Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
authorDan
Wed, 25 Jul 2007 18:06:34 -0400
changeset 74 68469a95658d
parent 73 0a74676a2f2f
child 75 1f85c1c609fd
Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-)
includes/clientside/static/acl.js
includes/clientside/static/comments.js
includes/clientside/static/flyin.js
includes/clientside/static/misc.js
includes/comment.php
includes/functions.php
includes/paths.php
plugins/SpecialAdmin.php
plugins/SpecialUserPrefs.php
themes/oxygen/header.tpl
upgrade.php
--- a/includes/clientside/static/acl.js	Sat Jul 21 18:12:10 2007 -0400
+++ b/includes/clientside/static/acl.js	Wed Jul 25 18:06:34 2007 -0400
@@ -316,7 +316,7 @@
               act_desc = ( data.type == 'new' ) ? 'Create access rule' : 'Editing permissions';
               target_type_t = ( data.target_type == 1 ) ? 'group' : 'user';
               target_name_t = data.target_name;
-              var scope_type = ( data.page_id == false && data.namespace == false ) ? 'this entire site' : 'this page';
+              var scope_type = ( data.page_id == false && data.namespace == false ) ? 'this entire site' : ( data.namespace == '__PageGroup' ) ? 'this group of pages' : 'this page';
               html = '<h2>'+act_desc+'</h2><p>This panel allows you to edit what the '+target_type_t+' "<b>'+target_name_t+'</b>" can do on <b>' + scope_type + '</b>. Unless you set a permission to "Deny", these permissions may be overridden by other rules.</p>';
               parser = new templateParser(data.template.acl_field_begin);
               html += parser.run();
@@ -390,7 +390,7 @@
             b.appendChild(document.createTextNode('Permissions updated'));
             note.appendChild(b);
             note.appendChild(document.createElement('br'));
-            note.appendChild(document.createTextNode('The permissions for '+data.target_name+' on this page have been updated successfully.'));
+            note.appendChild(document.createTextNode('The permissions for '+data.target_name+' on this page have been updated successfully. If you changed permissions that affect your user account, you may not see changes until you reload the page.'));
             note.appendChild(document.createElement('br'));
             var a = document.createElement('a');
             a.href = 'javascript:void(0);';
--- a/includes/clientside/static/comments.js	Sat Jul 21 18:12:10 2007 -0400
+++ b/includes/clientside/static/comments.js	Wed Jul 25 18:06:34 2007 -0400
@@ -166,7 +166,10 @@
     }
   }
   
-  // Posting form
+  if ( data.auth_post_comments )
+  {
+    
+    // Posting form
   
     html += '<h3>Got something to say?</h3>';
     html += '<p>If you have comments or suggestions on this article, you can shout it out here.';
@@ -193,6 +196,8 @@
     html += '  </table>';
     html += '</div>';
     
+  }
+    
   document.getElementById('ajaxEditContainer').innerHTML = html;
   
   for ( i = 0; i < data.comments.length; i++ )
--- a/includes/clientside/static/flyin.js	Sat Jul 21 18:12:10 2007 -0400
+++ b/includes/clientside/static/flyin.js	Wed Jul 25 18:06:34 2007 -0400
@@ -137,7 +137,11 @@
   {
     topc = GlideEffect.easeInOut(i, topi, diff_top, frames);
     leftc = GlideEffect.easeInOut(i, lefti, diff_left, frames);
-    setTimeout('var o = fly_in_cache['+rand_seed+']; o.style.top=\''+topc+'px\'; o.style.left=\''+leftc+'px\';', timeout);
+    var code = 'var o = fly_in_cache['+rand_seed+']; o.style.top=\''+topc+'px\';';
+    if ( !height_taken_care_of )
+      code += ' o.style.left=\''+leftc+'px\'';
+    code += ';';
+    setTimeout(code, timeout);
     timeout += timerstep;
     
