it in the cache/ directory, which is inaccessible to users.'); |
1427 return('This page has been deleted. Note that there is still a log of edits and actions in the database, and anyone with admin rights can raise this page from the dead unless the log is cleared. If the deleted file is an image, there may still be cached thumbnails of it in the cache/ directory, which is inaccessible to users.'); |
1387 } |
1428 } |
1388 |
1429 |
1389 /** |
1430 /** |
1634 ( !$page_perms->get_permissions('even_when_protected') && $page_data['protected'] == '1' ) ) |
1678 ( !$page_perms->get_permissions('even_when_protected') && $page_data['protected'] == '1' ) ) |
1635 $auth = false; |
1679 $auth = false; |
1636 if(!$auth) |
1680 if(!$auth) |
1637 { |
1681 { |
1638 // Find out if the page is currently in the category |
1682 // Find out if the page is currently in the category |
1639 $q = $db->sql_query('SELECT * FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';'); |
1683 $q = $db->sql_query('SELECT * FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';'); |
1640 if(!$q) |
1684 if(!$q) |
1641 return 'MySQL error: '.$db->get_error(); |
1685 return 'MySQL error: ' . $db->get_error(); |
1642 if($db->numrows() > 0) |
1686 if($db->numrows() > 0) |
1643 { |
1687 { |
1644 $auth = true; |
1688 $auth = true; |
1645 $which_cats[$cat_all[$i]['urlname_nons']] = true; // Force the category to stay in its current state |
1689 $which_cats[$cat_all[$i]['urlname_nons']] = true; // Force the category to stay in its current state |
1646 } |
1690 } |
1647 $db->free_result(); |
1691 $db->free_result(); |
1648 } |
1692 } |
1649 if(isset($which_cats[$cat_all[$i]['urlname_nons']]) && $which_cats[$cat_all[$i]['urlname_nons']] == true /* for clarity ;-) */ && $auth ) $rowlist[] = '(\''.$page_id.'\', \''.$namespace.'\', \''.$cat_all[$i]['urlname_nons'].'\')'; |
1693 if(isset($which_cats[$cat_all[$i]['urlname_nons']]) && $which_cats[$cat_all[$i]['urlname_nons']] == true /* for clarity ;-) */ && $auth ) $rowlist[] = '(\'' . $page_id . '\', \'' . $namespace . '\', \'' . $cat_all[$i]['urlname_nons'] . '\')'; |
1650 } |
1694 } |
1651 if(sizeof($rowlist) > 0) |
1695 if(sizeof($rowlist) > 0) |
1652 { |
1696 { |
1653 $val = implode(',', $rowlist); |
1697 $val = implode(',', $rowlist); |
1654 $q = 'INSERT INTO '.table_prefix.'categories(page_id,namespace,category_id) VALUES' . $val . ';'; |
1698 $q = 'INSERT INTO ' . table_prefix.'categories(page_id,namespace,category_id) VALUES' . $val . ';'; |
1655 $e = $db->sql_query('DELETE FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';'); |
1699 $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';'); |
1656 if(!$e) $db->_die('The old category data could not be deleted.'); |
1700 if(!$e) $db->_die('The old category data could not be deleted.'); |
1657 $e = $db->sql_query($q); |
1701 $e = $db->sql_query($q); |
1658 if(!$e) $db->_die('The new category data could not be inserted.'); |
1702 if(!$e) $db->_die('The new category data could not be inserted.'); |
1659 return('GOOD'); |
1703 return('GOOD'); |
1660 } |
1704 } |
1661 else |
1705 else |
1662 { |
1706 { |
1663 $e = $db->sql_query('DELETE FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';'); |
1707 $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';'); |
1664 if(!$e) $db->_die('The old category data could not be deleted.'); |
1708 if(!$e) $db->_die('The old category data could not be deleted.'); |
1665 return('GOOD'); |
1709 return('GOOD'); |
1666 } |
1710 } |
1667 } |
1711 } |
1668 |
1712 |
1759 return 'Access denied'; |
1821 return 'Access denied'; |
1760 if(!preg_match('#^([0-9]+)$#', (string)$id1) || |
1822 if(!preg_match('#^([0-9]+)$#', (string)$id1) || |
1761 !preg_match('#^([0-9]+)$#', (string)$id2 )) return 'SQL injection attempt'; |
1823 !preg_match('#^([0-9]+)$#', (string)$id2 )) return 'SQL injection attempt'; |
1762 // OK we made it through security |
