1
+ − 1 <?php
166
+ − 2
1
+ − 3 /*
+ − 4 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
166
+ − 5 * Version 1.1.1
1
+ − 6 * Copyright (C) 2006-2007 Dan Fuhry
+ − 7 * pageutils.php - a class that handles raw page manipulations, used mostly by AJAX requests or their old-fashioned form-based counterparts
+ − 8 *
+ − 9 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 10 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 11 *
+ − 12 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 13 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 14 */
+ − 15
+ − 16 class PageUtils {
+ − 17
+ − 18 /**
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 19 * Tell if a username is used or not.
1
+ − 20 * @param $name the name to check for
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 21 * @return string
1
+ − 22 */
+ − 23
+ − 24 function checkusername($name)
+ − 25 {
+ − 26 global $db, $session, $paths, $template, $plugins; // Common objects
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 27 $q = $db->sql_query('SELECT username FROM ' . table_prefix.'users WHERE username=\'' . $db->escape(rawurldecode($name)) . '\'');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 28 if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 29 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 30 die(mysql_error());
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 31 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 32 if ( $db->numrows() < 1)
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 33 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 34 $db->free_result(); return('good');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 35 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 36 else
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 37 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 38 $db->free_result(); return('bad');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 39 }
1
+ − 40 }
+ − 41
+ − 42 /**
+ − 43 * Get the wiki formatting source for a page
+ − 44 * @param $page the full page id (Namespace:Pagename)
+ − 45 * @return string
+ − 46 * @todo (DONE) Make it require a password (just for security purposes)
+ − 47 */
+ − 48
+ − 49 function getsource($page, $password = false)
+ − 50 {
+ − 51 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 52 if(!isset($paths->pages[$page]))
+ − 53 {
+ − 54 return '';
+ − 55 }
+ − 56
+ − 57 if(strlen($paths->pages[$page]['password']) == 40)
+ − 58 {
+ − 59 if(!$password || ( $password != $paths->pages[$page]['password']))
+ − 60 {
+ − 61 return 'invalid_password';
+ − 62 }
+ − 63 }
+ − 64
+ − 65 if(!$session->get_permissions('view_source')) // Dependencies handle this for us - this also checks for read privileges
+ − 66 return 'access_denied';
+ − 67 $pid = RenderMan::strToPageID($page);
+ − 68 if($pid[1] == 'Special' || $pid[1] == 'Admin')
+ − 69 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 70 die('This type of page (' . $paths->nslist[$pid[1]] . ') cannot be edited because the page source code is not stored in the database.');
1
+ − 71 }
+ − 72
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 73 $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $pid[0] . '\' AND namespace=\'' . $pid[1] . '\'');
1
+ − 74 if ( !$e )
+ − 75 {
+ − 76 $db->_die('The page text could not be selected.');
+ − 77 }
+ − 78 if( $db->numrows() < 1 )
+ − 79 {
+ − 80 return ''; //$db->_die('There were no rows in the text table that matched the page text query.');
+ − 81 }
+ − 82
+ − 83 $r = $db->fetchrow();
+ − 84 $db->free_result();
+ − 85 $message = $r['page_text'];
+ − 86
+ − 87 return htmlspecialchars($message);
+ − 88 }
+ − 89
+ − 90 /**
+ − 91 * Basically a frontend to RenderMan::getPage(), with the ability to send valid data for nonexistent pages
+ − 92 * @param $page the full page id (Namespace:Pagename)
+ − 93 * @param $send_headers true if the theme headers should be sent (still dependent on current page settings), false otherwise
+ − 94 * @return string
+ − 95 */
+ − 96
+ − 97 function getpage($page, $send_headers = false, $hist_id = false)
+ − 98 {
+ − 99 die('PageUtils->getpage is deprecated.');
+ − 100 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 101 ob_start();
+ − 102 $pid = RenderMan::strToPageID($page);
+ − 103 //die('<pre>'.print_r($pid, true).'</pre>');
+ − 104 if(isset($paths->pages[$page]['password']) && strlen($paths->pages[$page]['password']) == 40)
+ − 105 {
+ − 106 password_prompt($page);
+ − 107 }
+ − 108 if(isset($paths->pages[$page]))
+ − 109 {
+ − 110 doStats($pid[0], $pid[1]);
+ − 111 }
+ − 112 if($paths->custom_page || $pid[1] == 'Special')
+ − 113 {
+ − 114 // If we don't have access to the page, get out and quick!
+ − 115 if(!$session->get_permissions('read') && $pid[0] != 'Login' && $pid[0] != 'Register')
+ − 116 {
+ − 117 $template->tpl_strings['PAGE_NAME'] = 'Access denied';
+ − 118
+ − 119 if ( $send_headers )
+ − 120 {
+ − 121 $template->header();
+ − 122 }
+ − 123
+ − 124 echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
+ − 125
+ − 126 if ( $send_headers )
+ − 127 {
+ − 128 $template->footer();
+ − 129 }
+ − 130
+ − 131 $r = ob_get_contents();
+ − 132 ob_end_clean();
+ − 133 return $r;
+ − 134 }
+ − 135
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 136 $fname = 'page_' . $pid[1] . '_' . $paths->pages[$page]['urlname_nons'];
1
+ − 137 @call_user_func($fname);
+ − 138
+ − 139 }
+ − 140 else if ( $pid[1] == 'Admin' )
+ − 141 {
+ − 142 // If we don't have access to the page, get out and quick!
+ − 143 if(!$session->get_permissions('read'))
+ − 144 {
+ − 145 $template->tpl_strings['PAGE_NAME'] = 'Access denied';
+ − 146 if ( $send_headers )
+ − 147 {
+ − 148 $template->header();
+ − 149 }
+ − 150 echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
+ − 151 if ( $send_headers )
+ − 152 {
+ − 153 $template->footer();
+ − 154 }
+ − 155 $r = ob_get_contents();
+ − 156 ob_end_clean();
+ − 157 return $r;
+ − 158 }
+ − 159
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 160 $fname = 'page_' . $pid[1] . '_' . $pid[0];
1
+ − 161 if ( !function_exists($fname) )
+ − 162 {
+ − 163 $title = 'Page backend not found';
+ − 164 $message = "The administration page you are looking for was properly registered using the page API, but the backend function
+ − 165 (<tt>$fname</tt>) was not found. If this is a plugin page, then this is almost certainly a bug with the plugin.";
+ − 166 if ( $send_headers )
+ − 167 {
+ − 168 die_friendly($title, "<p>$message</p>");
+ − 169 }
+ − 170 else
+ − 171 {
+ − 172 echo "<h2>$title</h2>\n<p>$message</p>";
+ − 173 }
+ − 174 }
+ − 175 @call_user_func($fname);
+ − 176 }
+ − 177 else if ( !isset( $paths->pages[$page] ) )
+ − 178 {
+ − 179 ob_start();
+ − 180 $code = $plugins->setHook('page_not_found');
+ − 181 foreach ( $code as $cmd )
+ − 182 {
+ − 183 eval($cmd);
+ − 184 }
+ − 185 $text = ob_get_contents();
+ − 186 if ( $text != '' )
+ − 187 {
+ − 188 ob_end_clean();
+ − 189 return $text;
+ − 190 }
+ − 191 $template->header();
+ − 192 if($m = $paths->sysmsg('Page_not_found'))
+ − 193 {
+ − 194 eval('?>'.RenderMan::render($m));
+ − 195 }
+ − 196 else
+ − 197 {
+ − 198 header('HTTP/1.1 404 Not Found');
+ − 199 echo '<h3>There is no page with this title yet.</h3>
+ − 200 <p>You have requested a page that doesn\'t exist yet.';
+ − 201 if($session->get_permissions('create_page')) echo ' You can <a href="'.makeUrl($paths->page, 'do=edit', true).'" onclick="ajaxEditor(); return false;">create this page</a>, or return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.';
+ − 202 else echo ' Return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.</p>';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 203 if ( $session->get_permissions('history_rollback') )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 204 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 205 $e = $db->sql_query('SELECT * FROM ' . table_prefix.'logs WHERE action=\'delete\' AND page_id=\'' . $paths->cpage['urlname_nons'] . '\' AND namespace=\'' . $pid[1] . '\' ORDER BY time_id DESC;');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 206 if ( !$e )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 207 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 208 $db->_die('The deletion log could not be selected.');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 209 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 210 if ($db->numrows() > 0 )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 211 {
1
+ − 212 $r = $db->fetchrow();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 213 echo '<p>This page also appears to have some log entries in the database - it seems that it was deleted on ' . $r['date_string'] . '. You can probably <a href="'.makeUrl($paths->page, 'do=rollback&id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">roll back</a> the deletion.</p>';
1
+ − 214 }
+ − 215 $db->free_result();
+ − 216 }
+ − 217 echo '<p>
+ − 218 HTTP Error: 404 Not Found
+ − 219 </p>';
+ − 220 }
+ − 221 $template->footer();
+ − 222 }
+ − 223 else
+ − 224 {
+ − 225
+ − 226 // If we don't have access to the page, get out and quick!
+ − 227 if(!$session->get_permissions('read'))
+ − 228 {
+ − 229 $template->tpl_strings['PAGE_NAME'] = 'Access denied';
+ − 230 if($send_headers) $template->header();
+ − 231 echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
+ − 232 if($send_headers) $template->footer();
+ − 233 $r = ob_get_contents();
+ − 234 ob_end_clean();
+ − 235 return $r;
+ − 236 }
+ − 237
+ − 238 ob_start();
+ − 239 $code = $plugins->setHook('page_custom_handler');
+ − 240 foreach ( $code as $cmd )
+ − 241 {
+ − 242 eval($cmd);
+ − 243 }
+ − 244 $text = ob_get_contents();
+ − 245 if ( $text != '' )
+ − 246 {
+ − 247 ob_end_clean();
+ − 248 return $text;
+ − 249 }
+ − 250
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 251 if ( $hist_id )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 252 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 253 $e = $db->sql_query('SELECT page_text,date_string,char_tag FROM ' . table_prefix.'logs WHERE page_id=\'' . $paths->pages[$page]['urlname_nons'] . '\' AND namespace=\'' . $pid[1] . '\' AND log_type=\'page\' AND action=\'edit\' AND time_id=' . $db->escape($hist_id) . '');
1
+ − 254 if($db->numrows() < 1)
+ − 255 {
+ − 256 $db->_die('There were no rows in the text table that matched the page text query.');
+ − 257 }
+ − 258 $r = $db->fetchrow();
+ − 259 $db->free_result();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 260 $message = '<div class="info-box" style="margin-left: 0; margin-top: 5px;"><b>Notice:</b><br />The page you are viewing was archived on ' . $r['date_string'] . '.<br /><a href="'.makeUrl($page).'" onclick="ajaxReset(); return false;">View current version</a> | <a href="'.makeUrl($page, 'do=rollback&id=' . $hist_id) . '" onclick="ajaxRollback(\'' . $hist_id . '\')">Restore this version</a></div><br />'.RenderMan::render($r['page_text']);
1
+ − 261
+ − 262 if( !$paths->pages[$page]['special'] )
+ − 263 {
+ − 264 if($send_headers)
+ − 265 {
+ − 266 $template->header();
+ − 267 }
+ − 268 display_page_headers();
+ − 269 }
+ − 270
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 271 eval('?>' . $message);
1
+ − 272
+ − 273 if( !$paths->pages[$page]['special'] )
+ − 274 {
+ − 275 display_page_footers();
+ − 276 if($send_headers)
+ − 277 {
+ − 278 $template->footer();
+ − 279 }
+ − 280 }
+ − 281
+ − 282 } else {
+ − 283 if(!$paths->pages[$page]['special'])
+ − 284 {
+ − 285 $message = RenderMan::getPage($paths->pages[$page]['urlname_nons'], $pid[1]);
+ − 286 }
+ − 287 else
+ − 288 {
+ − 289 $message = RenderMan::getPage($paths->pages[$page]['urlname_nons'], $pid[1], 0, false, false, false, false);
+ − 290 }
+ − 291 // This line is used to debug wikiformatted code
+ − 292 // die('<pre>'.htmlspecialchars($message).'</pre>');
+ − 293
+ − 294 if( !$paths->pages[$page]['special'] )
+ − 295 {
+ − 296 if($send_headers)
+ − 297 {
+ − 298 $template->header();
+ − 299 }
+ − 300 display_page_headers();
+ − 301 }
+ − 302
+ − 303 // This is it, this is what all of Enano has been working up to...
