--- a/ajax.php Wed Jul 29 11:49:57 2009 -0400
+++ b/ajax.php Fri Jul 31 19:15:48 2009 -0400
@@ -163,6 +163,7 @@
$template->load_theme();
$return['toolbar_templates'] = $template->extract_vars('toolbar.tpl');
+ $return['edit_notice'] = $template->get_wiki_edit_notice();
echo enano_json_encode($return);
break;
--- a/includes/clientside/jsres.php Wed Jul 29 11:49:57 2009 -0400
+++ b/includes/clientside/jsres.php Fri Jul 31 19:15:48 2009 -0400
@@ -13,7 +13,7 @@
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
*/
-define('ENANO_JS_DEBUG', 1);
+// define('ENANO_JS_DEBUG', 1);
// if Enano's already loaded, we've been included from a helper script
if ( defined('ENANO_CONFIG_FETCHED') )
--- a/includes/clientside/static/editor.js Wed Jul 29 11:49:57 2009 -0400
+++ b/includes/clientside/static/editor.js Fri Jul 31 19:15:48 2009 -0400
@@ -419,10 +419,10 @@
tblholder.appendChild(metatable);
// Edit disclaimer/notice
- if ( editNotice ) // This is set globally in {JS_DYNAMIC_VARS}.
+ if ( response.edit_notice )
{
var en_div = document.createElement('div');
- en_div.innerHTML = editNotice;
+ en_div.innerHTML = response.edit_notice;
en_div.className = 'usermessage';
en_div.style.margin = '10px 0 0 0';
}
@@ -445,7 +445,7 @@
form.innerHTML += '<div style="margin: 10px 0 0 0;">' + toolbar + '</div>';
edcon.appendChild(form);
- if ( editNotice && !readonly )
+ if ( response.edit_notice && !readonly )
{
edcon.appendChild(en_div);
}
--- a/includes/clientside/static/login.js Wed Jul 29 11:49:57 2009 -0400
+++ b/includes/clientside/static/login.js Fri Jul 31 19:15:48 2009 -0400
@@ -512,7 +512,7 @@
var div = document.createElement('div');
div.id = 'ajax_login_form';
- var show_captcha = ( data.locked_out && data.lockout_info.lockout_policy == 'captcha' ) ? data.lockout_info.captcha : false;
+ var show_captcha = ( data.locked_out.locked_out && data.locked_out.lockout_policy == 'captcha' ) ? data.locked_out.captcha : false;
// text displayed on re-auth
if ( logindata.user_level > USER_LEVEL_MEMBER )
@@ -761,7 +761,7 @@
logindata.loggedin_username = data.username
// Are we locked out? If so simulate an error and disable the controls
- if ( data.lockout_info.lockout_policy == 'lockout' && data.locked_out )
+ if ( data.lockout_info.lockout_policy == 'lockout' && data.locked_out.locked_out )
{
f_username.setAttribute('disabled', 'disabled');
f_password.setAttribute('disabled', 'disabled');
--- a/includes/pageprocess.php Wed Jul 29 11:49:57 2009 -0400
+++ b/includes/pageprocess.php Fri Jul 31 19:15:48 2009 -0400
@@ -1122,52 +1122,6 @@
}
/**
- * Pushes to the redirect stack and resets the instance. This depends on the page ID and namespace already being validated and sanitized, and does not check the size of the redirect stack.
- * @param string Page ID to redirect to
- * @param string Namespace to redirect to
- * @access private
- */
-
- /*
- function _handle_redirect($page_id, $namespace)
- {
- global $db, $session, $paths, $template, $plugins; // Common objects
- global $lang;
- $arr_pid = array($this->page_id, $this->namespace);
- if ( $namespace == 'Special' || $namespace == 'Admin' )
- {
- return ;
- }
- $looped = false;
- foreach ( $this->redirect_stack as $page )
- {
- if ( $page[0] == $arr_pid[0] && $page[1] == $arr_pid[1] )
- {
- $looped = true;
- break;
- }
- }
- if ( $looped )
- {
- return ;
- }
- $page_id_key = $paths->nslist[ $namespace ] . sanitize_page_id($page_id);
- if ( !isPage($page_id_key) )
- {
- return $lang->get('page_err_redirect_to_nonexistent');
- }
- $this->redirect_stack[] = $arr_pid;
-
-
- // Nuke the text cache to avoid infinite loops, gah...
- $this->text_cache = '';
- $this->_setup($page_id, $namespace, 0);
- $this->send();
- return true;
- }
- */
-
- /**
* Send the error message to the user that the access to this page is denied.