     var ratio = i / frames;
--- a/includes/clientside/static/misc.js	Sat Jul 21 18:12:10 2007 -0400
+++ b/includes/clientside/static/misc.js	Wed Jul 25 18:06:34 2007 -0400
@@ -18,8 +18,17 @@
 
 function findParentForm(o)
 {
-  // Not implemented - someone please let me know how to do this, what I need to do is
-  // find the first parent <form> tag above param 'o', not sure how to do it with DOM
+  if ( o.tagName == 'FORM' )
+    return o;
+  while(true)
+  {
+    o = o.parentNode;
+    if ( !o )
+      return false;
+    if ( o.tagName == 'FORM' )
+      return o;
+  }
+  return false;
 }
 
 function ajaxReverseDNS(o, text)
@@ -565,6 +574,8 @@
   div.innerHTML = 'Go to page:<br /><input type="text" size="2" style="padding: 1px; font-size: 8pt;" value="'+(parseInt(this_page)+1)+'" id="'+vtmp+'" />&emsp;<a href="#" onclick="paginator_submit(this, '+num_pages+', '+perpage+', unescape(\'' + escape(url_string) + '\')); return false;" style="font-size: 14pt; text-decoration: none;">&raquo;</a>&emsp;<a href="#" onclick="fly_out_top(this.parentNode, false, true); return false;" style="font-size: 14pt; text-decoration: none;">&times;</a>';
   
   var body = document.getElementsByTagName('body')[0];
+  domObjChangeOpac(0, div);
+  
   body.appendChild(div);
   
   document.getElementById(vtmp).onkeypress = function(e){if(e.keyCode==13)this.nextSibling.nextSibling.onclick();};
@@ -576,6 +587,7 @@
   var from = '#33FF33';
   Fat.fade_element(div.id,30,2000,from,Fat.get_bgcolor(div.id));
   */
+  
   fly_in_bottom(div, false, true);
   
   var divh = $(div).Width();
@@ -598,3 +610,30 @@
   window.location = url;
 }
 
+/**
+ * Insert a DOM object _after_ the specified child.
+ * @param object Parent node
+ * @param object Node to insert
+ * @param object Node to insert after
+ */
+
+function insertAfter(parent, baby, bigsister)
+{
+  try
+  {
+    if ( parent.childNodes[parent.childNodes.length-1] == bigsister )
+      parent.appendChild(baby);
+    else
+      parent.insertBefore(baby, bigsister.nextSibling);
+  }
+  catch(e)
+  {
+    alert(e.toString());
+    if ( window.console )
+    {
+      // Firebug support
+      window.console.warn(e);
+    }
+  }
+}
+
--- a/includes/comment.php	Sat Jul 21 18:12:10 2007 -0400
+++ b/includes/comment.php	Wed Jul 25 18:06:34 2007 -0400
@@ -233,7 +233,7 @@
         // Authorization
         // Like the rest of the ACL system, this call is a one-stop check for ALL ACL entries.
         if ( !$this->perms->get_permissions('post_comments') )
-          $errors[] = 'An ACL entry is preventing the comment from being posted.';
+          $errors[] = 'The site security policy prevents your user account from posting comments;';
         
         // Guest authorization
         if ( getConfig('comments_need_login') == '2' && !$session->user_logged_in )
--- a/includes/functions.php	Sat Jul 21 18:12:10 2007 -0400
+++ b/includes/functions.php	Wed Jul 25 18:06:34 2007 -0400
@@ -1963,7 +1963,7 @@
       {
         if ( isset($callers[$j]) )
         {
-          $tmp = ( is_callable($callers[$j]) ) ? @call_user_func($callers[$j], $val, $row) : $v;
+          $tmp = ( is_callable($callers[$j]) ) ? @call_user_func($callers[$j], $val, $row) : $val;
           
           if ( $tmp )
           {
--- a/includes/paths.php	Sat Jul 21 18:12:10 2007 -0400
+++ b/includes/paths.php	Wed Jul 25 18:06:34 2007 -0400
@@ -853,6 +853,8 @@
       $group_list[] = $row['pg_id'];
     }
     