+ − 304
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 305 eval('?>' . $message);
1
+ − 306
+ − 307 if( !$paths->pages[$page]['special'] )
+ − 308 {
+ − 309 display_page_footers();
+ − 310 if($send_headers)
+ − 311 {
+ − 312 $template->footer();
+ − 313 }
+ − 314 }
+ − 315 }
+ − 316 }
+ − 317 $ret = ob_get_contents();
+ − 318 ob_end_clean();
+ − 319 return $ret;
+ − 320 }
+ − 321
+ − 322 /**
+ − 323 * Writes page data to the database, after verifying permissions and running the XSS filter
+ − 324 * @param $page_id the page ID
+ − 325 * @param $namespace the namespace
+ − 326 * @param $message the text to save
+ − 327 * @return string
+ − 328 */
+ − 329
+ − 330 function savepage($page_id, $namespace, $message, $summary = 'No edit summary given', $minor = false)
+ − 331 {
+ − 332 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 333 $uid = sha1(microtime());
+ − 334 $pname = $paths->nslist[$namespace] . $page_id;
+ − 335
+ − 336 if(!$session->get_permissions('edit_page'))
+ − 337 return 'Access to edit pages is denied.';
+ − 338
+ − 339 if(!isset($paths->pages[$pname]))
+ − 340 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 341 $create = PageUtils::createPage($page_id, $namespace);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 342 if ( $create != 'good' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 343 return 'The page did not exist, and I was not able to create it. The reported error was: ' . $create;
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 344 $paths->page_exists = true;
1
+ − 345 }
+ − 346
+ − 347 $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
+ − 348 $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
+ − 349 if(($prot || !$wiki) && $session->user_level < USER_LEVEL_ADMIN ) return('You are not authorized to edit this page.');
+ − 350
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 351 // Strip potentially harmful tags and PHP from the message, dependent upon permissions settings
1
+ − 352 $message = RenderMan::preprocess_text($message, false, false);
+ − 353
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 354 $msg = $db->escape($message);
1
+ − 355
+ − 356 $minor = $minor ? 'true' : 'false';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 357 $q='INSERT INTO ' . table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $paths->cpage['urlname_nons'] . '\', \'' . $paths->namespace . '\', \'' . $msg . '\', \'' . $uid . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($summary)) . '\', ' . $minor . ');';
1
+ − 358 if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
+ − 359
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 360 $q = 'UPDATE ' . table_prefix.'page_text SET page_text=\'' . $msg . '\',char_tag=\'' . $uid . '\' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';';
1
+ − 361 $e = $db->sql_query($q);
+ − 362 if(!$e) $db->_die('Enano was unable to save the page contents. Your changes have been lost <tt>:\'(</tt>.');
+ − 363
+ − 364 $paths->rebuild_page_index($page_id, $namespace);
+ − 365
+ − 366 return 'good';
+ − 367 }
+ − 368
+ − 369 /**
+ − 370 * Creates a page, both in memory and in the database.
+ − 371 * @param string $page_id
+ − 372 * @param string $namespace
+ − 373 * @return bool true on success, false on failure
+ − 374 */
+ − 375
+ − 376 function createPage($page_id, $namespace, $name = false, $visible = 1)
+ − 377 {
+ − 378 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 379 if(in_array($namespace, Array('Special', 'Admin')))
+ − 380 {
+ − 381 // echo '<b>Notice:</b> PageUtils::createPage: You can\'t create a special page in the database<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 382 return 'You can\'t create a special page in the database';
1
+ − 383 }
+ − 384
+ − 385 if(!isset($paths->nslist[$namespace]))
+ − 386 {
+ − 387 // echo '<b>Notice:</b> PageUtils::createPage: Couldn\'t look up the namespace<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 388 return 'Couldn\'t look up the namespace';
1
+ − 389 }
+ − 390
+ − 391 $pname = $paths->nslist[$namespace] . $page_id;
+ − 392 if(isset($paths->pages[$pname]))
+ − 393 {
+ − 394 // echo '<b>Notice:</b> PageUtils::createPage: Page already exists<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 395 return 'Page already exists';
1
+ − 396 }
+ − 397
+ − 398 if(!$session->get_permissions('create_page'))
+ − 399 {
+ − 400 // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create pages<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 401 return 'Not authorized to create pages';
1
+ − 402 }
+ − 403
+ − 404 if($session->user_level < USER_LEVEL_ADMIN && $namespace == 'System')
+ − 405 {
+ − 406 // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 407 return 'Not authorized to create system messages';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 408 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 409
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 410 if ( substr($page_id, 0, 8) == 'Project:' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 411 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 412 // echo '<b>Notice:</b> PageUtils::createPage: Prefix "Project:" is reserved<br />';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 413 return 'The prefix "Project:" is reserved for a parser shortcut; if a page was created using this prefix, it would not be possible to link to it.';
1
+ − 414 }
+ − 415
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 416 $page_id = dirtify_page_id($page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 417
1
+ − 418 if ( !$name )
+ − 419 $name = str_replace('_', ' ', $page_id);
+ − 420 $regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is';
+ − 421 if(!preg_match($regex, $page))
+ − 422 {
+ − 423 //echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 424 return 'Name contains invalid characters';
1
+ − 425 }
+ − 426
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 427 $page_id = sanitize_page_id( $page_id );
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 428
1
+ − 429 $prot = ( $namespace == 'System' ) ? 1 : 0;
+ − 430
112
+ − 431 $ips = array(
+ − 432 'ip' => array(),
+ − 433 'u' => array()
+ − 434 );
+ − 435
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 436 $page_data = Array(
1
+ − 437 'name'=>$name,
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 438 'urlname'=>$page_id,
1
+ − 439 'namespace'=>$namespace,
112
+ − 440 'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>$prot,'delvotes'=>0,'delvote_ips'=>serialize($ips),'wiki_mode'=>2,
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 441 );
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 442
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 443 // die('PageUtils::createpage: Creating page with this data:<pre>' . print_r($page_data, true) . '</pre>');
1
+ − 444
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 445 $paths->add_page($page_data);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 446
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 447 $qa = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\'' . $db->escape($name) . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\', '. ( $visible ? '1' : '0' ) .', ' . $prot . ', \'' . $db->escape(serialize($ips)) . '\');');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 448 $qb = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace) VALUES(\'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 449 $qc = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'create\', \'' . $session->username . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
1
+ − 450
+ − 451 if($qa && $qb && $qc)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 452 return 'good';
1
+ − 453 else
+ − 454 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 455 return $db->get_error();
1
+ − 456 }
+ − 457 }
+ − 458
+ − 459 /**
+ − 460 * Sets the protection level on a page.
+ − 461 * @param $page_id string the page ID
+ − 462 * @param $namespace string the namespace
+ − 463 * @param $level int level of protection - 0 is off, 1 is full, 2 is semi
+ − 464 * @param $reason string why the page is being (un)protected
+ − 465 * @return string - "good" on success, in all other cases, an error string (on query failure, calls $db->_die() )
+ − 466 */
+ − 467 function protect($page_id, $namespace, $level, $reason)
+ − 468 {
+ − 469 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 470
+ − 471 $pname = $paths->nslist[$namespace] . $page_id;
+ − 472 $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
+ − 473 $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
+ − 474
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 475 if ( !$session->get_permissions('protect') )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 476 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 477 return('Insufficient access rights');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 478 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 479 if ( !$wiki )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 480 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 481 return('Page protection only has an effect when Wiki Mode is enabled.');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 482 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 483 if ( !preg_match('#^([0-9]+){1}$#', (string)$level) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 484 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 485 return('Invalid $level parameter.');
1
+ − 486 }
+ − 487
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 488 switch($level)
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 489 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 490 case 0:
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 491 $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'unprot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 492 break;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 493 case 1:
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 494 $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'prot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 495 break;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 496 case 2:
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 497 $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'semiprot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 498 break;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 499 default:
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 500 return 'PageUtils::protect(): Invalid value for $level';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 501 break;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 502 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 503 if(!$db->sql_query($q)) $db->_die('The log entry for the page protection could not be inserted.');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 504
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 505 $q = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=' . $level . ' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 506 if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 507 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 508 $db->_die('The pages table was not updated.');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 509 }
1
+ − 510
+ − 511 return('good');
+ − 512 }
+ − 513
+ − 514 /**
+ − 515 * Generates an HTML table with history information in it.
+ − 516 * @param $page_id the page ID
+ − 517 * @param $namespace the namespace
+ − 518 * @return string
+ − 519 */
+ − 520
+ − 521 function histlist($page_id, $namespace)
+ − 522 {
+ − 523 global $db, $session, $paths, $template, $plugins; // Common objects
213
+ − 524 global $lang;
1
+ − 525
+ − 526 if(!$session->get_permissions('history_view'))
+ − 527 return 'Access denied';
+ − 528
+ − 529 ob_start();
+ − 530
+ − 531 $pname = $paths->nslist[$namespace] . $page_id;
+ − 532 $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
+ − 533 $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
+ − 534
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 535 $q = 'SELECT time_id,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' ORDER BY time_id DESC;';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 536 if(!$db->sql_query($q)) $db->_die('The history data for the page "' . $paths->cpage['name'] . '" could not be selected.');
213
+ − 537 echo $lang->get('history_page_subtitle') . '
+ − 538 <h3>' . $lang->get('history_heading_edits') . '</h3>';
1
+ − 539 $numrows = $db->numrows();
213
+ − 540 if ( $numrows < 1 )
+ − 541 {
+ − 542 echo $lang->get('history_no_entries');
+ − 543 }
1
+ − 544 else
+ − 545 {
+ − 546 echo '<form action="'.makeUrlNS($namespace, $page_id, 'do=diff').'" onsubmit="ajaxHistDiff(); return false;" method="get">
213
+ − 547 <input type="submit" value="' . $lang->get('history_btn_compare') . '" />
115
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 548 ' . ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars($paths->nslist[$namespace] . $page_id) . '" />' : '' ) . '
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 549 ' . ( $session->sid_super ? '<input type="hidden" name="auth" value="' . $session->sid_super . '" />' : '') . '
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 550 <input type="hidden" name="do" value="diff" />
1
+ − 551 <br /><span> </span>
+ − 552 <div class="tblholder">
+ − 553 <table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 554 <tr>
213
+ − 555 <th colspan="2">' . $lang->get('history_col_diff') . '</th>
+ − 556 <th>' . $lang->get('history_col_datetime') . '</th>
+ − 557 <th>' . $lang->get('history_col_user') . '</th>
+ − 558 <th>' . $lang->get('history_col_summary') . '</th>
+ − 559 <th>' . $lang->get('history_col_minor') . '</th>
+ − 560 <th colspan="3">' . $lang->get('history_col_actions') . '</th>
1
+ − 561 </tr>'."\n"."\n";
+ − 562 $cls = 'row2';
+ − 563 $ticker = 0;
+ − 564
213
+ − 565 while ( $r = $db->fetchrow() )
+ − 566 {
1
+ − 567
+ − 568 $ticker++;
+ − 569
+ − 570 if($cls == 'row2') $cls = 'row1';
+ − 571 else $cls = 'row2';
+ − 572
+ − 573 echo '<tr>'."\n";
+ − 574
+ − 575 // Diff selection
+ − 576 if($ticker == 1)
+ − 577 {
+ − 578 $s1 = '';
+ − 579 $s2 = 'checked="checked" ';
+ − 580 }
+ − 581 elseif($ticker == 2)
+ − 582 {
+ − 583 $s1 = 'checked="checked" ';
+ − 584 $s2 = '';
+ − 585 }
+ − 586 else
+ − 587 {
+ − 588 $s1 = '';
+ − 589 $s2 = '';
+ − 590 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 591 if($ticker > 1) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s1 . 'name="diff1" type="radio" value="' . $r['time_id'] . '" id="diff1_' . $r['time_id'] . '" class="clsDiff1Radio" onclick="selectDiff1Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 592 if($ticker < $numrows) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s2 . 'name="diff2" type="radio" value="' . $r['time_id'] . '" id="diff2_' . $r['time_id'] . '" class="clsDiff2Radio" onclick="selectDiff2Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';
1
+ − 593
+ − 594 // Date and time
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 595 echo '<td class="' . $cls . '">' . $r['date_string'] . '</td class="' . $cls . '">'."\n";
1
+ − 596
+ − 597 // User
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 598 if ( $session->get_permissions('mod_misc') && is_valid_ip($r['author']) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 599 {
213
+ − 600 $rc = ' style="cursor: pointer;" title="' . $lang->get('history_tip_rdns') . '" onclick="ajaxReverseDNS(this, \'' . $r['author'] . '\');"';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 601 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 602 else
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 603 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 604 $rc = '';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 605 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 606 echo '<td class="' . $cls . '"' . $rc . '><a href="'.makeUrlNS('User', $r['author']).'" ';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 607 if ( !isPage($paths->nslist['User'] . $r['author']) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 608 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 609 echo 'class="wikilink-nonexistent"';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 610 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 611 echo '>' . $r['author'] . '</a></td class="' . $cls . '">'."\n";
1
+ − 612
+ − 613 // Edit summary
213
+ − 614 if ( $r['edit_summary'] == 'Automatic backup created when logs were purged' )
+ − 615 {
+ − 616 $r['edit_summary'] = $lang->get('history_summary_clearlogs');
+ − 617 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 618 echo '<td class="' . $cls . '">' . $r['edit_summary'] . '</td>'."\n";
1
+ − 619
+ − 620 // Minor edit
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 621 echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'."\n";
1
+ − 622
+ − 623 // Actions!