1824 // OK we made it through security |
1763 // Safest way to make sure we don't end up with the revisions in wrong columns is to make 2 queries |
1825 // Safest way to make sure we don't end up with the revisions in wrong columns is to make 2 queries |
1764 if(!$q1 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM '.table_prefix.'logs WHERE time_id='.$id1.' AND log_type=\'page\' AND action=\'edit\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';')) return 'MySQL error: '.mysql_error(); |
1826 if(!$q1 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id1 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: '.mysql_error(); |
1765 if(!$q2 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM '.table_prefix.'logs WHERE time_id='.$id2.' AND log_type=\'page\' AND action=\'edit\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';')) return 'MySQL error: '.mysql_error(); |
1827 if(!$q2 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id2 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: '.mysql_error(); |
1766 $row1 = $db->fetchrow($q1); |
1828 $row1 = $db->fetchrow($q1); |
1767 $db->free_result($q1); |
1829 $db->free_result($q1); |
1768 $row2 = $db->fetchrow($q2); |
1830 $row2 = $db->fetchrow($q2); |
1769 $db->free_result($q2); |
1831 $db->free_result($q2); |
1770 if(sizeof($row1) < 1 || sizeof($row2) < 2) return 'Couldn\'t find any rows that matched the query. The time ID probably doesn\'t exist in the logs table.'; |
1832 if(sizeof($row1) < 1 || sizeof($row2) < 2) return 'Couldn\'t find any rows that matched the query. The time ID probably doesn\'t exist in the logs table.'; |
1859 $return['target_type'] = $parms['target_type']; |
1921 $return['target_type'] = $parms['target_type']; |
1860 $return['target_id'] = $parms['target_id']; |
1922 $return['target_id'] = $parms['target_id']; |
1861 switch($parms['target_type']) |
1923 switch($parms['target_type']) |
1862 { |
1924 { |
1863 case ACL_TYPE_USER: |
1925 case ACL_TYPE_USER: |
1864 $q = $db->sql_query('SELECT a.rules,u.user_id FROM '.table_prefix.'users AS u |
1926 $q = $db->sql_query('SELECT a.rules,u.user_id FROM ' . table_prefix.'users AS u |
1865 LEFT JOIN '.table_prefix.'acl AS a |
1927 LEFT JOIN ' . table_prefix.'acl AS a |
1866 ON a.target_id=u.user_id |
1928 ON a.target_id=u.user_id |
1867 WHERE a.target_type='.ACL_TYPE_USER.' |
1929 WHERE a.target_type='.ACL_TYPE_USER.' |
1868 AND u.username=\''.$db->escape($parms['target_id']).'\' |
1930 AND u.username=\'' . $db->escape($parms['target_id']) . '\' |
1869 '.$page_where_clause.';'); |
1931 ' . $page_where_clause . ';'); |
1870 if(!$q) |
1932 if(!$q) |
1871 return(Array('mode'=>'error','error'=>mysql_error())); |
1933 return(Array('mode'=>'error','error'=>mysql_error())); |
1872 if($db->numrows() < 1) |
1934 if($db->numrows() < 1) |
1873 { |
1935 { |
1874 $return['type'] = 'new'; |
1936 $return['type'] = 'new'; |
1875 $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($parms['target_id']).'\';'); |
1937 $q = $db->sql_query('SELECT user_id FROM ' . table_prefix.'users WHERE username=\'' . $db->escape($parms['target_id']) . '\';'); |
1876 if(!$q) |
1938 if(!$q) |
1877 return(Array('mode'=>'error','error'=>mysql_error())); |
1939 return(Array('mode'=>'error','error'=>mysql_error())); |
1878 if($db->numrows() < 1) |
1940 if($db->numrows() < 1) |
1879 return Array('mode'=>'error','error'=>'The username you entered was not found.'); |
1941 return Array('mode'=>'error','error'=>'The username you entered was not found.'); |
1880 $row = $db->fetchrow(); |
1942 $row = $db->fetchrow(); |
1906 } |
1968 } |
1907 } |
1969 } |
1908 } |
1970 } |
1909 break; |
1971 break; |
1910 case ACL_TYPE_GROUP: |
1972 case ACL_TYPE_GROUP: |
1911 $q = $db->sql_query('SELECT a.rules,g.group_name,g.group_id FROM '.table_prefix.'groups AS g |
1973 $q = $db->sql_query('SELECT a.rules,g.group_name,g.group_id FROM ' . table_prefix.'groups AS g |