+    $db->free_result();
+    
     // Static-page groups
     $q = $db->sql_query('SELECT g.pg_id FROM '.table_prefix.'page_groups AS g
                            LEFT JOIN '.table_prefix.'page_group_members AS m
--- a/plugins/SpecialAdmin.php	Sat Jul 21 18:12:10 2007 -0400
+++ b/plugins/SpecialAdmin.php	Wed Jul 25 18:06:34 2007 -0400
@@ -39,6 +39,9 @@
       ));
   ');
 
+// Admin pages that were too enormous to be in this file were split off into the plugins/admin/ directory in 1.0.1
+require(ENANO_ROOT . '/plugins/admin/PageGroups.php');
+
 // function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace>
 
 function page_Admin_Home() {
@@ -138,6 +141,7 @@
         case "sql_inject": echo 'SQL injection attempt<div style="max-width: 90%; clip: rect(0px,auto,auto,0px); overflow: auto; display: block; font-size: smaller;">Offending query: ' . htmlspecialchars($r['page_text']) . '</div>'; break;
         case "db_backup": echo 'Database backup created<br /><small>Tables: ' . $r['page_text'] . '</small>'; break;
         case "install_enano": echo "Installed Enano version {$r['page_text']}"; break;
+        case "upgrade_enano": echo "Upgraded Enano to version {$r['page_text']}"; break;
       }
       echo '</td><td class="'.$cls.'">'.date('d M Y h:i a', $r['time_id']).'</td><td class="'.$cls.'">'.$r['author'].'</td><td class="'.$cls.'" style="cursor: pointer;" onclick="ajaxReverseDNS(this);" title="Click for reverse DNS info">'.$r['edit_summary'].'</td></tr>';
     }
@@ -1710,487 +1714,6 @@
   }
 }
 