213
+ − 624 echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'oldid=' . $r['time_id']) . '" onclick="ajaxHistView(\'' . $r['time_id'] . '\'); return false;">' . $lang->get('history_action_view') . '</a></td>'."\n";
+ − 625 echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">' . $lang->get('history_action_contrib') . '</a></td>'."\n";
+ − 626 echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">' . $lang->get('history_action_restore') . '</a></td>'."\n";
1
+ − 627
+ − 628 echo '</tr>'."\n"."\n";
+ − 629
+ − 630 }
+ − 631 echo '</table>
+ − 632 </div>
+ − 633 <br />
+ − 634 <input type="hidden" name="do" value="diff" />
213
+ − 635 <input type="submit" value="' . $lang->get('history_btn_compare') . '" />
1
+ − 636 </form>
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 637 <script type="text/javascript">if ( !KILL_SWITCH ) { buildDiffList(); }</script>';
1
+ − 638 }
+ − 639 $db->free_result();
213
+ − 640 echo '<h3>' . $lang->get('history_heading_other') . '</h3>';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 641 $q = 'SELECT time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action!=\'edit\' AND page_id=\'' . $paths->cpage['urlname_nons'] . '\' AND namespace=\'' . $paths->namespace . '\' ORDER BY time_id DESC;';
213
+ − 642 if ( !$db->sql_query($q) )
+ − 643 {
+ − 644 $db->_die('The history data for the page "' . htmlspecialchars($paths->cpage['name']) . '" could not be selected.');
+ − 645 }
+ − 646 if ( $db->numrows() < 1 )
+ − 647 {
+ − 648 echo $lang->get('history_no_entries');
+ − 649 }
+ − 650 else
+ − 651 {
1
+ − 652
213
+ − 653 echo '<div class="tblholder">
+ − 654 <table border="0" width="100%" cellspacing="1" cellpadding="4"><tr>
+ − 655 <th>' . $lang->get('history_col_datetime') . '</th>
+ − 656 <th>' . $lang->get('history_col_user') . '</th>
+ − 657 <th>' . $lang->get('history_col_minor') . '</th>
+ − 658 <th>' . $lang->get('history_col_action_taken') . '</th>
+ − 659 <th>' . $lang->get('history_col_extra') . '</th>
+ − 660 <th colspan="2"></th>
+ − 661 </tr>';
1
+ − 662 $cls = 'row2';
+ − 663 while($r = $db->fetchrow()) {
+ − 664
+ − 665 if($cls == 'row2') $cls = 'row1';
+ − 666 else $cls = 'row2';
+ − 667
+ − 668 echo '<tr>';
+ − 669
+ − 670 // Date and time
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 671 echo '<td class="' . $cls . '">' . $r['date_string'] . '</td class="' . $cls . '">';
1
+ − 672
+ − 673 // User
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 674 echo '<td class="' . $cls . '"><a href="'.makeUrlNS('User', $r['author']).'" ';
1
+ − 675 if(!isPage($paths->nslist['User'] . $r['author'])) echo 'class="wikilink-nonexistent"';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 676 echo '>' . $r['author'] . '</a></td class="' . $cls . '">';
1
+ − 677
+ − 678
+ − 679 // Minor edit
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 680 echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>';
1
+ − 681
+ − 682 // Action taken
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 683 echo '<td class="' . $cls . '">';
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 684 // Some of these are sanitized at insert-time. Others follow the newer Enano policy of stripping HTML at runtime.
213
+ − 685 if ($r['action']=='prot') echo $lang->get('history_log_protect') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $r['edit_summary'];
+ − 686 elseif($r['action']=='unprot') echo $lang->get('history_log_unprotect') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $r['edit_summary'];
+ − 687 elseif($r['action']=='semiprot') echo $lang->get('history_log_semiprotect') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $r['edit_summary'];
+ − 688 elseif($r['action']=='rename') echo $lang->get('history_log_rename') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_oldtitle') . ' '.htmlspecialchars($r['edit_summary']);
+ − 689 elseif($r['action']=='create') echo $lang->get('history_log_create') . '</td><td class="' . $cls . '">';
+ − 690 elseif($r['action']=='delete') echo $lang->get('history_log_delete') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $r['edit_summary'];
+ − 691 elseif($r['action']=='reupload') echo $lang->get('history_log_uploadnew') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' '.htmlspecialchars($r['edit_summary']);
1
+ − 692 echo '</td>';
+ − 693
+ − 694 // Actions!
213
+ − 695 echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">' . $lang->get('history_action_contrib') . '</a></td>';
+ − 696 echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">' . $lang->get('history_action_revert') . '</a></td>';
1
+ − 697
+ − 698 echo '</tr>';
+ − 699 }
+ − 700 echo '</table></div>';
+ − 701 }
+ − 702 $db->free_result();
+ − 703 $ret = ob_get_contents();
+ − 704 ob_end_clean();
+ − 705 return $ret;
+ − 706 }
+ − 707
+ − 708 /**
+ − 709 * Rolls back a logged action
+ − 710 * @param $id the time ID, a.k.a. the primary key in the logs table
+ − 711 * @return string
+ − 712 */
+ − 713
+ − 714 function rollback($id)
+ − 715 {
+ − 716 global $db, $session, $paths, $template, $plugins; // Common objects
158
+ − 717 if ( !$session->get_permissions('history_rollback') )
+ − 718 {
+ − 719 return('You are not authorized to perform rollbacks.');
+ − 720 }
+ − 721 if ( !preg_match('#^([0-9]+)$#', (string)$id) )
+ − 722 {
+ − 723 return('The value "id" on the query string must be an integer.');
+ − 724 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 725 $e = $db->sql_query('SELECT log_type,action,date_string,page_id,namespace,page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id . ';');
158
+ − 726 if ( !$e )
+ − 727 {
+ − 728 $db->_die('The rollback data could not be selected.');
+ − 729 }
1
+ − 730 $rb = $db->fetchrow();
+ − 731 $db->free_result();
158
+ − 732
+ − 733 if ( $rb['log_type'] == 'page' && $rb['action'] != 'delete' )
+ − 734 {
+ − 735 $pagekey = $paths->nslist[$rb['namespace']] . $rb['page_id'];
+ − 736 if ( !isset($paths->pages[$pagekey]) )
+ − 737 {
+ − 738 return "Page doesn't exist";
+ − 739 }
+ − 740 $pagedata =& $paths->pages[$pagekey];
+ − 741 $protected = false;
+ − 742 // Special case: is the page protected? if so, check for even_when_protected permissions
+ − 743 if($pagedata['protected'] == 2)
+ − 744 {
+ − 745 // The page is semi-protected, determine permissions
+ − 746 if($session->user_logged_in && $session->reg_time + 60*60*24*4 < time())
+ − 747 {
+ − 748 $protected = false;
+ − 749 }
+ − 750 else
+ − 751 {
+ − 752 $protected = true;
+ − 753 }
+ − 754 }
+ − 755 else
+ − 756 {
+ − 757 $protected = ( $pagedata['protected'] == 1 );
+ − 758 }
+ − 759
+ − 760 $perms = $session->fetch_page_acl($rb['page_id'], $rb['namespace']);
+ − 761
+ − 762 if ( $protected && !$perms->get_permissions('even_when_protected') )
+ − 763 {
+ − 764 return "Because this page is protected, you need moderator rights to roll back changes.";
+ − 765 }
+ − 766 }
+ − 767 else
+ − 768 {
+ − 769 $perms =& $session;
+ − 770 }
+ − 771
+ − 772 switch($rb['log_type'])
+ − 773 {
1
+ − 774 case "page":
158
+ − 775 switch($rb['action'])
+ − 776 {
1
+ − 777 case "edit":
158
+ − 778 if ( !$perms->get_permissions('edit_page') )
+ − 779 return "You don't have permission to edit pages, so rolling back edits can't be allowed either.";
1
+ − 780 $t = $db->escape($rb['page_text']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 781 $e = $db->sql_query('UPDATE ' . table_prefix.'page_text SET page_text=\'' . $t . '\',char_tag=\'' . $rb['char_tag'] . '\' WHERE page_id=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
158
+ − 782 if ( !$e )
+ − 783 {
+ − 784 return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
+ − 785 }
+ − 786 else
+ − 787 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 788 return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the state it was in on ' . $rb['date_string'] . '.';
158
+ − 789 }
1
+ − 790 break;
+ − 791 case "rename":
158
+ − 792 if ( !$perms->get_permissions('rename') )
+ − 793 return "You don't have permission to rename pages, so rolling back renames can't be allowed either.";
1
+ − 794 $t = $db->escape($rb['edit_summary']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 795 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET name=\'' . $t . '\' WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
158
+ − 796 if ( !$e )
+ − 797 {
+ − 798 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ − 799 }
+ − 800 else
+ − 801 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 802 return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the name it had ("' . $rb['edit_summary'] . '") before ' . $rb['date_string'] . '.';
158
+ − 803 }
1
+ − 804 break;
+ − 805 case "prot":
158
+ − 806 if ( !$perms->get_permissions('protect') )
+ − 807 return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 808 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=0 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
158
+ − 809 if ( !$e )
+ − 810 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ − 811 else
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 812 return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at ' . $rb['date_string'] . '.';
1
+ − 813 break;
+ − 814 case "semiprot":
158
+ − 815 if ( !$perms->get_permissions('protect') )
+ − 816 return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 817 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=0 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
158
+ − 818 if ( !$e )
+ − 819 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ − 820 else
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 821 return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at ' . $rb['date_string'] . '.';
1
+ − 822 break;
+ − 823 case "unprot":
158
+ − 824 if ( !$perms->get_permissions('protect') )
+ − 825 return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 826 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=1 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
158
+ − 827 if ( !$e )
+ − 828 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ − 829 else
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 830 return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been protected according to the log created at ' . $rb['date_string'] . '.';
1
+ − 831 break;
+ − 832 case "delete":
158
+ − 833 if ( !$perms->get_permissions('history_rollback_extra') )
+ − 834 return 'Administrative privileges are required for page undeletion.';
+ − 835 if ( isset($paths->pages[$paths->cpage['urlname']]) )
+ − 836 return 'You cannot raise a dead page that is alive.';
1
+ − 837 $name = str_replace('_', ' ', $rb['page_id']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 838 $e = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace) VALUES( \'' . $name . '\', \'' . $rb['page_id'] . '\',\'' . $rb['namespace'] . '\' )');if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 839 $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'logs WHERE page_id=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\' AND log_type=\'page\' AND action=\'edit\' ORDER BY time_id DESC;'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
1
+ − 840 $r = $db->fetchrow();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 841 $e = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\'' . $rb['page_id'] . '\',\'' . $rb['namespace'] . '\',\'' . $db->escape($r['page_text']) . '\',\'' . $r['char_tag'] . '\')'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 842 return 'The page "' . $name . '" has been undeleted according to the log created at ' . $rb['date_string'] . '.';
1
+ − 843 break;
+ − 844 case "reupload":
158
+ − 845 if ( !$session->get_permissions('history_rollbacks_extra') )
+ − 846 {
+ − 847 return 'Administrative privileges are required for file rollbacks.';
+ − 848 }
1
+ − 849 $newtime = time();
+ − 850 $newdate = date('d M Y h:i a');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 851 if(!$db->sql_query('UPDATE ' . table_prefix.'logs SET time_id=' . $newtime . ',date_string=\'' . $newdate . '\' WHERE time_id=' . $id))
158
+ − 852 return 'Error during query: '.mysql_error();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 853 if(!$db->sql_query('UPDATE ' . table_prefix.'files SET time_id=' . $newtime . ' WHERE time_id=' . $id))
158
+ − 854 return 'Error during query: '.mysql_error();
+ − 855 return 'The file has been rolled back to the version uploaded on '.date('d M Y h:i a', (int)$id).'.';
1
+ − 856 break;
+ − 857 default:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 858 return('Rollback of the action "' . $rb['action'] . '" is not yet supported.');
1
+ − 859 break;
+ − 860 }
+ − 861 break;
+ − 862 case "security":
+ − 863 case "login":
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 864 return('A ' . $rb['log_type'] . '-related log entry cannot be rolled back.');
1
+ − 865 break;
+ − 866 default:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 867 return('Unknown log entry type: "' . $rb['log_type'] . '"');
1
+ − 868 }
+ − 869 }
+ − 870
+ − 871 /**
+ − 872 * Posts a comment.
