Corrected licensing issue on YoungPup's DOM-Drag (it is now public domain -> GPLv2+ for Enano); fixed wrongful access denial under specific circumstances (fetch_page_acl() on nonexistent page + wiki mode)
--- a/includes/clientside/static/windows.js Wed Dec 19 17:15:48 2007 -0500
+++ b/includes/clientside/static/windows.js Sun Dec 23 17:58:21 2007 -0500
@@ -234,6 +234,10 @@
* dom-drag.js
* 09.25.2001
* www.youngpup.net
+ * The original version of this code is in the
+ * public domain. We have relicensed this modified
+ * version under the GPL version 2 or later for
+ * Enano.
**************************************************/
var Drag = {
--- a/includes/sessions.php Wed Dec 19 17:15:48 2007 -0500
+++ b/includes/sessions.php Sun Dec 23 17:58:21 2007 -0500
@@ -2707,6 +2707,13 @@
var $acl_defaults_used = Array();
/**
+ * Tracks whether Wiki Mode is on for the page we're operating on.
+ * @var bool
+ */
+
+ var $wiki_mode = false;
+
+ /**
* Constructor.
* @param string $page_id The ID of the page to check
* @param string $namespace The namespace of the page to check.
@@ -2763,6 +2770,36 @@
$this->page_id = $page_id;
$this->namespace = $namespace;
+
+ $pathskey = $paths->nslist[$this->namespace].$this->page_id;
+ $ppwm = 2;
+ if ( isset($paths->pages[$pathskey]) )
+ {
+ if ( isset($paths->pages[$pathskey]['wiki_mode']) )
+ $ppwm = $paths->pages[$pathskey]['wiki_mode'];
+ }
+ if ( $ppwm == 1 && ( $session->user_logged_in || getConfig('wiki_mode_require_login') != '1' ) )
+ $this->wiki_mode = true;
+ else if ( $ppwm == 1 && !$session->user_logged_in && getConfig('wiki_mode_require_login') == '1' )
+ $this->wiki_mode = true;
+ else if ( $ppwm == 0 )
+ $this->wiki_mode = false;
+ else if ( $ppwm == 2 )
+ {
+ if ( $session->user_logged_in )
+ {
+ $this->wiki_mode = ( getConfig('wiki_mode') == '1' );
+ }
+ else
+ {
+ $this->wiki_mode = ( getConfig('wiki_mode') == '1' && getConfig('wiki_mode_require_login') != '1' );
+ }
+ }
+ else
+ {
+ // Ech. Internal logic failure, this should never happen.
+ return false;
+ }
}
/**
@@ -2776,30 +2813,29 @@
{
// echo '<pre>' . print_r($this->perms, true) . '</pre>';
global $db, $session, $paths, $template, $plugins; // Common objects
+
if ( isset( $this->perms[$type] ) )
{
if ( $this->perms[$type] == AUTH_DENY )
+ {
$ret = false;
- else if ( $this->perms[$type] == AUTH_WIKIMODE &&
- ( isset($paths->pages[$paths->nslist[$this->namespace].$this->page_id]) &&
- ( $paths->pages[$paths->nslist[$this->namespace].$this->page_id]['wiki_mode'] == '1' ||
- ( $paths->pages[$paths->nslist[$this->namespace].$this->page_id]['wiki_mode'] == '2'
- && getConfig('wiki_mode') == '1'
- ) ) ) )
+ }
+ else if ( $this->perms[$type] == AUTH_WIKIMODE && $this->wiki_mode )
+ {
$ret = true;
- else if ( $this->perms[$type] == AUTH_WIKIMODE && (
- !isset($paths->pages[$paths->nslist[$this->namespace].$this->page_id])
- || (
- isset($paths->pages[$paths->nslist[$this->namespace].$this->page_id]) && (
- $paths->pages[$paths->nslist[$this->namespace].$this->page_id]['wiki_mode'] == '0'
- || (
- $paths->pages[$paths->nslist[$this->namespace].$this->page_id]['wiki_mode'] == '2' && getConfig('wiki_mode') != '1'
- ) ) ) ) )
+ }
+ else if ( $this->perms[$type] == AUTH_WIKIMODE && !$this->wiki_mode )
+ {
$ret = false;
+ }
else if ( $this->perms[$type] == AUTH_ALLOW )
+ {
$ret = true;
+ }
else if ( $this->perms[$type] == AUTH_DISALLOW )
+ {
$ret = false;
+ }
}
else if(isset($this->acl_types[$type]))
{
--- a/licenses/index.html Wed Dec 19 17:15:48 2007 -0500
+++ b/licenses/index.html Sun Dec 23 17:58:21 2007 -0500
@@ -85,6 +85,7 @@
<li>One of the CAPTCHA easter eggs was ported from the phpBB <a href="http://phpbbhacks.com/download/6276">Advanced Visual Confirmation Mod</a>. The strange thing here is this: The installation instructions expressly state that the MOD is distributed under the GPL, but immediately afterwards it says that the MOD "can be freely used, but not distributed, without permission." Sorry buddy, but I'm with the FSF on this one, I'm legally allowed to distribute/modify it under the GPL.</li>
<li>The <a href="http://www.jracademy.com/~jtucek/">e-mail address encryption</a> routine was originally written by Jim Tucek, and ported to PHP by Dan Fuhry. Jim allowed the code to be released under the GPL specifically for Enano.</li>
<li><a href="http://www.softcomplex.com/products/tigra_tree_menu/">Tigra Tree Menu</a> - a modified version that remembers the state of the tree. The license terms are stated <a href="http://www.softcomplex.com/products/tigra_tree_menu/docs/#terms_cond">here</a>. After <a href="tigra-menu.html">contacting the author</a>, I was given permission to use the Tigra Tree Menu code as if it were under the GNU GPL. Therefore, you may use this code unde the terms of the GPL, however if you're making commercial use of it, the Softcomplex guys would appreciate if (but not require that) you would contact them first.</li>
+ <li><a href="http://youngpup.net/projects/dom-drag/">youngpup</a>'s DOM-Drag class - the unmodified version is <a href="http://youngpup.net/projects/dom-drag/license.txt">in the public domain</a>; we chose to relicense it as of Enano 1.0.4 to clear up any potential legal complications</li>
</ul>
<h2>GNU Lesser General Public License</h2>
@@ -94,12 +95,6 @@
<li><a href="http://www.debugconsole.de/">debugConsole</a></li>
</ul>
-<h2>Creative Commons Licenses</h2>
-<p>View text: <a href="cc-by-2.0.html">Attribution 2.0</a> [<a href="http://creativecommons.org/licenses/by/2.0/">deed</a>]</p>
-<ul>
- <li><a href="http://boring.youngpup.net/">youngpup</a>'s DOM-Drag class</li>
-</ul>
-
<h2>The PHP License</h2>
<p><a href="phplic.html">View the text of this license</a></p>
<ul>