-function page_Admin_PageGroups()
-{
-  global $db, $session, $paths, $template, $plugins; // Common objects
-  if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
-  {
-    echo '<h3>Error: Not authenticated</h3><p>It looks like your administration session is invalid or you are not authorized to access this administration page. Please <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true) . '">re-authenticate</a> to continue.</p>';
-    return;
-  }
-  
-  if ( isset($_POST['action']) )
-  {
-    if ( isset($_POST['action']['create']) || isset($_POST['action']['create_stage2']) )
-    {
-      switch ( isset($_POST['action']['create_stage2']) )
-      {
-        case true:
-          if ( empty($_POST['pg_name']) || empty($_POST['group_type']) )
-          {
-            echo '<div class="error-box">Please enter a name for the page group.</div>';
-            return;
-          }
-          if ( $_POST['group_type'] == PAGE_GRP_TAGGED && empty($_POST['member_tag']) )
-          {
-            echo '<div class="error-box">Please enter a page tag.</div>';
-            return;
-          }
-          if ( $_POST['group_type'] == PAGE_GRP_CATLINK && empty($_POST['member_cat']) )
-          {
-            echo '<div class="error-box">Please create a category page before linking a page group to a category.</div>';
-            return;
-          }
-          if ( $_POST['group_type'] == PAGE_GRP_NORMAL && empty($_POST['member_page_0']) )
-          {
-            echo '<div class="error-box">Please specify at least one page to place in this group.</div>';
-            return;
-          }
-          if ( $_POST['group_type'] != PAGE_GRP_TAGGED && $_POST['group_type'] != PAGE_GRP_CATLINK && $_POST['group_type'] != PAGE_GRP_NORMAL )
-          {
-            echo '<div class="error-box">Umm, you sent an invalid group type. I\'d put a real error message here but this will only be shown if you try to hack the system.</div>';
-            return;
-          }
-          // All checks passed, create the group
-          switch($_POST['group_type'])
-          {
-            case PAGE_GRP_TAGGED:
-              $name = $db->escape($_POST['pg_name']);
-              $tag  = $db->escape($_POST['member_tag']);
-              $sql = 'INSERT INTO '.table_prefix.'page_groups(pg_type,pg_name,pg_target) VALUES(' . PAGE_GRP_TAGGED . ', \'' . $name . '\', \'' . $tag . '\');';
-              $q = $db->sql_query($sql);
-              if ( !$q )
-                $db->_die();
-              break;
-            case PAGE_GRP_CATLINK:
-              $name = $db->escape($_POST['pg_name']);
-              $cat  = $db->escape($_POST['member_cat']);
-              $sql = 'INSERT INTO '.table_prefix.'page_groups(pg_type,pg_name,pg_target) VALUES(' . PAGE_GRP_CATLINK . ', \'' . $name . '\', \'' . $cat . '\');';
-              $q = $db->sql_query($sql);
-              if ( !$q )
-                $db->_die();
-              break;
-            case PAGE_GRP_NORMAL:
-              $name = $db->escape($_POST['pg_name']);
-              $sql = 'INSERT INTO '.table_prefix.'page_groups(pg_type,pg_name) VALUES(' . PAGE_GRP_NORMAL . ', \'' . $name . '\');';
-              $q = $db->sql_query($sql);
-              if ( !$q )
-                $db->_die();
-              
-              $ins_id = $db->insert_id();
-              
-              // Page list
-              $keys = array_keys($_POST);
-              $arr_pages = array();
-              foreach ( $keys as $val )
-              {
-                if ( preg_match('/^member_page_([0-9]+?)$/', $val) && !empty($_POST[$val]) )
-                {
-                  $arr_pages[] = $_POST[$val];
-                }
-              }
-              $arr_sql = array();
-              foreach ( $arr_pages as $page )
-              {
-                list($id, $ns) = RenderMan::strToPageID($page);
-                $id = sanitize_page_id($id);
-                $arr_sql[] = '(' . $ins_id . ',\'' . $db->escape($id) . '\', \'' . $ns . '\')';
-              }
-              $sql = 'INSERT INTO '.table_prefix.'page_group_members(pg_id,page_id,namespace) VALUES' . implode(',', $arr_sql) . ';';
-              $q = $db->sql_query($sql);
-              if ( !$q )
-                $db->_die();
-              break;
-          }
-          echo '<div class="info-box">The page group "' . htmlspecialchars($_POST['pg_name']) . '" has been created.</div>';
-          break;
-      }
-      // A little Javascript magic
-      ?>
-      <script language="javascript" type="text/javascript">
-        function pg_create_typeset(selector)
-        {
-          var pg_normal  = <?php echo PAGE_GRP_NORMAL; ?>;
-          var pg_tagged  = <?php echo PAGE_GRP_TAGGED; ?>;
-          var pg_catlink = <?php echo PAGE_GRP_CATLINK; ?>;
-          var selection = false;
-          // Get selection
-          for ( var i = 0; i < selector.childNodes.length; i++ )
-          {
-            var child = selector.childNodes[i];
-            if ( !child || child.tagName != 'OPTION' )
-            {
-              continue;
-            }