+ − 873 * @param $page_id the page ID
+ − 874 * @param $namespace the namespace
+ − 875 * @param $name the name of the person posting, defaults to current username/IP
+ − 876 * @param $subject the subject line of the comment
+ − 877 * @param $text the comment text
+ − 878 * @return string javascript code
+ − 879 */
+ − 880
+ − 881 function addcomment($page_id, $namespace, $name, $subject, $text, $captcha_code = false, $captcha_id = false)
+ − 882 {
+ − 883 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 884 $_ob = '';
+ − 885 if(!$session->get_permissions('post_comments'))
+ − 886 return 'Access denied';
+ − 887 if(getConfig('comments_need_login') == '2' && !$session->user_logged_in) _die('Access denied to post comments: you need to be logged in first.');
+ − 888 if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
+ − 889 {
+ − 890 if(!$captcha_code || !$captcha_id) _die('BUG: PageUtils::addcomment: no CAPTCHA data passed to method');
+ − 891 $result = $session->get_captcha($captcha_id);
+ − 892 if($captcha_code != $result) _die('The confirmation code you entered was incorrect.');
+ − 893 }
+ − 894 $text = RenderMan::preprocess_text($text);
+ − 895 $name = $session->user_logged_in ? RenderMan::preprocess_text($session->username) : RenderMan::preprocess_text($name);
+ − 896 $subj = RenderMan::preprocess_text($subject);
+ − 897 if(getConfig('approve_comments')=='1') $appr = '0'; else $appr = '1';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 898 $q = 'INSERT INTO ' . table_prefix.'comments(page_id,namespace,subject,comment_data,name,user_id,approved,time) VALUES(\'' . $page_id . '\',\'' . $namespace . '\',\'' . $subj . '\',\'' . $text . '\',\'' . $name . '\',' . $session->user_id . ',' . $appr . ','.time().')';
1
+ − 899 $e = $db->sql_query($q);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 900 if(!$e) die('alert(unescape(\''.rawurlencode('Error inserting comment data: '.mysql_error().'\n\nQuery:\n' . $q) . '\'))');
1
+ − 901 else $_ob .= '<div class="info-box">Your comment has been posted.</div>';
+ − 902 return PageUtils::comments($page_id, $namespace, false, Array(), $_ob);
+ − 903 }
+ − 904
+ − 905 /**
+ − 906 * Generates partly-compiled HTML/Javascript code to be eval'ed by the user's browser to display comments
+ − 907 * @param $page_id the page ID
+ − 908 * @param $namespace the namespace
+ − 909 * @param $action administrative action to perform, default is false
+ − 910 * @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 911 * @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 912 * @return array
+ − 913 * @access private
+ − 914 */
+ − 915
+ − 916 function comments_raw($page_id, $namespace, $action = false, $flags = Array(), $_ob = '')
+ − 917 {
+ − 918 global $db, $session, $paths, $template, $plugins; // Common objects
213
+ − 919 global $lang;
1
+ − 920
+ − 921 $pname = $paths->nslist[$namespace] . $page_id;
+ − 922
+ − 923 ob_start();
+ − 924
+ − 925 if($action && $session->get_permissions('mod_comments')) // Nip hacking attempts in the bud
+ − 926 {
+ − 927 switch($action) {
+ − 928 case "delete":
+ − 929 if(isset($flags['id']))
+ − 930 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 931 $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id='.intval($flags['id']).' LIMIT 1;';
1
+ − 932 } else {
+ − 933 $n = $db->escape($flags['name']);
+ − 934 $s = $db->escape($flags['subj']);
+ − 935 $t = $db->escape($flags['text']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 936 $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;';
1
+ − 937 }
+ − 938 $e=$db->sql_query($q);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 939 if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 940 break;
+ − 941 case "approve":
+ − 942 if(isset($flags['id']))
+ − 943 {
+ − 944 $where = 'comment_id='.intval($flags['id']);
+ − 945 } else {
+ − 946 $n = $db->escape($flags['name']);
+ − 947 $s = $db->escape($flags['subj']);
+ − 948 $t = $db->escape($flags['text']);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 949 $where = 'name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\'';
1
+ − 950 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 951 $q = 'SELECT approved FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ' LIMIT 1;';
1
+ − 952 $e = $db->sql_query($q);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 953 if(!$e) die('alert(unesape(\''.rawurlencode('Error selecting approval status: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 954 $r = $db->fetchrow();
+ − 955 $db->free_result();
+ − 956 $a = ( $r['approved'] ) ? '0' : '1';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 957 $q = 'UPDATE ' . table_prefix.'comments SET approved=' . $a . ' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ';';
1
+ − 958 $e=$db->sql_query($q);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 959 if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
213
+ − 960 if($a=='1') $v = $lang->get('comment_btn_mod_unapprove');
+ − 961 else $v = $lang->get('comment_btn_mod_approve');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 962 echo 'document.getElementById("mdgApproveLink'.intval($_GET['id']).'").innerHTML="' . $v . '";';
1
+ − 963 break;
+ − 964 }
+ − 965 }
+ − 966
+ − 967 if(!defined('ENANO_TEMPLATE_LOADED'))
+ − 968 {
+ − 969 $template->load_theme($session->theme, $session->style);
+ − 970 }
+ − 971
+ − 972 $tpl = $template->makeParser('comment.tpl');
+ − 973
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 974 $e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=0;');
1
+ − 975 if(!$e) $db->_die('The comment text data could not be selected.');
+ − 976 $num_unapp = $db->numrows();
+ − 977 $db->free_result();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 978 $e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=1;');
1
+ − 979 if(!$e) $db->_die('The comment text data could not be selected.');
+ − 980 $num_app = $db->numrows();
+ − 981 $db->free_result();
+ − 982 $lq = $db->sql_query('SELECT c.comment_id,c.subject,c.name,c.comment_data,c.approved,c.time,c.user_id,u.user_level,u.signature
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 983 FROM ' . table_prefix.'comments AS c
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 984 LEFT JOIN ' . table_prefix.'users AS u
1
+ − 985 ON c.user_id=u.user_id
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 986 WHERE page_id=\'' . $page_id . '\'
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 987 AND namespace=\'' . $namespace . '\' ORDER BY c.time ASC;');
1
+ − 988 if(!$lq) _die('The comment text data could not be selected. '.mysql_error());
213
+ − 989 $_ob .= '<h3>' . $lang->get('comment_heading') . '</h3>';
+ − 990
1
+ − 991 $n = ( $session->get_permissions('mod_comments')) ? $db->numrows() : $num_app;
213
+ − 992
+ − 993 $subst = array(
+ − 994 'num_comments' => $n,
226
0e6478521004
Fixed the one FIXME in PageUtils regarding static HTML comment system's greeting line; fixed parsing of external links in template->tplWikiFormat
Dan
diff
changeset
+ − 995 'page_type' => $template->namespace_string
213
+ − 996 );
+ − 997
+ − 998 $_ob .= '<p>';
+ − 999 $_ob .= ( $n == 0 ) ? $lang->get('comment_msg_count_zero', $subst) : ( $n == 1 ? $lang->get('comment_msg_count_one', $subst) : $lang->get('comment_msg_count_plural', $subst) );
+ − 1000
+ − 1001 if ( $session->get_permissions('mod_comments') && $num_unapp > 0 )
1
+ − 1002 {
213
+ − 1003 $_ob .= ' <span style="color: #D84308">' . $lang->get('comment_msg_count_unapp_mod', array( 'num_unapp' => $num_unapp )) . '</span>';
+ − 1004 }
+ − 1005 else if ( !$session->get_permissions('mod_comments') && $num_unapp > 0 )
+ − 1006 {
+ − 1007 $ls = ( $num_unapp == 1 ) ? 'comment_msg_count_unapp_one' : 'comment_msg_count_unapp_plural';
+ − 1008 $_ob .= ' <span>' . $lang->get($ls, array( 'num_unapp' => $num_unapp )) . '</span>';
+ − 1009 }
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 1010 $_ob .= '</p>';
1
+ − 1011 $list = 'list = { ';
+ − 1012 // _die(htmlspecialchars($ttext));
+ − 1013 $i = -1;
213
+ − 1014 while ( $row = $db->fetchrow($lq) )
1
+ − 1015 {
+ − 1016 $i++;
+ − 1017 $strings = Array();
+ − 1018 $bool = Array();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1019 if ( $session->get_permissions('mod_comments') || $row['approved'] )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1020 {
1
+ − 1021 $list .= $i . ' : { \'comment\' : unescape(\''.rawurlencode($row['comment_data']).'\'), \'name\' : unescape(\''.rawurlencode($row['name']).'\'), \'subject\' : unescape(\''.rawurlencode($row['subject']).'\'), }, ';
+ − 1022
+ − 1023 // Comment ID (used in the Javascript apps)
+ − 1024 $strings['ID'] = (string)$i;
+ − 1025
+ − 1026 // Determine the name, and whether to link to the user page or not
+ − 1027 $name = '';
213
+ − 1028 if($row['user_id'] > 1) $name .= '<a href="'.makeUrlNS('User', str_replace(' ', '_', $row['name'])).'">';
1
+ − 1029 $name .= $row['name'];
213
+ − 1030 if($row['user_id'] > 1) $name .= '</a>';
1
+ − 1031 $strings['NAME'] = $name; unset($name);
+ − 1032
+ − 1033 // Subject
+ − 1034 $s = $row['subject'];
213
+ − 1035 if(!$row['approved']) $s .= ' <span style="color: #D84308">' . $lang->get('comment_msg_note_unapp') . '</span>';
1
+ − 1036 $strings['SUBJECT'] = $s;
+ − 1037
+ − 1038 // Date and time
+ − 1039 $strings['DATETIME'] = date('F d, Y h:i a', $row['time']);
+ − 1040
+ − 1041 // User level
+ − 1042 switch($row['user_level'])
+ − 1043 {
+ − 1044 default:
+ − 1045 case USER_LEVEL_GUEST:
213
+ − 1046 $l = $lang->get('user_type_guest');
1
+ − 1047 break;
+ − 1048 case USER_LEVEL_MEMBER:
213
+ − 1049 case USER_LEVEL_CHPREF:
+ − 1050 $l = $lang->get('user_type_member');
1
+ − 1051 break;
+ − 1052 case USER_LEVEL_MOD:
213
+ − 1053 $l = $lang->get('user_type_mod');
1
+ − 1054 break;
+ − 1055 case USER_LEVEL_ADMIN:
213
+ − 1056 $l = $lang->get('user_type_admin');
1
+ − 1057 break;
+ − 1058 }
+ − 1059 $strings['USER_LEVEL'] = $l; unset($l);
+ − 1060
+ − 1061 // The actual comment data
+ − 1062 $strings['DATA'] = RenderMan::render($row['comment_data']);
+ − 1063
+ − 1064 if($session->get_permissions('edit_comments'))
+ − 1065 {
+ − 1066 // Edit link
213
+ − 1067 $strings['EDIT_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=editcomment&id=' . $row['comment_id']) . '" id="editbtn_' . $i . '">' . $lang->get('comment_btn_edit') . '</a>';
1
+ − 1068
+ − 1069 // Delete link
213
+ − 1070 $strings['DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=deletecomment&id=' . $row['comment_id']) . '">' . $lang->get('comment_btn_delete') . '</a>';
1
+ − 1071 }
+ − 1072 else
+ − 1073 {
+ − 1074 // Edit link
+ − 1075 $strings['EDIT_LINK'] = '';
+ − 1076
+ − 1077 // Delete link
+ − 1078 $strings['DELETE_LINK'] = '';
+ − 1079 }
+ − 1080
+ − 1081 // Send PM link
213
+ − 1082 $strings['SEND_PM_LINK'] = ( $session->user_logged_in && $row['user_id'] > 1 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/To/' . $row['name']) . '">' . $lang->get('comment_btn_send_privmsg') . '</a><br />' : '';
1
+ − 1083
+ − 1084 // Add Buddy link
213
+ − 1085 $strings['ADD_BUDDY_LINK'] = ( $session->user_logged_in && $row['user_id'] > 1 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add/' . $row['name']) . '">' . $lang->get('comment_btn_add_buddy') . '</a>' : '';
1
+ − 1086
+ − 1087 // Mod links
+ − 1088 $applink = '';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1089 $applink .= '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=approve&id=' . $row['comment_id']) . '" id="mdgApproveLink' . $i . '">';
213
+ − 1090 if($row['approved']) $applink .= $lang->get('comment_btn_mod_unapprove');
+ − 1091 else $applink .= $lang->get('comment_btn_mod_approve');
1
+ − 1092 $applink .= '</a>';
+ − 1093 $strings['MOD_APPROVE_LINK'] = $applink; unset($applink);
213
+ − 1094 $strings['MOD_DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=delete&id=' . $row['comment_id']) . '">' . $lang->get('comment_btn_mod_delete') . '</a>';
1
+ − 1095
+ − 1096 // Signature
+ − 1097 $strings['SIGNATURE'] = '';
+ − 1098 if($row['signature'] != '') $strings['SIGNATURE'] = RenderMan::render($row['signature']);
+ − 1099
+ − 1100 $bool['auth_mod'] = ($session->get_permissions('mod_comments')) ? true : false;
+ − 1101 $bool['can_edit'] = ( ( $session->user_logged_in && $row['name'] == $session->username && $session->get_permissions('edit_comments') ) || $session->get_permissions('mod_comments') ) ? true : false;
+ − 1102 $bool['signature'] = ( $strings['SIGNATURE'] == '' ) ? false : true;
+ − 1103
+ − 1104 // Done processing and compiling, now let's cook it into HTML
+ − 1105 $tpl->assign_vars($strings);
+ − 1106 $tpl->assign_bool($bool);
+ − 1107 $_ob .= $tpl->run();
+ − 1108 }
+ − 1109 }
+ − 1110 if(getConfig('comments_need_login') != '2' || $session->user_logged_in)
+ − 1111 {
213
+ − 1112 if($session->get_permissions('post_comments'))
1
+ − 1113 {
213
+ − 1114 $_ob .= '<h3>' . $lang->get('comment_postform_title') . '</h3>';
+ − 1115 $_ob .= $lang->get('comment_postform_blurb');
+ − 1116 if(getConfig('approve_comments')=='1') $_ob .= ' ' . $lang->get('comment_postform_blurb_unapp');
+ − 1117 if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
+ − 1118 {
+ − 1119 $_ob .= ' ' . $lang->get('comment_postform_blurb_captcha');
+ − 1120 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1121 $sn = $session->user_logged_in ? $session->username . '<input name="name" id="mdgScreenName" type="hidden" value="' . $session->username . '" />' : '<input name="name" id="mdgScreenName" type="text" size="35" />';
213
+ − 1122 $_ob .= ' <a href="#" id="mdgCommentFormLink" style="display: none;" onclick="document.getElementById(\'mdgCommentForm\').style.display=\'block\';this.style.display=\'none\';return false;">' . $lang->get('comment_postform_blurb_link') . '</a>
1
+ − 1123 <div id="mdgCommentForm">
+ − 1124 <form action="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=postcomment').'" method="post" style="margin-left: 1em">
+ − 1125 <table border="0">
213
+ − 1126 <tr><td>' . $lang->get('comment_postform_field_name') . '</td><td>' . $sn . '</td></tr>
+ − 1127 <tr><td>' . $lang->get('comment_postform_field_subject') . '</td><td><input name="subj" id="mdgSubject" type="text" size="35" /></td></tr>';
1
+ − 1128 if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
+ − 1129 {
+ − 1130 $session->kill_captcha();
+ − 1131 $captcha = $session->make_captcha();
213
+ − 1132 $_ob .= '<tr><td>' . $lang->get('comment_postform_field_captcha_title') . '<br /><small>' . $lang->get('comment_postform_field_captcha_blurb') . '</small></td><td><img src="'.makeUrlNS('Special', 'Captcha/' . $captcha) . '" alt="Visual confirmation" style="cursor: pointer;" onclick="this.src = \''.makeUrlNS("Special", "Captcha/".$captcha).'/\'+Math.floor(Math.random() * 100000);" /><input name="captcha_id" id="mdgCaptchaID" type="hidden" value="' . $captcha . '" /><br />' . $lang->get('comment_postform_field_captcha_label') . ' <input name="captcha_input" id="mdgCaptchaInput" type="text" size="10" /><br /><small><script type="text/javascript">document.write("' . $lang->get('comment_postform_field_captcha_cantread_js') . '");</script><noscript>' . $lang->get('comment_postform_field_captcha_cantread_nojs') . '</noscript></small></td></tr>';
1
+ − 1133 }
+ − 1134 $_ob .= '
213
