includes/pageutils.php
changeset 158 ebf00a7d21db
parent 142 ca9118d9c0f2
child 166 d53cc29308f4
child 194 bf0fdec102e9
equal deleted inserted replaced
157:6df5f7a55a30 158:ebf00a7d21db
   652    */
   652    */
   653    
   653    
   654   function rollback($id)
   654   function rollback($id)
   655   {
   655   {
   656     global $db, $session, $paths, $template, $plugins; // Common objects
   656     global $db, $session, $paths, $template, $plugins; // Common objects
   657     if(!$session->get_permissions('history_rollback')) return('You are not authorized to perform rollbacks.');
   657     if ( !$session->get_permissions('history_rollback') )
   658     if(!preg_match('#^([0-9]+)$#', (string)$id)) return('The value "id" on the query string must be an integer.');
   658     {
       
   659       return('You are not authorized to perform rollbacks.');
       
   660     }
       
   661     if ( !preg_match('#^([0-9]+)$#', (string)$id) )
       
   662     {
       
   663       return('The value "id" on the query string must be an integer.');
       
   664     }
   659     $e = $db->sql_query('SELECT log_type,action,date_string,page_id,namespace,page_text,char_tag,author,edit_summary FROM '.table_prefix.'logs WHERE time_id='.$id.';');
   665     $e = $db->sql_query('SELECT log_type,action,date_string,page_id,namespace,page_text,char_tag,author,edit_summary FROM '.table_prefix.'logs WHERE time_id='.$id.';');
   660     if(!$e) $db->_die('The rollback data could not be selected.');
   666     if ( !$e )
       
   667     {
       
   668       $db->_die('The rollback data could not be selected.');
       
   669     }
   661     $rb = $db->fetchrow();
   670     $rb = $db->fetchrow();
   662     $db->free_result();
   671     $db->free_result();
   663     switch($rb['log_type']) {
   672     
       
   673     if ( $rb['log_type'] == 'page' && $rb['action'] != 'delete' )
       
   674     {
       
   675       $pagekey = $paths->nslist[$rb['namespace']] . $rb['page_id'];
       
   676       if ( !isset($paths->pages[$pagekey]) )
       
   677       {
       
   678         return "Page doesn't exist";
       
   679       }
       
   680       $pagedata =& $paths->pages[$pagekey];
       
   681       $protected = false;
       
   682       // Special case: is the page protected? if so, check for even_when_protected permissions
       
   683       if($pagedata['protected'] == 2)
       
   684       {
       
   685         // The page is semi-protected, determine permissions
       
   686         if($session->user_logged_in && $session->reg_time + 60*60*24*4 < time()) 
       
   687         {
       
   688           $protected = false;
       
   689         }
       
   690         else
       
   691         {
       
   692           $protected = true;
       
   693         }
       
   694       }
       
   695       else
       
   696       {
       
   697         $protected = ( $pagedata['protected'] == 1 );
       
   698       }
       
   699       
       
   700       $perms = $session->fetch_page_acl($rb['page_id'], $rb['namespace']);
       
   701       
       
   702       if ( $protected && !$perms->get_permissions('even_when_protected') )
       
   703       {
       
   704         return "Because this page is protected, you need moderator rights to roll back changes.";
       
   705       }
       
   706     }
       
   707     else
       
   708     {
       
   709       $perms =& $session;
       
   710     }
       
   711     
       
   712     switch($rb['log_type'])
       
   713     {
   664       case "page":
   714       case "page":
   665         switch($rb['action']) {
   715         switch($rb['action'])
       
   716         {
   666           case "edit":
   717           case "edit":
       
   718             if ( !$perms->get_permissions('edit_page') )
       
   719               return "You don't have permission to edit pages, so rolling back edits can't be allowed either.";
   667             $t = $db->escape($rb['page_text']);
   720             $t = $db->escape($rb['page_text']);
   668             $e = $db->sql_query('UPDATE '.table_prefix.'page_text SET page_text=\''.$t.'\',char_tag=\''.$rb['char_tag'].'\' WHERE page_id=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
   721             $e = $db->sql_query('UPDATE '.table_prefix.'page_text SET page_text=\''.$t.'\',char_tag=\''.$rb['char_tag'].'\' WHERE page_id=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
   669             if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
   722             if ( !$e )
   670             else return('The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the state it was in on '.$rb['date_string'].'.');
   723             {
       
   724               return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
       
   725             }
       
   726             else
       
   727             {
       
   728               return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the state it was in on '.$rb['date_string'].'.';
       
   729             }
   671             break;
   730             break;
   672           case "rename":
   731           case "rename":
       
   732             if ( !$perms->get_permissions('rename') )
       
   733               return "You don't have permission to rename pages, so rolling back renames can't be allowed either.";
   673             $t = $db->escape($rb['edit_summary']);
   734             $t = $db->escape($rb['edit_summary']);
   674             $e = $db->sql_query('UPDATE '.table_prefix.'pages SET name=\''.$t.'\' WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
   735             $e = $db->sql_query('UPDATE '.table_prefix.'pages SET name=\''.$t.'\' WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
   675             if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
   736             if ( !$e )
   676             else return('The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the name it had ("'.$rb['edit_summary'].'") before '.$rb['date_string'].'.');
   737             {
       