* @access private
*/
--- a/includes/render.php Wed Jul 29 11:49:57 2009 -0400
+++ b/includes/render.php Fri Jul 31 19:15:48 2009 -0400
@@ -206,6 +206,9 @@
// Strip out embedded PHP
self::php_strip($text, $php_stripped);
+ // Convert newlines for the parser
+ $text = str_replace("\r\n", "\n", $text);
+
// Perform render through the engine
$carpenter = new Carpenter();
$carpenter->flags = $flags;
--- a/includes/sessions.php Wed Jul 29 11:49:57 2009 -0400
+++ b/includes/sessions.php Fri Jul 31 19:15:48 2009 -0400
@@ -656,6 +656,7 @@
return $this->login_compat($username, md5($password), $level);
}
+ // Lockout check
if ( !defined('IN_ENANO_INSTALL') )
{
$lockout_data = $this->get_lockout_info($lockout_data);
@@ -675,8 +676,6 @@
if ( $lockout_data['lockout_fails'] >= $lockout_data['lockout_threshold'] )
{
// ooh boy, somebody's in trouble ;-)
- $row = $db->fetchrow();
- $db->free_result();
return array(
'success' => false,
'error' => 'locked_out',
@@ -684,12 +683,11 @@
'lockout_duration' => ( $lockout_data['lockout_duration'] ),
'lockout_fails' => $lockout_data['lockout_fails'],
'lockout_policy' => $lockout_data['lockout_policy'],
- 'time_rem' => $lockout_data['lockout_time_rem'],
+ 'time_rem' => $lockout_data['time_rem'],
'lockout_last_time' => $lockout_data['lockout_last_time']
);
}
}
- $db->free_result();
}
// Instanciate the Rijndael encryption object
@@ -1023,11 +1021,13 @@
$locked_out = false;
$threshold = ( $_ = getConfig('lockout_threshold') ) ? intval($_) : 5;
$duration = ( $_ = getConfig('lockout_duration') ) ? intval($_) : 15;
- // convert to minutes
+ // convert to seconds
$duration = $duration * 60;
+ // decide on policy
$policy = ( $x = getConfig('lockout_policy') && in_array(getConfig('lockout_policy'), array('lockout', 'disable', 'captcha')) ) ? getConfig('lockout_policy') : 'lockout';
if ( $policy != 'disable' )
{
+ // enabled; make decision
$ipaddr = $db->escape($_SERVER['REMOTE_ADDR']);
$timestamp_cutoff = time() - $duration;
$q = $this->sql('SELECT timestamp FROM ' . table_prefix . 'lockout WHERE timestamp > ' . $timestamp_cutoff . ' AND ipaddr = \'' . $ipaddr . '\' ORDER BY timestamp DESC;');
@@ -1041,13 +1041,14 @@
'lockout_fails' => $fails,
'lockout_policy' => $policy,
'lockout_last_time' => $row['timestamp'],
- 'time_rem' => ( $duration / 60 ) - round( ( time() - $row['timestamp'] ) / 60 ),
+ 'time_rem' => $locked_out ? ( $duration / 60 ) - round( ( time() - $row['timestamp'] ) / 60 ) : 0,
'captcha' => ''
);
$db->free_result();
}
else
{
+ // disabled; send back default dataset
$lockdata = array(
'locked_out' => false,
'lockout_threshold' => $threshold,
@@ -4025,6 +4026,7 @@
*/
$code = $plugins->setHook('login_process_userdata_json', true);
+
foreach ( $code as $cmd )
{
$result = eval($cmd);
--- a/includes/template.php Wed Jul 29 11:49:57 2009 -0400
+++ b/includes/template.php Fri Jul 31 19:15:48 2009 -0400
@@ -1235,7 +1235,6 @@
var disable_redirect = ' . ( isset($_GET['redirect']) && $_GET['redirect'] == 'no' ? 'true' : 'false' ) . ';
var pref_disable_js_fx = ' . ( @$session->user_extra['disable_js_fx'] == 1 ? 'true' : 'false' ) . ';
var csrf_token = "' . $session->csrf_token . '";
- var editNotice = \'' . $this->get_wiki_edit_notice() . '\';
var prot = ' . ( ($protected) ? 'true' : 'false' ) .'; // No, hacking this var won\'t work, it\'s re-checked on the server
var ENANO_SPECIAL_CREATEPAGE = \''. makeUrl($paths->nslist['Special'].'CreatePage') .'\';
var ENANO_CREATEPAGE_PARAMS = \'_do=&pagename='. $this->page_id .'&namespace=' . $this->namespace . '\';
@@ -2631,11 +2630,7 @@
if ( getConfig('wiki_edit_notice', 0) != 1 )
return '';
- if ( $cached = $cache->fetch('wiki_edit_notice') )
- return $cached;
-
- $notice = str_replace("\n", "\\\n", addslashes(RenderMan::render(getConfig('wiki_edit_notice_text'))));
- $cache->store('wiki_edit_notice', $notice, 60);
+ $notice = RenderMan::render(getConfig('wiki_edit_notice_text'));
return $notice;
}
--- a/plugins/SpecialAdmin.php Wed Jul 29 11:49:57 2009 -0400
+++ b/plugins/SpecialAdmin.php Fri Jul 31 19:15:48 2009 -0400
@@ -2055,7 +2055,12 @@
if ( $session->auth_level < USER_LEVEL_ADMIN )
{
- redirect(makeUrlNS('Special', 'Login/'.$paths->page, 'level='.USER_LEVEL_ADMIN), 'Not authorized', 'You need an authorization level of '.USER_LEVEL_ADMIN.' to use this page, your auth level is: ' . $session->auth_level, 0);
+ $query_string = 'level=' . USER_LEVEL_ADMIN;
+ if ( !empty($_SERVER['QUERY_STRING']) )
+ {
+ $query_string .= '&' . trim(preg_replace('/(?:&|^)title=.+?(?:&|$)/', '&', $_SERVER['QUERY_STRING']), '&');
+ }
+ redirect(makeUrlNS('Special', 'Login/'.$paths->page, $query_string), 'Not authorized', 'You need an authorization level of '.USER_LEVEL_ADMIN.' to use this page, your auth level is: ' . $session->auth_level, 0);
exit;
}
else