-            if ( child.selected )
-            {
-              selection = child.value;
-            }
-          }
-          if ( !selection )
-          {
-            alert('Cannot get field value');
-            return true;
-          }
-          selection = parseInt(selection);
-          if ( selection != pg_normal && selection != pg_tagged && selection != pg_catlink )
-          {
-            alert('Invalid field value');
-            return true;
-          }
-          
-          // We have the selection and it's validated; show the appropriate field group
-          
-          if ( selection == pg_normal )
-          {
-            document.getElementById('pg_create_title_catlink').style.display = 'none';
-            document.getElementById('pg_create_catlink_1').style.display = 'none';
-            document.getElementById('pg_create_catlink_2').style.display = 'none';
-            
-            document.getElementById('pg_create_title_tagged').style.display = 'none';
-            document.getElementById('pg_create_tagged_1').style.display = 'none';
-            document.getElementById('pg_create_tagged_2').style.display = 'none';
-            
-            document.getElementById('pg_create_title_normal').style.display = 'inline';
-            document.getElementById('pg_create_normal_1').style.display = 'block';
-            document.getElementById('pg_create_normal_2').style.display = 'block';
-          }
-          else if ( selection == pg_catlink )
-          {
-            document.getElementById('pg_create_title_catlink').style.display = 'inline';
-            document.getElementById('pg_create_catlink_1').style.display = 'block';
-            document.getElementById('pg_create_catlink_2').style.display = 'block';
-            
-            document.getElementById('pg_create_title_tagged').style.display = 'none';
-            document.getElementById('pg_create_tagged_1').style.display = 'none';
-            document.getElementById('pg_create_tagged_2').style.display = 'none';
-            
-            document.getElementById('pg_create_title_normal').style.display = 'none';
-            document.getElementById('pg_create_normal_1').style.display = 'none';
-            document.getElementById('pg_create_normal_2').style.display = 'none';
-          }
-          else if ( selection == pg_tagged )
-          {
-            document.getElementById('pg_create_title_catlink').style.display = 'none';
-            document.getElementById('pg_create_catlink_1').style.display = 'none';
-            document.getElementById('pg_create_catlink_2').style.display = 'none';
-            
-            document.getElementById('pg_create_title_tagged').style.display = 'inline';
-            document.getElementById('pg_create_tagged_1').style.display = 'block';
-            document.getElementById('pg_create_tagged_2').style.display = 'block';
-            
-            document.getElementById('pg_create_title_normal').style.display = 'none';
-            document.getElementById('pg_create_normal_1').style.display = 'none';
-            document.getElementById('pg_create_normal_2').style.display = 'none';
-          }
-        
-        }
-        
-        // Set to pg_normal on page load
-        var pg_createform_init = function()
-        {
-          document.getElementById('pg_create_title_catlink').style.display = 'none';
-          document.getElementById('pg_create_catlink_1').style.display = 'none';
-          document.getElementById('pg_create_catlink_2').style.display = 'none';
-          
-          document.getElementById('pg_create_title_tagged').style.display = 'none';
-          document.getElementById('pg_create_tagged_1').style.display = 'none';
-          document.getElementById('pg_create_tagged_2').style.display = 'none';
-          
-          document.getElementById('pg_create_title_normal').style.display = 'inline';
-          document.getElementById('pg_create_normal_1').style.display = 'block';
-          document.getElementById('pg_create_normal_2').style.display = 'block';
-        }
-        
-        addOnloadHook(pg_createform_init);
-        
-        function pg_create_more_fields()
-        {
-          var targettd = document.getElementById('pg_create_normal_2');
-          var id = 0;
-          for ( var i = 0; i < targettd.childNodes.length; i++ )
-          {
-            var child = targettd.childNodes[i];
-            if ( child.tagName == 'INPUT' )
-            {
-              if ( child.type == 'button' )
-              {
-                var newInp = document.createElement('input');
-                // <input type="text" name="member_page_1" id="pg_create_member_1" onkeyup="return ajaxPageNameComplete(this);" size="30" /><br />
-                newInp.type    = 'text';
-                newInp.name    = 'member_page_' + id;
-                newInp.id      = 'pg_create_member_' + id;
-                newInp.onkeyup = function(e) { return ajaxPageNameComplete(this); };
-                newInp.size    = '30';
-                newInp.style.marginTop = '3px';