+ − 1135 <tr><td valign="top">' . $lang->get('comment_postform_field_comment') . '</td><td><textarea name="text" id="mdgCommentArea" rows="10" cols="40"></textarea></td></tr>
+ − 1136 <tr><td colspan="2" style="text-align: center;"><input type="submit" value="' . $lang->get('comment_postform_btn_submit') . '" /></td></tr>
1
+ − 1137 </table>
+ − 1138 </form>
+ − 1139 </div>';
+ − 1140 }
+ − 1141 } else {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1142 $_ob .= '<h3>Got something to say?</h3><p>You need to be logged in to post comments. <a href="'.makeUrlNS('Special', 'Login/' . $pname . '%2523comments').'">Log in</a></p>';
1
+ − 1143 }
+ − 1144 $list .= '};';
+ − 1145 echo 'document.getElementById(\'ajaxEditContainer\').innerHTML = unescape(\''. rawurlencode($_ob) .'\');
+ − 1146 ' . $list;
+ − 1147 echo 'Fat.fade_all(); document.getElementById(\'mdgCommentForm\').style.display = \'none\'; document.getElementById(\'mdgCommentFormLink\').style.display="inline";';
+ − 1148
+ − 1149 $ret = ob_get_contents();
+ − 1150 ob_end_clean();
+ − 1151 return Array($ret, $_ob);
+ − 1152
+ − 1153 }
+ − 1154
+ − 1155 /**
+ − 1156 * Generates ready-to-execute Javascript code to be eval'ed by the user's browser to display comments
+ − 1157 * @param $page_id the page ID
+ − 1158 * @param $namespace the namespace
+ − 1159 * @param $action administrative action to perform, default is false
+ − 1160 * @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 1161 * @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 1162 * @return string
+ − 1163 */
+ − 1164
+ − 1165 function comments($page_id, $namespace, $action = false, $id = -1, $_ob = '')
+ − 1166 {
+ − 1167 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1168 $r = PageUtils::comments_raw($page_id, $namespace, $action, $id, $_ob);
+ − 1169 return $r[0];
+ − 1170 }
+ − 1171
+ − 1172 /**
+ − 1173 * Generates HTML code for comments - used in browser compatibility mode
+ − 1174 * @param $page_id the page ID
+ − 1175 * @param $namespace the namespace
+ − 1176 * @param $action administrative action to perform, default is false
+ − 1177 * @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 1178 * @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 1179 * @return string
+ − 1180 */
+ − 1181
+ − 1182 function comments_html($page_id, $namespace, $action = false, $id = -1, $_ob = '')
+ − 1183 {
+ − 1184 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1185 $r = PageUtils::comments_raw($page_id, $namespace, $action, $id, $_ob);
+ − 1186 return $r[1];
+ − 1187 }
+ − 1188
+ − 1189 /**
+ − 1190 * Updates comment data.
+ − 1191 * @param $page_id the page ID
+ − 1192 * @param $namespace the namespace
+ − 1193 * @param $subject new subject
+ − 1194 * @param $text new text
+ − 1195 * @param $old_subject the old subject, unprocessed and identical to the value in the DB
+ − 1196 * @param $old_text the old text, unprocessed and identical to the value in the DB
+ − 1197 * @param $id the javascript list ID, used internally by the client-side app
+ − 1198 * @return string
+ − 1199 */
+ − 1200
+ − 1201 function savecomment($page_id, $namespace, $subject, $text, $old_subject, $old_text, $id = -1)
+ − 1202 {
+ − 1203 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1204 if(!$session->get_permissions('edit_comments'))
+ − 1205 return 'result="BAD";error="Access denied"';
+ − 1206 // Avoid SQL injection
+ − 1207 $old_text = $db->escape($old_text);
+ − 1208 $old_subject = $db->escape($old_subject);
+ − 1209 // Safety check - username/login
+ − 1210 if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
+ − 1211 {
+ − 1212 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1213 $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 1214 $s = $db->sql_query($q);
+ − 1215 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1216 $r = $db->fetchrow($s);
+ − 1217 $db->free_result();
+ − 1218 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1219 }
+ − 1220 $s = RenderMan::preprocess_text($subject);
+ − 1221 $t = RenderMan::preprocess_text($text);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1222 $sql = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 1223 $result = $db->sql_query($sql);
+ − 1224 if($result)
+ − 1225 {
+ − 1226 return 'result="GOOD";
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1227 list[' . $id . '][\'subject\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $s))))).'\');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1228 list[' . $id . '][\'comment\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t))))).'\'); id = ' . $id . ';
1
+ − 1229 s = unescape(\''.rawurlencode($s).'\');
+ − 1230 t = unescape(\''.str_replace('%5Cn', '<br \\/>', rawurlencode(RenderMan::render(str_replace('{{EnAnO:Newline}}', "\n", stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t)))))).'\');';
+ − 1231 }
+ − 1232 else
+ − 1233 {
+ − 1234 return 'result="BAD"; error=unescape("'.rawurlencode('Enano encountered a problem whilst saving the comment.
+ − 1235 Performed SQL:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1236 ' . $sql . '
1
+ − 1237
+ − 1238 Error returned by MySQL: '.mysql_error()).'");';
+ − 1239 }
+ − 1240 }
+ − 1241
+ − 1242 /**
+ − 1243 * Updates comment data using the comment_id column instead of the old, messy way
+ − 1244 * @param $page_id the page ID
+ − 1245 * @param $namespace the namespace
+ − 1246 * @param $subject new subject
+ − 1247 * @param $text new text
+ − 1248 * @param $id the comment ID (primary key in enano_comments table)
+ − 1249 * @return string
+ − 1250 */
+ − 1251
+ − 1252 function savecomment_neater($page_id, $namespace, $subject, $text, $id)
+ − 1253 {
+ − 1254 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1255 if(!is_int($id)) die('PageUtils::savecomment: $id is not an integer, aborting for safety');
+ − 1256 if(!$session->get_permissions('edit_comments'))
+ − 1257 return 'Access denied';
+ − 1258 // Safety check - username/login
+ − 1259 if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
+ − 1260 {
+ − 1261 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1262 $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 1263 $s = $db->sql_query($q);
+ − 1264 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1265 $r = $db->fetchrow($s);
+ − 1266 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1267 $db->free_result();
+ − 1268 }
+ − 1269 $s = RenderMan::preprocess_text($subject);
+ − 1270 $t = RenderMan::preprocess_text($text);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1271 $sql = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 1272 $result = $db->sql_query($sql);
+ − 1273 if($result)
+ − 1274 return 'good';
+ − 1275 else return 'Enano encountered a problem whilst saving the comment.
+ − 1276 Performed SQL:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1277 ' . $sql . '
1
+ − 1278
+ − 1279 Error returned by MySQL: '.mysql_error();
+ − 1280 }
+ − 1281
+ − 1282 /**
+ − 1283 * Deletes a comment.
+ − 1284 * @param $page_id the page ID
+ − 1285 * @param $namespace the namespace
+ − 1286 * @param $name the name the user posted under
+ − 1287 * @param $subj the subject of the comment to be deleted
+ − 1288 * @param $text the text of the comment to be deleted
+ − 1289 * @param $id the javascript list ID, used internally by the client-side app
+ − 1290 * @return string
+ − 1291 */
+ − 1292
+ − 1293 function deletecomment($page_id, $namespace, $name, $subj, $text, $id)
+ − 1294 {
+ − 1295 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1296
+ − 1297 if(!$session->get_permissions('edit_comments'))
+ − 1298 return 'alert("Access to delete/edit comments is denied");';
+ − 1299
+ − 1300 if(!preg_match('#^([0-9]+)$#', (string)$id)) die('$_GET[id] is improperly formed.');
+ − 1301 $n = $db->escape($name);
+ − 1302 $s = $db->escape($subj);
+ − 1303 $t = $db->escape($text);
+ − 1304
+ − 1305 // Safety check - username/login
+ − 1306 if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
+ − 1307 {
+ − 1308 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1309 $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $t . '\' AND subject=\'' . $s . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 1310 $s = $db->sql_query($q);
+ − 1311 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1312 $r = $db->fetchrow($s);
+ − 1313 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1314 $db->free_result();
+ − 1315 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1316 $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;';
1
+ − 1317 $e=$db->sql_query($q);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1318 if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 1319 return('good');
+ − 1320 }
+ − 1321
+ − 1322 /**
+ − 1323 * Deletes a comment in a cleaner fashion.
+ − 1324 * @param $page_id the page ID
+ − 1325 * @param $namespace the namespace
+ − 1326 * @param $id the comment ID (primary key)
+ − 1327 * @return string
+ − 1328 */
+ − 1329
+ − 1330 function deletecomment_neater($page_id, $namespace, $id)
+ − 1331 {
+ − 1332 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1333
+ − 1334 if(!preg_match('#^([0-9]+)$#', (string)$id)) die('$_GET[id] is improperly formed.');
+ − 1335
+ − 1336 if(!$session->get_permissions('edit_comments'))
+ − 1337 return 'alert("Access to delete/edit comments is denied");';
+ − 1338
+ − 1339 // Safety check - username/login
+ − 1340 if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
+ − 1341 {
+ − 1342 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1343 $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 1344 $s = $db->sql_query($q);
+ − 1345 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1346 $r = $db->fetchrow($s);
+ − 1347 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1348 $db->free_result();
+ − 1349 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1350 $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id=' . $id . ' LIMIT 1;';
1
+ − 1351 $e=$db->sql_query($q);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1352 if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 1353 return('good');
+ − 1354 }
+ − 1355
+ − 1356 /**
+ − 1357 * Renames a page.
+ − 1358 * @param $page_id the page ID
+ − 1359 * @param $namespace the namespace
+ − 1360 * @param $name the new name for the page
+ − 1361 * @return string error string or success message
+ − 1362 */
+ − 1363
+ − 1364 function rename($page_id, $namespace, $name)
+ − 1365 {
+ − 1366 global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 1367 global $lang;
1
+ − 1368
+ − 1369 $pname = $paths->nslist[$namespace] . $page_id;
+ − 1370
+ − 1371 $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
+ − 1372 $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
+ − 1373
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1374 if( empty($name))
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1375 {
214
+ − 1376 return($lang->get('ajax_rename_too_short'));
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1377 }
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1378 if( ( $session->get_permissions('rename') && ( ( $prot && $session->get_permissions('even_when_protected') ) || !$prot ) ) && ( $paths->namespace != 'Special' && $paths->namespace != 'Admin' ))
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1379 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1380 $e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'rename\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $paths->namespace . '\', \'' . $db->escape($session->username) . '\', \'' . $db->escape($paths->cpage['name']) . '\')');
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1381 if ( !$e )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1382 {
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1383 $db->_die('The page title could not be updated.');
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1384 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1385 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET name=\'' . $db->escape($name) . '\' WHERE urlname=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';');
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1386 if ( !$e )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1387 {
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1388 $db->_die('The page title could not be updated.');
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1389 }
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1390 else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1391 {
214
+ − 1392 $subst = array(
+ − 1393 'page_name_old' => $paths->pages[$pname]['name'],
+ − 1394 'page_name_new' => $name
+ − 1395 );
+ − 1396 return $lang->get('ajax_rename_success', $subst);
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1397 }
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1398 }
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1399 else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1400 {
214
+ − 1401 return($lang->get('etc_access_denied'));
1
+ − 1402 }
+ − 1403 }
+ − 1404
+ − 1405 /**
+ − 1406 * Flushes (clears) the action logs for a given page
+ − 1407 * @param $page_id the page ID
+ − 1408 * @param $namespace the namespace
+ − 1409 * @return string error/success string
+ − 1410 */
+ − 1411
+ − 1412 function flushlogs($page_id, $namespace)
+ − 1413 {
+ − 1414 global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 1415 global $lang;
+ − 1416 if(!$session->get_permissions('clear_logs'))
+ − 1417 {
+ − 1418 return $lang->get('etc_access_denied');
+ − 1419 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1420 $e = $db->sql_query('DELETE FROM ' . table_prefix.'logs WHERE page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';');
1
+ − 1421 if(!$e) $db->_die('The log entries could not be deleted.');
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1422
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1423 // If the page exists, make a backup of it in case it gets spammed/vandalized
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1424 // If not, the admin's probably deleting a trash page
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1425 if ( isset($paths->pages[ $paths->nslist[$namespace] . $page_id ]) )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1426 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1427 $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1428 if(!$e) $db->_die('The current page text could not be selected; as a result, creating the backup of the page failed. Please make a backup copy of the page by clicking Edit this page and then clicking Save Changes.');
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1429 $row = $db->fetchrow();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1430 $db->free_result();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1431 $q='INSERT INTO ' . table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape($row['page_text']) . '\', \'' . $row['char_tag'] . '\', \'' . $session->username . '\', \''."Automatic backup created when logs were purged".'\', '.'false'.');';
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1432 if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1433 }
214
+ − 1434 return $lang->get('ajax_clearlogs_success');
1
+ − 1435 }
+ − 1436
+ − 1437 /**
+ − 1438 * Deletes a page.