   738               return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
       
   739             }
       
   740             else
       
   741             {
       
   742               return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the name it had ("'.$rb['edit_summary'].'") before '.$rb['date_string'].'.';
       
   743             }
   677             break;
   744             break;
   678           case "prot":
   745           case "prot":
       
   746             if ( !$perms->get_permissions('protect') )
       
   747               return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
   679             $e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=0 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
   748             $e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=0 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
   680             if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
   749             if ( !$e )
   681             else return('The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at '.$rb['date_string'].'.');
   750               return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
       
   751             else
       
   752               return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at '.$rb['date_string'].'.';
   682             break;
   753             break;
   683           case "semiprot":
   754           case "semiprot":
       
   755             if ( !$perms->get_permissions('protect') )
       
   756               return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
   684             $e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=0 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
   757             $e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=0 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
   685             if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
   758             if ( !$e )
   686             else return('The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at '.$rb['date_string'].'.');
   759               return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
       
   760             else
       
   761               return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at '.$rb['date_string'].'.';
   687             break;
   762             break;
   688           case "unprot":
   763           case "unprot":
       
   764             if ( !$perms->get_permissions('protect') )
       
   765               return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
   689             $e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=1 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
   766             $e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=1 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
   690             if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
   767             if ( !$e )
   691             else return('The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been protected according to the log created at '.$rb['date_string'].'.');
   768               return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
       
   769             else
       
   770               return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been protected according to the log created at '.$rb['date_string'].'.';
   692             break;
   771             break;
   693           case "delete":
   772           case "delete":
   694             if(!$session->get_permissions('history_rollback_extra')) return('Administrative privileges are required for page undeletion.');
   773             if ( !$perms->get_permissions('history_rollback_extra') )
   695             if(isset($paths->pages[$paths->cpage['urlname']])) return('You cannot raise a dead page that is alive.');
   774               return 'Administrative privileges are required for page undeletion.';
       
   775             if ( isset($paths->pages[$paths->cpage['urlname']]) )
       
   776               return 'You cannot raise a dead page that is alive.';
   696             $name = str_replace('_', ' ', $rb['page_id']);
   777             $name = str_replace('_', ' ', $rb['page_id']);
   697             $e = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace) VALUES( \''.$name.'\', \''.$rb['page_id'].'\',\''.$rb['namespace'].'\' )');if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
   778             $e = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace) VALUES( \''.$name.'\', \''.$rb['page_id'].'\',\''.$rb['namespace'].'\' )');if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
   698             $e = $db->sql_query('SELECT page_text,char_tag FROM '.table_prefix.'logs WHERE page_id=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\' AND log_type=\'page\' AND action=\'edit\' ORDER BY time_id DESC;'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
   779             $e = $db->sql_query('SELECT page_text,char_tag FROM '.table_prefix.'logs WHERE page_id=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\' AND log_type=\'page\' AND action=\'edit\' ORDER BY time_id DESC;'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
   699             $r = $db->fetchrow();
   780             $r = $db->fetchrow();
   700             $e = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\''.$rb['page_id'].'\',\''.$rb['namespace'].'\',\''.$db->escape($r['page_text']).'\',\''.$r['char_tag'].'\')'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
   781             $e = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\''.$rb['page_id'].'\',\''.$rb['namespace'].'\',\''.$db->escape($r['page_text']).'\',\''.$r['char_tag'].'\')'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
   701             return('The page "'.$name.'" has been undeleted according to the log created at '.$rb['date_string'].'.');
   782             return 'The page "'.$name.'" has been undeleted according to the log created at '.$rb['date_string'].'.';
   702             break;
   783             break;
   703           case "reupload":
   784           case "reupload":
   704             if(!$session->get_permissions('history_rollbacks_extra')) return('Administrative privileges are required for file rollbacks.');
   785             if ( !$session->get_permissions('history_rollbacks_extra') )
       
   786             {
       
   787               return 'Administrative privileges are required for file rollbacks.';
       
   788             }
   705             $newtime = time();
   789             $newtime = time();
   706             $newdate = date('d M Y h:i a');
   790             $newdate = date('d M Y h:i a');
   707             if(!$db->sql_query('UPDATE '.table_prefix.'logs SET time_id='.$newtime.',date_string=\''.$newdate.'\' WHERE time_id='.$id)) return('Error during query: '.mysql_error());
   791             if(!$db->sql_query('UPDATE '.table_prefix.'logs SET time_id='.$newtime.',date_string=\''.$newdate.'\' WHERE time_id='.$id))
   708             if(!$db->sql_query('UPDATE '.table_prefix.'files SET time_id='.$newtime.' WHERE time_id='.$id)) return('Error during query: '.mysql_error());
   792               return 'Error during query: '.mysql_error();
   709             return('The file has been rolled back to the version uploaded on '.date('d M Y h:i a', (int)$id).'.');
   793             if(!$db->sql_query('UPDATE '.table_prefix.'files SET time_id='.$newtime.' WHERE time_id='.$id))
       
   794               return 'Error during query: '.mysql_error();
       
   795             return 'The file has been rolled back to the version uploaded on '.date('d M Y h:i a', (int)$id).'.';
   710             break;
   796             break;
   711           default:
   797           default:
   712             return('Rollback of the action "'.$rb['action'].'" is not yet supported.');
   798             return('Rollback of the action "'.$rb['action'].'" is not yet supported.');
   713             break;
   799             break;
   714         }
   800         }