-                targettd.insertBefore(newInp, child);
-                targettd.insertBefore(document.createElement('br'), child);
-                break;
-              }
-              else // if ( child.type == 'text' )
-              {
-                id++;
-              }
-            }
-          }
-        }
-        
-      </script>
-      <?php
-      
-      // Build category list
-      $q = $db->sql_query('SELECT name,urlname FROM '.table_prefix.'pages WHERE namespace=\'Category\';');
-      if ( !$q )
-        $db->_die();
-      
-      if ( $db->numrows() < 1 )
-      {
-        $catlist = 'There aren\'t any categories on this site.';
-      }
-      else
-      {
-        $catlist = '<select name="member_cat">';
-        while ( $row = $db->fetchrow() )
-        {
-          $catlist .= '<option value="' . htmlspecialchars($row['urlname']) . '">' . htmlspecialchars($row['name']) . '</option>';
-        }
-        $catlist .= '</select>';
-      }
-      
-      echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
-      
-      echo '<div class="tblholder">
-            <table border="0" cellspacing="1" cellpadding="4">
-              <tr>
-              <th colspan="2">Create page group</th>
-              </tr>';
-      
-      // Name
-      echo '<tr>
-              <td class="row2">
-              Group name:<br />
-              <small>This should be short, descriptive, and human-readable.</small>
-              </td>
-              <td class="row1">
-              <input type="text" name="pg_name" size="30" />
-              </td>
-            </tr>';
-            
-      // Group type
-      echo '<tr>
-              <td class="row2">
-              Group type:
-              </td>
-              <td class="row1">
-              <select name="group_type" onchange="pg_create_typeset(this);">
-                <option value="' . PAGE_GRP_NORMAL  . '" selected="selected">Static group of pages</option>
-                <option value="' . PAGE_GRP_TAGGED  . '">Group of pages with one tag</option>
-                <option value="' . PAGE_GRP_CATLINK . '">Link to category</option>
-              </select>
-              </td>
-            </tr>';
-            
-      // Titles
-      echo '<tr>
-              <th colspan="2">
-                <span id="pg_create_title_normal">
-                  Static group of pages
-                </span>
-                <span id="pg_create_title_tagged">
-                  Group of commonly tagged pages
-                </span>
-                <span id="pg_create_title_catlink">
-                  Mirror a category
-                </span>
-              </th>
-            </tr>';
-      
-      echo '<tr>
-              <td class="row2">
-                <div id="pg_create_normal_1">
-                  Member pages:<br />
-                  <small>Click the "plus" button to add more fields.</small>
-                </div>
-                <div id="pg_create_catlink_1">
-                  Include pages in this category:<br />
-                  <small>Pages in subcategories are <u>not</u> included, however subcategory pages themselves are.</small>
-                </div>
-                <div id="pg_create_tagged_1">
-                  Include pages with this tag:
-                </div>
-              </td>';
-            
-      echo '  <td class="row1">
-                <div id="pg_create_normal_2" />
-                  <input type="text" style="margin-top: 3px;" name="member_page_0" id="pg_create_member_0" onkeyup="return ajaxPageNameComplete(this);" size="30" /><br />
-                  <input type="text" style="margin-top: 3px;" name="member_page_1" id="pg_create_member_1" onkeyup="return ajaxPageNameComplete(this);" size="30" /><br />
-                  <input type="text" style="margin-top: 3px;" name="member_page_2" id="pg_create_member_2" onkeyup="return ajaxPageNameComplete(this);" size="30" /><br />
-                  <input type="text" style="margin-top: 3px;" name="member_page_3" id="pg_create_member_3" onkeyup="return ajaxPageNameComplete(this);" size="30" /><br />
-                  <input type="text" style="margin-top: 3px;" name="member_page_4" id="pg_create_member_4" onkeyup="return ajaxPageNameComplete(this);" size="30" /><br />
-                  <input type="button" onclick="pg_create_more_fields(); return false;" style="margin-top: 5px;" value="&nbsp;&nbsp;+&nbsp;&nbsp;" />
-                </div>
-                <div id="pg_create_tagged_2">
-                  <input type="text" name="member_tag" size="30" />
-                </div>
-                <div id="pg_create_catlink_2">
-                  ' . $catlist . '
-                </div>
-              </td>
-            </tr>';
-            
-      // Submit button
-      echo '<tr>
-              <th class="subhead" colspan="2"><input type="submit" name="action[create_stage2]" value="Create page group" style="font-weight: bold;" /> <input type="submit" name="action[noop]" value="Cancel" style="font-weight: normal;" /></th>
-            </tr>';
-            