28
+ − 1439 * @param string $page_id the condemned page ID
+ − 1440 * @param string $namespace the condemned namespace
+ − 1441 * @param string The reason for deleting the page in question
1
+ − 1442 * @return string
+ − 1443 */
+ − 1444
28
+ − 1445 function deletepage($page_id, $namespace, $reason)
1
+ − 1446 {
+ − 1447 global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 1448 global $lang;
1
+ − 1449 $perms = $session->fetch_page_acl($page_id, $namespace);
28
+ − 1450 $x = trim($reason);
+ − 1451 if ( empty($x) )
+ − 1452 {
214
+ − 1453 return $lang->get('ajax_delete_need_reason');
28
+ − 1454 }
+ − 1455 if(!$perms->get_permissions('delete_page')) return('Administrative privileges are required to delete pages, you loser.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1456 $e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'delete\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\')');
1
+ − 1457 if(!$e) $db->_die('The page log entry could not be inserted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1458 $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1459 if(!$e) $db->_die('The page categorization entries could not be deleted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1460 $e = $db->sql_query('DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1461 if(!$e) $db->_die('The page comments could not be deleted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1462 $e = $db->sql_query('DELETE FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1463 if(!$e) $db->_die('The page text entry could not be deleted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1464 $e = $db->sql_query('DELETE FROM ' . table_prefix.'pages WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1465 if(!$e) $db->_die('The page entry could not be deleted.');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1466 $e = $db->sql_query('DELETE FROM ' . table_prefix.'files WHERE page_id=\'' . $page_id . '\'');
1
+ − 1467 if(!$e) $db->_die('The file entry could not be deleted.');
214
+ − 1468 return $lang->get('ajax_delete_success');
1
+ − 1469 }
+ − 1470
+ − 1471 /**
+ − 1472 * Increments the deletion votes for a page by 1, and adds the current username/IP to the list of users that have voted for the page to prevent dual-voting
+ − 1473 * @param $page_id the page ID
+ − 1474 * @param $namespace the namespace
+ − 1475 * @return string
+ − 1476 */
+ − 1477
+ − 1478 function delvote($page_id, $namespace)
+ − 1479 {
+ − 1480 global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 1481 global $lang;
112
+ − 1482 if ( !$session->get_permissions('vote_delete') )
+ − 1483 {
214
+ − 1484 return $lang->get('etc_access_denied');
112
+ − 1485 }
+ − 1486
+ − 1487 if ( $namespace == 'Admin' || $namespace == 'Special' || $namespace == 'System' )
+ − 1488 {
+ − 1489 return 'Special pages and system messages can\'t be voted for deletion.';
+ − 1490 }
+ − 1491
+ − 1492 $pname = $paths->nslist[$namespace] . sanitize_page_id($page_id);
+ − 1493
+ − 1494 if ( !isset($paths->pages[$pname]) )
+ − 1495 {
+ − 1496 return 'The page does not exist.';
+ − 1497 }
+ − 1498
+ − 1499 $cv =& $paths->pages[$pname]['delvotes'];
+ − 1500 $ips = $paths->pages[$pname]['delvote_ips'];
+ − 1501
+ − 1502 if ( empty($ips) )
+ − 1503 {
+ − 1504 $ips = array(
+ − 1505 'ip' => array(),
+ − 1506 'u' => array()
+ − 1507 );
+ − 1508 }
+ − 1509 else
+ − 1510 {
+ − 1511 $ips = @unserialize($ips);
+ − 1512 if ( !$ips )
+ − 1513 {
+ − 1514 $ips = array(
+ − 1515 'ip' => array(),
+ − 1516 'u' => array()
+ − 1517 );
+ − 1518 }
+ − 1519 }
+ − 1520
+ − 1521 if ( in_array($session->username, $ips['u']) || in_array($_SERVER['REMOTE_ADDR'], $ips['ip']) )
+ − 1522 {
214
+ − 1523 return $lang->get('ajax_delvote_already_voted');
112
+ − 1524 }
+ − 1525
+ − 1526 $ips['u'][] = $session->username;
+ − 1527 $ips['ip'][] = $_SERVER['REMOTE_ADDR'];
+ − 1528 $ips = $db->escape( serialize($ips) );
+ − 1529
1
+ − 1530 $cv++;
112
+ − 1531
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1532 $q = 'UPDATE ' . table_prefix.'pages SET delvotes=' . $cv . ',delvote_ips=\'' . $ips . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 1533 $w = $db->sql_query($q);
112
+ − 1534
214
+ − 1535 return $lang->get('ajax_delvote_success');
1
+ − 1536 }
+ − 1537
+ − 1538 /**
+ − 1539 * Resets the number of votes against a page to 0.
+ − 1540 * @param $page_id the page ID
+ − 1541 * @param $namespace the namespace
+ − 1542 * @return string
+ − 1543 */
+ − 1544
+ − 1545 function resetdelvotes($page_id, $namespace)
+ − 1546 {
+ − 1547 global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 1548 global $lang;
+ − 1549 if(!$session->get_permissions('vote_reset'))
+ − 1550 {
+ − 1551 return $lang->get('etc_access_denied');
+ − 1552 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1553 $q = 'UPDATE ' . table_prefix.'pages SET delvotes=0,delvote_ips=\'' . $db->escape(serialize(array('ip'=>array(),'u'=>array()))) . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 1554 $e = $db->sql_query($q);
+ − 1555 if(!$e) $db->_die('The number of delete votes was not reset.');
214
+ − 1556 else
+ − 1557 {
+ − 1558 return $lang->get('ajax_delvote_reset_success');
+ − 1559 }
1
+ − 1560 }
+ − 1561
+ − 1562 /**
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1563 * Gets a list of styles for a given theme name. As of Banshee, this returns JSON.
1
+ − 1564 * @param $id the name of the directory for the theme
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1565 * @return string JSON string with an array containing a list of themes
1
+ − 1566 */
+ − 1567
+ − 1568 function getstyles()
+ − 1569 {
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1570 $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1571
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1572 if ( !preg_match('/^([a-z0-9_-]+)$/', $_GET['id']) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1573 return $json->encode(false);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1574
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1575 $dir = './themes/' . $_GET['id'] . '/css/';
1
+ − 1576 $list = Array();
+ − 1577 // Open a known directory, and proceed to read its contents
+ − 1578 if (is_dir($dir)) {
+ − 1579 if ($dh = opendir($dir)) {
+ − 1580 while (($file = readdir($dh)) !== false) {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1581 if ( preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css' ) // _printable.css should be included with every theme
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1582 { // it should be a copy of the original style, but
1
+ − 1583 // mostly black and white
+ − 1584 // Note to self: document this
+ − 1585 $list[] = substr($file, 0, strlen($file)-4);
+ − 1586 }
+ − 1587 }
+ − 1588 closedir($dh);
+ − 1589 }
+ − 1590 }
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1591 else
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1592 {
39
c83ff194977a
Changed animation on flying message boxes; bugfix for "Array" response in theme changer; added diff CSS to enano-shared; allowed spaces in username during install
Dan
diff
changeset
+ − 1593 return($json->encode(Array('mode' => 'error', 'error' => $dir.' is not a dir')));
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1594 }
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1595
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1596 return $json->encode($list);
1
+ − 1597 }
+ − 1598
+ − 1599 /**
+ − 1600 * Assembles a Javascript app with category information
+ − 1601 * @param $page_id the page ID
+ − 1602 * @param $namespace the namespace
+ − 1603 * @return string Javascript code
+ − 1604 */
+ − 1605
+ − 1606 function catedit($page_id, $namespace)
+ − 1607 {
+ − 1608 $d = PageUtils::catedit_raw($page_id, $namespace);
+ − 1609 return $d[0] . ' /* BEGIN CONTENT */ document.getElementById("ajaxEditContainer").innerHTML = unescape(\''.rawurlencode($d[1]).'\');';
+ − 1610 }
+ − 1611
+ − 1612 /**
+ − 1613 * Does the actual HTML/javascript generation for cat editing, but returns an array
+ − 1614 * @access private
+ − 1615 */
+ − 1616
+ − 1617 function catedit_raw($page_id, $namespace)
+ − 1618 {
+ − 1619 global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 1620 global $lang;
+ − 1621
1
+ − 1622 ob_start();
+ − 1623 $_ob = '';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1624 $e = $db->sql_query('SELECT category_id FROM ' . table_prefix.'categories WHERE page_id=\'' . $paths->cpage['urlname_nons'] . '\' AND namespace=\'' . $paths->namespace . '\'');
1
+ − 1625 if(!$e) jsdie('Error selecting category information for current page: '.mysql_error());
+ − 1626 $cat_current = Array();
+ − 1627 while($r = $db->fetchrow())
+ − 1628 {
+ − 1629 $cat_current[] = $r;
+ − 1630 }
+ − 1631 $db->free_result();
+ − 1632 $cat_all = Array();
+ − 1633 for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1634 {
+ − 1635 if($paths->pages[$i]['namespace']=='Category') $cat_all[] = $paths->pages[$i];
+ − 1636 }
+ − 1637
+ − 1638 // Make $cat_all an associative array, like $paths->pages
+ − 1639 $sz = sizeof($cat_all);
+ − 1640 for($i=0;$i<$sz;$i++)
+ − 1641 {
+ − 1642 $cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i];
+ − 1643 }
+ − 1644 // Now, the "zipper" function - join the list of categories with the list of cats that this page is a part of
+ − 1645 $cat_info = $cat_all;
+ − 1646 for($i=0;$i<sizeof($cat_current);$i++)
+ − 1647 {
+ − 1648 $un = $cat_current[$i]['category_id'];
+ − 1649 $cat_info[$un]['member'] = true;
+ − 1650 }
+ − 1651 // Now copy the information we just set into the numerically named keys
+ − 1652 for($i=0;$i<sizeof($cat_info)/2;$i++)
+ − 1653 {
+ − 1654 $un = $cat_info[$i]['urlname_nons'];
+ − 1655 $cat_info[$i] = $cat_info[$un];
+ − 1656 }
+ − 1657
+ − 1658 echo 'catlist = new Array();'; // Initialize the client-side category list
214
+ − 1659 $_ob .= '<h3>' . $lang->get('catedit_title') . '</h3>
1
+ − 1660 <form name="mdgCatForm" action="'.makeUrlNS($namespace, $page_id, 'do=catedit').'" method="post">';
+ − 1661 if ( sizeof($cat_info) < 1 )
+ − 1662 {
214
+ − 1663 $_ob .= '<p>' . $lang->get('catedit_no_categories') . '</p>';
1
+ − 1664 }
+ − 1665 for ( $i = 0; $i < sizeof($cat_info) / 2; $i++ )
+ − 1666 {
+ − 1667 // Protection code added 1/3/07
+ − 1668 // Updated 3/4/07
+ − 1669 $is_prot = false;
+ − 1670 $perms = $session->fetch_page_acl($cat_info[$i]['urlname_nons'], 'Category');
+ − 1671 if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
+ − 1672 ( $cat_info[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) )
+ − 1673 $is_prot = true;
+ − 1674 $prot = ( $is_prot ) ? ' disabled="disabled" ' : '';
+ − 1675 $prottext = ( $is_prot ) ? ' <img alt="(protected)" width="16" height="16" src="'.scriptPath.'/images/lock16.png" />' : '';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1676 echo 'catlist[' . $i . '] = \'' . $cat_info[$i]['urlname_nons'] . '\';';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1677 $_ob .= '<span class="catCheck"><input ' . $prot . ' name="' . $cat_info[$i]['urlname_nons'] . '" id="mdgCat_' . $cat_info[$i]['urlname_nons'] . '" type="checkbox"';
1
+ − 1678 if(isset($cat_info[$i]['member'])) $_ob .= ' checked="checked"';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1679 $_ob .= '/> <label for="mdgCat_' . $cat_info[$i]['urlname_nons'] . '">' . $cat_info[$i]['name'].$prottext.'</label></span><br />';
1
+ − 1680 }
+ − 1681
+ − 1682 $disabled = ( sizeof($cat_info) < 1 ) ? 'disabled="disabled"' : '';
+ − 1683
214
+ − 1684 $_ob .= '<div style="border-top: 1px solid #CCC; padding-top: 5px; margin-top: 10px;"><input name="__enanoSaveButton" ' . $disabled . ' style="font-weight: bold;" type="submit" onclick="ajaxCatSave(); return false;" value="' . $lang->get('etc_save_changes') . '" /> <input name="__enanoCatCancel" type="submit" onclick="ajaxReset(); return false;" value="' . $lang->get('etc_cancel') . '" /></div></form>';
1
+ − 1685
+ − 1686 $cont = ob_get_contents();
+ − 1687 ob_end_clean();
+ − 1688 return Array($cont, $_ob);
+ − 1689 }
+ − 1690
+ − 1691 /**
+ − 1692 * Saves category information
+ − 1693 * WARNING: If $which_cats is empty, all the category information for the selected page will be nuked!