1912 LEFT JOIN '.table_prefix.'acl AS a |
1974 LEFT JOIN ' . table_prefix.'acl AS a |
1913 ON a.target_id=g.group_id |
1975 ON a.target_id=g.group_id |
1914 WHERE a.target_type='.ACL_TYPE_GROUP.' |
1976 WHERE a.target_type='.ACL_TYPE_GROUP.' |
1915 AND g.group_id=\''.intval($parms['target_id']).'\' |
1977 AND g.group_id=\''.intval($parms['target_id']).'\' |
1916 '.$page_where_clause.';'); |
1978 ' . $page_where_clause . ';'); |
1917 if(!$q) |
1979 if(!$q) |
1918 return(Array('mode'=>'error','error'=>mysql_error())); |
1980 return(Array('mode'=>'error','error'=>mysql_error())); |
1919 if($db->numrows() < 1) |
1981 if($db->numrows() < 1) |
1920 { |
1982 { |
1921 $return['type'] = 'new'; |
1983 $return['type'] = 'new'; |
1922 $q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups WHERE group_id=\''.intval($parms['target_id']).'\';'); |
1984 $q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups WHERE group_id=\''.intval($parms['target_id']).'\';'); |
1923 if(!$q) |
1985 if(!$q) |
1924 return(Array('mode'=>'error','error'=>mysql_error())); |
1986 return(Array('mode'=>'error','error'=>mysql_error())); |
1925 if($db->numrows() < 1) |
1987 if($db->numrows() < 1) |
1926 return Array('mode'=>'error','error'=>'The group ID you submitted is not valid.'); |
1988 return Array('mode'=>'error','error'=>'The group ID you submitted is not valid.'); |
1927 $row = $db->fetchrow(); |
1989 $row = $db->fetchrow(); |
1965 case 'save_edit': |
2027 case 'save_edit': |
1966 if ( defined('ENANO_DEMO_MODE') ) |
2028 if ( defined('ENANO_DEMO_MODE') ) |
1967 { |
2029 { |
1968 return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.'); |
2030 return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.'); |
1969 } |
2031 } |
1970 $q = $db->sql_query('DELETE FROM '.table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).' |
2032 $q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).' |
1971 '.$page_where_clause_lite.';'); |
2033 ' . $page_where_clause_lite . ';'); |
1972 if(!$q) |
2034 if(!$q) |
1973 return Array('mode'=>'error','error'=>mysql_error()); |
2035 return Array('mode'=>'error','error'=>mysql_error()); |
1974 $rules = $session->perm_to_string($parms['perms']); |
2036 $rules = $session->perm_to_string($parms['perms']); |
1975 if ( sizeof ( $rules ) < 1 ) |
2037 if ( sizeof ( $rules ) < 1 ) |
1976 { |
2038 { |
1977 return array( |
2039 return array( |
1978 'mode' => 'error', |
2040 'mode' => 'error', |
1979 'error' => 'Supplied rule list has a length of zero' |
2041 'error' => 'Supplied rule list has a length of zero' |
1980 ); |
2042 ); |
1981 } |
2043 } |
1982 $q = ($page_id && $namespace) ? 'INSERT INTO '.table_prefix.'acl ( target_type, target_id, page_id, namespace, rules ) |
2044 $q = ($page_id && $namespace) ? 'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, page_id, namespace, rules ) |
1983 VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \''.$db->escape($page_id).'\', \''.$db->escape($namespace).'\', \''.$db->escape($rules).'\' )' : |
2045 VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($page_id) . '\', \'' . $db->escape($namespace) . '\', \'' . $db->escape($rules) . '\' )' : |
1984 'INSERT INTO '.table_prefix.'acl ( target_type, target_id, rules ) |
2046 'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, rules ) |
1985 VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \''.$db->escape($rules).'\' )'; |
2047 VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($rules) . '\' )'; |
1986 if(!$db->sql_query($q)) return Array('mode'=>'error','error'=>mysql_error()); |
2048 if(!$db->sql_query($q)) return Array('mode'=>'error','error'=>mysql_error()); |
1987 return Array( |
2049 return Array( |
1988 'mode' => 'success', |
2050 'mode' => 'success', |
1989 'target_type' => $parms['target_type'], |
2051 'target_type' => $parms['target_type'], |
1990 'target_id' => $parms['target_id'], |
2052 'target_id' => $parms['target_id'], |