-      echo '</table>
-            </div>';
-      
-      echo '</form>';
-      return;
-    }
-    else if ( isset($_POST['action']['del']) )
-    {
-      // Confirmation to delete a group (this is really only a stub)
-      
-      $delete_id = array_keys($_POST['action']['del']);
-      $delete_id = intval($delete_id[0]);
-      
-      if ( !empty($delete_id) )
-      {
-        echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
-        echo '<input type="hidden" name="delete_id" value="' . $delete_id . '" />';
-        echo '<div class="tblholder">';
-        echo '  <table border="0" cellspacing="1" cellpadding="4">';
-        echo '    <tr><th>Confirm deletion</th></tr>';
-        echo '    <tr><td class="row2" style="text-align: center; padding: 20px 0;">Are you sure you want to delete this page group?</td></tr>';
-        echo '    <tr><td class="row1" style="text-align: center;">';
-        echo '        <input type="submit" name="action[del_confirm]" value="Yes, delete group" style="font-weight: bold;" />';
-        echo '        <input type="submit" name="action[noop]" value="Cancel" style="font-weight: normal;" />';
-        echo '        </td></tr>';
-        echo '  </table>';
-        echo '</form>';
-        
-        return;
-      }
-    }
-    else if ( isset($_POST['action']['del_confirm']) )
-    {
-      $delete_id = intval($_POST['delete_id']);
-      if ( empty($delete_id) )
-      {
-        echo 'Hack attempt';
-        return;
-      }
-      // Obtain group name
-      $q = $db->sql_query('SELECT pg_name FROM '.table_prefix.'page_groups WHERE pg_id=' . $delete_id . ';');
-      if ( !$q )
-        $db->_die();
-      if ( $db->numrows() < 1 )
-      {
-        echo 'Page group dun exist.';
-        return;
-      }
-      $row = $db->fetchrow();
-      $pg_name = $row['pg_name'];
-      unset($row);
-      // Delete the group
-      $q = $db->sql_query('DELETE FROM '.table_prefix.'page_groups WHERE pg_id=' . $delete_id . ';');
-      if ( !$q )
-        $db->_die();
-      $q = $db->sql_query('DELETE FROM '.table_prefix.'page_group_members WHERE pg_id=' . $delete_id . ';');
-      if ( !$q )
-        $db->_die();
-      echo "<div class='info-box'>The group ".'"'."$pg_name".'"'." has been deleted.</div>";
-    }
-    else if ( isset($_POST['action']['edit']) )
-    {
-      return;
-    }
-    else if ( isset($_POST['action']['noop']) )
-    {
-      // Do nothing
-    }
-    else
-    {
-      echo '<div class="error-box">Invalid format of $_POST[action].</div>';
-    }
-  }
-  // No action defined - show default menu
-  $q = $db->sql_query('SELECT pg_id, pg_type, pg_name, pg_target FROM '.table_prefix.'page_groups;');
-  if ( !$q )
-    $db->_die();
-
-  echo '<form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;" enctype="multipart/form-data">';
-  
-  echo '<div class="tblholder">
-          <table border="0" cellspacing="1" cellpadding="4">
-            <tr>
-              <th>Group name</th>
-              <th>Type</th>
-              <th>Target</th>
-              <th colspan="2">Actions</th>
-            </tr>';
-  
-  if ( $row = $db->fetchrow() )
-  {
-    do
-    {
-      $name = htmlspecialchars($row['pg_name']);
-      $type = 'Invalid';
-      switch ( $row['pg_type'] )
-      {
-        case PAGE_GRP_CATLINK:
-          $type = 'Link to category';
-          break;
-        case PAGE_GRP_TAGGED:
-          $type = 'Set of tagged pages';
-          break;
-        case PAGE_GRP_NORMAL:
-          $type = 'Static set of pages';
-          break;
-      }
-      $target = '';
-      if ( $row['pg_type'] == PAGE_GRP_TAGGED )
-      {
-        $target = 'Tag: ' . htmlspecialchars($row['pg_target']);
-      }
-      else if ( $row['pg_type'] == PAGE_GRP_CATLINK )
-      {
-        $target = 'Category: ' . htmlspecialchars(get_page_title($paths->nslist['Category'] . sanitize_page_id($row['pg_target'])));
-      }
-      $btn_edit = '<input type="submit" name="action[edit][' . $row['pg_id'] . ']" value="Edit" />';
-      $btn_del = '<input type="submit" name="action[del][' . $row['pg_id'] . ']" value="Delete" />';
-      // stupid jEdit bug/hack
-      $quot = '"';
-      echo "<tr>
-              <td class={$quot}row1{$quot}>$name</td>
-              <td class={$quot}row2{$quot}>$type</td>
-              <td class={$quot}row1{$quot}>$target</td>
-              <td class={$quot}row3{$quot} style={$quot}text-align: center;{$quot}>$btn_edit</td>
-              <td class={$quot}row3{$quot} style={$quot}text-align: center;{$quot}>$btn_del</td>
-            </tr>";
-    }
-    while ( $row = $db->fetchrow() );
-  }
-  else
-  {
-    echo '  <tr><td class="row3" colspan="5" style="text-align: center;">No page groups defined.</td></tr>';
-  }
-  
-  echo '    <tr>
-              <th class="subhead" colspan="5">
-                <input type="submit" name="action[create]" value="Create new group" />
-              </th>
-            </tr>';
-  
-  echo '  </table>
-        </div>';
-        
-  echo '</form>';          
-    
-}
-
 function page_Admin_ThemeManager() 
 {
   