+ − 1694 * @param $page_id string the page ID
+ − 1695 * @param $namespace string the namespace
+ − 1696 * @param $which_cats array associative array of categories to put the page in
+ − 1697 * @return string "GOOD" on success, error string on failure
+ − 1698 */
+ − 1699
+ − 1700 function catsave($page_id, $namespace, $which_cats)
+ − 1701 {
+ − 1702 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1703 if(!$session->get_permissions('edit_cat')) return('Insufficient privileges to change category information');
+ − 1704
+ − 1705 $page_perms = $session->fetch_page_acl($page_id, $namespace);
+ − 1706 $page_data =& $paths->pages[$paths->nslist[$namespace].$page_id];
+ − 1707
+ − 1708 $cat_all = Array();
+ − 1709 for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1710 {
+ − 1711 if($paths->pages[$i]['namespace']=='Category') $cat_all[] = $paths->pages[$i];
+ − 1712 }
+ − 1713
+ − 1714 // Make $cat_all an associative array, like $paths->pages
+ − 1715 $sz = sizeof($cat_all);
+ − 1716 for($i=0;$i<$sz;$i++)
+ − 1717 {
+ − 1718 $cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i];
+ − 1719 }
+ − 1720
+ − 1721 $rowlist = Array();
+ − 1722
+ − 1723 for($i=0;$i<sizeof($cat_all)/2;$i++)
+ − 1724 {
+ − 1725 $auth = true;
+ − 1726 $perms = $session->fetch_page_acl($cat_all[$i]['urlname_nons'], 'Category');
+ − 1727 if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
+ − 1728 ( $cat_all[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) ||
+ − 1729 ( !$page_perms->get_permissions('even_when_protected') && $page_data['protected'] == '1' ) )
+ − 1730 $auth = false;
+ − 1731 if(!$auth)
+ − 1732 {
+ − 1733 // Find out if the page is currently in the category
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1734 $q = $db->sql_query('SELECT * FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
+ − 1735 if(!$q)
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1736 return 'MySQL error: ' . $db->get_error();
1
+ − 1737 if($db->numrows() > 0)
+ − 1738 {
+ − 1739 $auth = true;
+ − 1740 $which_cats[$cat_all[$i]['urlname_nons']] = true; // Force the category to stay in its current state
+ − 1741 }
+ − 1742 $db->free_result();
+ − 1743 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1744 if(isset($which_cats[$cat_all[$i]['urlname_nons']]) && $which_cats[$cat_all[$i]['urlname_nons']] == true /* for clarity ;-) */ && $auth ) $rowlist[] = '(\'' . $page_id . '\', \'' . $namespace . '\', \'' . $cat_all[$i]['urlname_nons'] . '\')';
1
+ − 1745 }
+ − 1746 if(sizeof($rowlist) > 0)
+ − 1747 {
+ − 1748 $val = implode(',', $rowlist);
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1749 $q = 'INSERT INTO ' . table_prefix.'categories(page_id,namespace,category_id) VALUES' . $val . ';';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1750 $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
+ − 1751 if(!$e) $db->_die('The old category data could not be deleted.');
+ − 1752 $e = $db->sql_query($q);
+ − 1753 if(!$e) $db->_die('The new category data could not be inserted.');
+ − 1754 return('GOOD');
+ − 1755 }
+ − 1756 else
+ − 1757 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1758 $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
+ − 1759 if(!$e) $db->_die('The old category data could not be deleted.');
+ − 1760 return('GOOD');
+ − 1761 }
+ − 1762 }
+ − 1763
+ − 1764 /**
+ − 1765 * Sets the wiki mode level for a page.
+ − 1766 * @param $page_id string the page ID
+ − 1767 * @param $namespace string the namespace
+ − 1768 * @param $level int 0 for off, 1 for on, 2 for use global setting
+ − 1769 * @return string "GOOD" on success, error string on failure
+ − 1770 */
+ − 1771
+ − 1772 function setwikimode($page_id, $namespace, $level)
+ − 1773 {
+ − 1774 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1775 if(!$session->get_permissions('set_wiki_mode')) return('Insufficient access rights');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1776 if ( !isset($level) || ( isset($level) && !preg_match('#^([0-2]){1}$#', (string)$level) ) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1777 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1778 return('Invalid mode string');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1779 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1780 $q = $db->sql_query('UPDATE ' . table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1781 if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1782 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1783 return('Error during update query: '.mysql_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1784 }
1
+ − 1785 return('GOOD');
+ − 1786 }
+ − 1787
+ − 1788 /**
+ − 1789 * Sets the access password for a page.
+ − 1790 * @param $page_id string the page ID
+ − 1791 * @param $namespace string the namespace
+ − 1792 * @param $pass string the SHA1 hash of the password - if the password doesn't match the regex ^([0-9a-f]*){40,40}$ it will be sha1'ed
+ − 1793 * @return string
+ − 1794 */
+ − 1795
+ − 1796 function setpass($page_id, $namespace, $pass)
+ − 1797 {
+ − 1798 global $db, $session, $paths, $template, $plugins; // Common objects
214
+ − 1799 global $lang;
1
+ − 1800 // Determine permissions
+ − 1801 if($paths->pages[$paths->nslist[$namespace].$page_id]['password'] != '')
+ − 1802 $a = $session->get_permissions('password_reset');
+ − 1803 else
+ − 1804 $a = $session->get_permissions('password_set');
+ − 1805 if(!$a)
214
+ − 1806 return $lang->get('etc_access_denied');
1
+ − 1807 if(!isset($pass)) return('Password was not set on URL');
+ − 1808 $p = $pass;
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1809 if ( !preg_match('#([0-9a-f]){40,40}#', $p) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1810 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1811 $p = sha1($p);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1812 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1813 if ( $p == 'da39a3ee5e6b4b0d3255bfef95601890afd80709' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1814 // sha1('') = da39a3ee5e6b4b0d3255bfef95601890afd80709
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1815 $p = '';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1816 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET password=\'' . $p . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1817 if ( !$e )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1818 {
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1819 die('PageUtils::setpass(): Error during update query: '.mysql_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1820 }
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1821 // Is the new password blank?
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1822 if ( $p == '' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1823 {
214
+ − 1824 return $lang->get('ajax_password_disable_success');
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1825 }
214
+ − 1826 else
+ − 1827 {
+ − 1828 return $lang->get('ajax_password_success');
+ − 1829 }
1
+ − 1830 }
+ − 1831
+ − 1832 /**
+ − 1833 * Generates some preview HTML
+ − 1834 * @param $text string the wikitext to use
+ − 1835 * @return string
+ − 1836 */
+ − 1837
+ − 1838 function genPreview($text)
+ − 1839 {
214
+ − 1840 global $lang;
+ − 1841 $ret = '<div class="info-box">' . $lang->get('editor_preview_blurb') . '</div><div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: 250px; overflow: auto; margin: 1em 0 1em 1em;">';
102
+ − 1842 $text = RenderMan::render(RenderMan::preprocess_text($text, false, false));
+ − 1843 ob_start();
+ − 1844 eval('?>' . $text);
+ − 1845 $text = ob_get_contents();
+ − 1846 ob_end_clean();
+ − 1847 $ret .= $text;
+ − 1848 $ret .= '</div>';
+ − 1849 return $ret;
1
+ − 1850 }
+ − 1851
+ − 1852 /**
+ − 1853 * Makes a scrollable box
+ − 1854 * @param string $text the inner HTML
+ − 1855 * @param int $height Optional - the maximum height. Defaults to 250.
+ − 1856 * @return string
+ − 1857 */
+ − 1858
+ − 1859 function scrollBox($text, $height = 250)
+ − 1860 {
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1861 return '<div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: '.(string)intval($height).'px; overflow: auto; margin: 1em 0 1em 1em;">' . $text . '</div>';
1
+ − 1862 }
+ − 1863
+ − 1864 /**
+ − 1865 * Generates a diff summary between two page revisions.
+ − 1866 * @param $page_id the page ID
+ − 1867 * @param $namespace the namespace
+ − 1868 * @param $id1 the time ID of the first revision
+ − 1869 * @param $id2 the time ID of the second revision
+ − 1870 * @return string XHTML-formatted diff
+ − 1871 */
+ − 1872
+ − 1873 function pagediff($page_id, $namespace, $id1, $id2)
+ − 1874 {
+ − 1875 global $db, $session, $paths, $template, $plugins; // Common objects
213
+ − 1876 global $lang;
1
+ − 1877 if(!$session->get_permissions('history_view'))
214
+ − 1878 return $lang->get('etc_access_denied');
1
+ − 1879 if(!preg_match('#^([0-9]+)$#', (string)$id1) ||
+ − 1880 !preg_match('#^([0-9]+)$#', (string)$id2 )) return 'SQL injection attempt';
+ − 1881 // OK we made it through security
+ − 1882 // Safest way to make sure we don't end up with the revisions in wrong columns is to make 2 queries
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1883 if(!$q1 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id1 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: '.mysql_error();
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1884 if(!$q2 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id2 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: '.mysql_error();
1
+ − 1885 $row1 = $db->fetchrow($q1);
+ − 1886 $db->free_result($q1);
+ − 1887 $row2 = $db->fetchrow($q2);
+ − 1888 $db->free_result($q2);
+ − 1889 if(sizeof($row1) < 1 || sizeof($row2) < 2) return 'Couldn\'t find any rows that matched the query. The time ID probably doesn\'t exist in the logs table.';
+ − 1890 $text1 = $row1['page_text'];
+ − 1891 $text2 = $row2['page_text'];
+ − 1892 $time1 = date('F d, Y h:i a', $id1);
+ − 1893 $time2 = date('F d, Y h:i a', $id2);
+ − 1894 $_ob = "
213
+ − 1895 <p>" . $lang->get('history_lbl_comparingrevisions') . " {$time1} → {$time2}</p>
1
+ − 1896 ";
+ − 1897 // Free some memory
+ − 1898 unset($row1, $row2, $q1, $q2);
+ − 1899
+ − 1900 $_ob .= RenderMan::diff($text1, $text2);
+ − 1901 return $_ob;
+ − 1902 }
+ − 1903
+ − 1904 /**
+ − 1905 * Gets ACL information about the selected page for target type X and target ID Y.
+ − 1906 * @param array $parms What to select. This is an array purely for JSON compatibility. It should be an associative array with keys target_type and target_id.
+ − 1907 * @return array
+ − 1908 */
+ − 1909
+ − 1910 function acl_editor($parms = Array())
+ − 1911 {
+ − 1912 global $db, $session, $paths, $template, $plugins; // Common objects
218
+ − 1913 global $lang;
+ − 1914
1
+ − 1915 if(!$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN)
40
+ − 1916 {
+ − 1917 return Array(
+ − 1918 'mode' => 'error',
218
+ − 1919 'error' => $lang->get('acl_err_access_denied')
40
+ − 1920 );
+ − 1921 }
1
+ − 1922 $parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false;
+ − 1923 $parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false;
+ − 1924 $page_id =& $parms['page_id'];
+ − 1925 $namespace =& $parms['namespace'];
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1926 $page_where_clause = ( empty($page_id) || empty($namespace) ) ? 'AND a.page_id IS NULL AND a.namespace IS NULL' : 'AND a.page_id=\'' . $db->escape($page_id) . '\' AND a.namespace=\'' . $db->escape($namespace) . '\'';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1927 $page_where_clause_lite = ( empty($page_id) || empty($namespace) ) ? 'AND page_id IS NULL AND namespace IS NULL' : 'AND page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\'';
1
+ − 1928 //die(print_r($page_id,true));
+ − 1929 $template->load_theme();
+ − 1930 // $perms_obj = $session->fetch_page_acl($page_id, $namespace);
+ − 1931 $perms_obj =& $session;
+ − 1932 $return = Array();
+ − 1933 if ( !file_exists(ENANO_ROOT . '/themes/' . $session->theme . '/acledit.tpl') )
+ − 1934 {
+ − 1935 return Array(
+ − 1936 'mode' => 'error',
218
+ − 1937 'error' => $lang->get('acl_err_missing_template'),
1
+ − 1938 );
+ − 1939 }
+ − 1940 $return['template'] = $template->extract_vars('acledit.tpl');
+ − 1941 $return['page_id'] = $page_id;
+ − 1942 $return['namespace'] = $namespace;
+ − 1943 if(isset($parms['mode']))
+ − 1944 {
+ − 1945 switch($parms['mode'])
+ − 1946 {
+ − 1947 case 'listgroups':
+ − 1948 $return['groups'] = Array();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1949 $q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups ORDER BY group_name ASC;');
1
+ − 1950 while($row = $db->fetchrow())
+ − 1951 {
+ − 1952 $return['groups'][] = Array(
+ − 1953 'id' => $row['group_id'],
+ − 1954 'name' => $row['group_name'],
+ − 1955 );
+ − 1956 }
+ − 1957 $db->free_result();
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1958 $return['page_groups'] = Array();
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1959 $q = $db->sql_query('SELECT pg_id,pg_name FROM ' . table_prefix.'page_groups ORDER BY pg_name ASC;');
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1960 if ( !$q )
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1961 return Array(
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1962 'mode' => 'error',
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1963 'error' => $db->get_error()
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1964 );
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1965 while ( $row = $db->fetchrow() )
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1966 {
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1967 $return['page_groups'][] = Array(
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1968 'id' => $row['pg_id'],
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1969 'name' => $row['pg_name']
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1970 );
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1971 }
1
+ − 1972 break;
+ − 1973 case 'seltarget':
+ − 1974 $return['mode'] = 'seltarget';
+ − 1975 $return['acl_types'] = $perms_obj->acl_types;
+ − 1976 $return['acl_deps'] = $perms_obj->acl_deps;
+ − 1977 $return['acl_descs'] = $perms_obj->acl_descs;
+ − 1978 $return['target_type'] = $parms['target_type'];
+ − 1979 $return['target_id'] = $parms['target_id'];
+ − 1980 switch($parms['target_type'])
+ − 1981 {
+ − 1982 case ACL_TYPE_USER:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1983 $q = $db->sql_query('SELECT a.rules,u.user_id FROM ' . table_prefix.'users AS u
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1984 LEFT JOIN ' . table_prefix.'acl AS a
1
+ − 1985 ON a.target_id=u.user_id
+ − 1986 WHERE a.target_type='.ACL_TYPE_USER.'