--- a/plugins/SpecialUserPrefs.php	Sat Jul 21 18:12:10 2007 -0400
+++ b/plugins/SpecialUserPrefs.php	Wed Jul 25 18:06:34 2007 -0400
@@ -399,7 +399,7 @@
         echo '<div class="info-box" style="margin: 0 0 10px 0;">Your signature has been saved.</div>';
       }
       echo '<form action="'.makeUrl($paths->fullpage).'" method="post">';
-      echo $template->tinymce_textarea('new_sig', $session->signature);
+      echo $template->tinymce_textarea('new_sig', htmlspecialchars($session->signature));
       echo '<input type="submit" value="Save signature" />';
       echo '</form>';
       break;
--- a/themes/oxygen/header.tpl	Sat Jul 21 18:12:10 2007 -0400
+++ b/themes/oxygen/header.tpl	Wed Jul 25 18:06:34 2007 -0400
@@ -22,7 +22,7 @@
         {
           elem.style.display = 'block';
           counter.style.display = 'none';
-          elem.parentNode.style.width = '156px';
+          elem.parentNode.style.width = '';
           if ( !KILL_SWITCH )
           {
             createCookie(side+'_sidebar', 'open', 365);
--- a/upgrade.php	Sat Jul 21 18:12:10 2007 -0400
+++ b/upgrade.php	Wed Jul 25 18:06:34 2007 -0400
@@ -705,6 +705,9 @@
         }
       }
       
+      // Log the upgrade
+      $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES(\'security\', \'upgrade_enano\', ' . time() . ', \'' . date('d M Y h:i a') . '\', \'' . mysql_real_escape_string($session->username) . '\', \'' . mysql_real_escape_string($this_version) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\');');
+      
       echo 'done!</p>';
       echo '<p>You will be redirected shortly. If you aren\'t redirected, <a href="index.php">click here</a>.</p>
             <script type="text/javascript">setTimeout("window.location=\'index.php\'", 2000)</script>';