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1987 AND u.username=\'' . $db->escape($parms['target_id']) . '\'
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1988 ' . $page_where_clause . ';');
1
+ − 1989 if(!$q)
+ − 1990 return(Array('mode'=>'error','error'=>mysql_error()));
+ − 1991 if($db->numrows() < 1)
+ − 1992 {
+ − 1993 $return['type'] = 'new';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1994 $q = $db->sql_query('SELECT user_id FROM ' . table_prefix.'users WHERE username=\'' . $db->escape($parms['target_id']) . '\';');
1
+ − 1995 if(!$q)
+ − 1996 return(Array('mode'=>'error','error'=>mysql_error()));
+ − 1997 if($db->numrows() < 1)
218
+ − 1998 return Array('mode'=>'error','error'=>$lang->get('acl_err_user_not_found'));
1
+ − 1999 $row = $db->fetchrow();
+ − 2000 $return['target_name'] = $return['target_id'];
+ − 2001 $return['target_id'] = intval($row['user_id']);
+ − 2002 $return['current_perms'] = $session->acl_types;
+ − 2003 }
+ − 2004 else
+ − 2005 {
+ − 2006 $return['type'] = 'edit';
+ − 2007 $row = $db->fetchrow();
+ − 2008 $return['target_name'] = $return['target_id'];
+ − 2009 $return['target_id'] = intval($row['user_id']);
+ − 2010 $return['current_perms'] = $session->acl_merge($perms_obj->acl_types, $session->string_to_perm($row['rules']));
+ − 2011 }
+ − 2012 $db->free_result();
+ − 2013 // Eliminate types that don't apply to this namespace
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 2014 if ( $namespace && $namespace != '__PageGroup' )
1
+ − 2015 {
+ − 2016 foreach ( $return['current_perms'] AS $i => $perm )
+ − 2017 {
+ − 2018 if ( ( $page_id != null && $namespace != null ) && ( !in_array ( $namespace, $session->acl_scope[$i] ) && !in_array('All', $session->acl_scope[$i]) ) )
+ − 2019 {
+ − 2020 // echo "// SCOPE CONTROL: eliminating: $i\n";
+ − 2021 unset($return['current_perms'][$i]);
+ − 2022 unset($return['acl_types'][$i]);
+ − 2023 unset($return['acl_descs'][$i]);
+ − 2024 unset($return['acl_deps'][$i]);
+ − 2025 }
+ − 2026 }
+ − 2027 }
+ − 2028 break;
+ − 2029 case ACL_TYPE_GROUP:
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2030 $q = $db->sql_query('SELECT a.rules,g.group_name,g.group_id FROM ' . table_prefix.'groups AS g
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2031 LEFT JOIN ' . table_prefix.'acl AS a
1
+ − 2032 ON a.target_id=g.group_id
+ − 2033 WHERE a.target_type='.ACL_TYPE_GROUP.'
+ − 2034 AND g.group_id=\''.intval($parms['target_id']).'\'
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2035 ' . $page_where_clause . ';');
1
+ − 2036 if(!$q)
+ − 2037 return(Array('mode'=>'error','error'=>mysql_error()));
+ − 2038 if($db->numrows() < 1)
+ − 2039 {
+ − 2040 $return['type'] = 'new';
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2041 $q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups WHERE group_id=\''.intval($parms['target_id']).'\';');
1
+ − 2042 if(!$q)
+ − 2043 return(Array('mode'=>'error','error'=>mysql_error()));
+ − 2044 if($db->numrows() < 1)
218
+ − 2045 return Array('mode'=>'error','error'=>$lang->get('acl_err_bad_group_id'));
1
+ − 2046 $row = $db->fetchrow();
+ − 2047 $return['target_name'] = $row['group_name'];
+ − 2048 $return['target_id'] = intval($row['group_id']);
+ − 2049 $return['current_perms'] = $session->acl_types;
+ − 2050 }
+ − 2051 else
+ − 2052 {
+ − 2053 $return['type'] = 'edit';
+ − 2054 $row = $db->fetchrow();
+ − 2055 $return['target_name'] = $row['group_name'];
+ − 2056 $return['target_id'] = intval($row['group_id']);
+ − 2057 $return['current_perms'] = $session->acl_merge($session->acl_types, $session->string_to_perm($row['rules']));
+ − 2058 }
+ − 2059 $db->free_result();
+ − 2060 // Eliminate types that don't apply to this namespace
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 2061 if ( $namespace && $namespace != '__PageGroup' )
1
+ − 2062 {
+ − 2063 foreach ( $return['current_perms'] AS $i => $perm )
+ − 2064 {
+ − 2065 if ( ( $page_id != false && $namespace != false ) && ( !in_array ( $namespace, $session->acl_scope[$i] ) && !in_array('All', $session->acl_scope[$i]) ) )
+ − 2066 {
+ − 2067 // echo "// SCOPE CONTROL: eliminating: $i\n"; //; ".print_r($namespace,true).":".print_r($page_id,true)."\n";
+ − 2068 unset($return['current_perms'][$i]);
+ − 2069 unset($return['acl_types'][$i]);
+ − 2070 unset($return['acl_descs'][$i]);
+ − 2071 unset($return['acl_deps'][$i]);
+ − 2072 }
+ − 2073 }
+ − 2074 }
+ − 2075 //return Array('mode'=>'debug','text'=>print_r($return, true));
+ − 2076 break;
+ − 2077 default:
+ − 2078 return Array('mode'=>'error','error','Invalid ACL type ID');
+ − 2079 break;
+ − 2080 }
+ − 2081 return $return;
+ − 2082 break;
+ − 2083 case 'save_new':
+ − 2084 case 'save_edit':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2085 if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2086 {
218
+ − 2087 return Array('mode'=>'error','error'=>$lang->get('acl_err_demo'));
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2088 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2089 $q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2090 ' . $page_where_clause_lite . ';');
1
+ − 2091 if(!$q)
+ − 2092 return Array('mode'=>'error','error'=>mysql_error());
+ − 2093 $rules = $session->perm_to_string($parms['perms']);
+ − 2094 if ( sizeof ( $rules ) < 1 )
+ − 2095 {
+ − 2096 return array(
+ − 2097 'mode' => 'error',
218
+ − 2098 'error' => $lang->get('acl_err_zero_list')
1
+ − 2099 );
+ − 2100 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2101 $q = ($page_id && $namespace) ? 'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, page_id, namespace, rules )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2102 VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($page_id) . '\', \'' . $db->escape($namespace) . '\', \'' . $db->escape($rules) . '\' )' :
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2103 'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, rules )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2104 VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($rules) . '\' )';
1
+ − 2105 if(!$db->sql_query($q)) return Array('mode'=>'error','error'=>mysql_error());
+ − 2106 return Array(
+ − 2107 'mode' => 'success',
+ − 2108 'target_type' => $parms['target_type'],
+ − 2109 'target_id' => $parms['target_id'],
+ − 2110 'target_name' => $parms['target_name'],
+ − 2111 'page_id' => $page_id,
+ − 2112 'namespace' => $namespace,
+ − 2113 );
+ − 2114 break;
+ − 2115 case 'delete':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2116 if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2117 {
218
+ − 2118 return Array('mode'=>'error','error'=>$lang->get('acl_err_demo'));
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2119 }
194
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2120 $q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2121 ' . $page_where_clause_lite . ';');
1
+ − 2122 if(!$q)
+ − 2123 return Array('mode'=>'error','error'=>mysql_error());
+ − 2124 return Array(
+ − 2125 'mode' => 'delete',
+ − 2126 'target_type' => $parms['target_type'],
+ − 2127 'target_id' => $parms['target_id'],
+ − 2128 'target_name' => $parms['target_name'],
+ − 2129 'page_id' => $page_id,
+ − 2130 'namespace' => $namespace,
+ − 2131 );
+ − 2132 break;
+ − 2133 default:
+ − 2134 return Array('mode'=>'error','error'=>'Hacking attempt');
+ − 2135 break;
+ − 2136 }
+ − 2137 }
+ − 2138 return $return;
+ − 2139 }
+ − 2140
+ − 2141 /**
+ − 2142 * Same as PageUtils::acl_editor(), but the parms are a JSON string instead of an array. This also returns a JSON string.
+ − 2143 * @param string $parms Same as PageUtils::acl_editor/$parms, but should be a valid JSON string.
+ − 2144 * @return string
+ − 2145 */
+ − 2146
+ − 2147 function acl_json($parms = '{ }')
+ − 2148 {
+ − 2149 global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2150 $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 2151 $parms = $json->decode($parms);
+ − 2152 $ret = PageUtils::acl_editor($parms);
+ − 2153 $ret = $json->encode($ret);
+ − 2154 return $ret;
+ − 2155 }
+ − 2156
+ − 2157 /**
+ − 2158 * A non-Javascript frontend for the ACL API.
+ − 2159 * @param array The request data, if any, this should be in the format required by PageUtils::acl_editor()
+ − 2160 */
+ − 2161
+ − 2162 function aclmanager($parms)
+ − 2163 {
+ − 2164 global $db, $session, $paths, $template, $plugins; // Common objects
219
+ − 2165 global $lang;
1
+ − 2166 ob_start();
+ − 2167 // Convenience
+ − 2168 $formstart = '<form
+ − 2169 action="' . makeUrl($paths->page, 'do=aclmanager', true) . '"
+ − 2170 method="post" enctype="multipart/form-data"
+ − 2171 onsubmit="if(!submitAuthorized) return false;"
+ − 2172 >';
+ − 2173 $formend = '</form>';
+ − 2174 $parms = PageUtils::acl_preprocess($parms);
+ − 2175 $response = PageUtils::acl_editor($parms);
+ − 2176 $response = PageUtils::acl_postprocess($response);
+ − 2177
+ − 2178 //die('<pre>' . htmlspecialchars(print_r($response, true)) . '</pre>');
+ − 2179
+ − 2180 switch($response['mode'])
+ − 2181 {
+ − 2182 case 'debug':
+ − 2183 echo '<pre>' . htmlspecialchars($response['text']) . '</pre>';
+ − 2184 break;
+ − 2185 case 'stage1':
219
+ − 2186 echo '<h3>' . $lang->get('acl_lbl_welcome_title') . '</h3>
+ − 2187 <p>' . $lang->get('acl_lbl_welcome_body') . '</p>';
1
+ − 2188 echo $formstart;
219
+ − 2189 echo '<p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_GROUP . '" checked="checked" /> ' . $lang->get('acl_radio_usergroup') . '</label></p>
1
+ − 2190 <p><select name="data[target_id_grp]">';
+ − 2191 foreach ( $response['groups'] as $group )
+ − 2192 {
+ − 2193 echo '<option value="' . $group['id'] . '">' . $group['name'] . '</option>';
+ − 2194 }
219
+ − 2195
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2196 // page group selector
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2197 $groupsel = '';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2198 if ( count($response['page_groups']) > 0 )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2199 {
219
+ − 2200 $groupsel = '<p><label><input type="radio" name="data[scope]" value="page_group" /> ' . $lang->get('acl_radio_scope_pagegroup') . '</label></p>
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2201 <p><select name="data[pg_id]">';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2202 foreach ( $response['page_groups'] as $grp )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2203 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2204 $groupsel .= '<option value="' . $grp['id'] . '">' . htmlspecialchars($grp['name']) . '</option>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2205 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2206 $groupsel .= '</select></p>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2207 }
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2208
1
+ − 2209 echo '</select></p>
219
+ − 2210 <p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_USER . '" /> ' . $lang->get('acl_radio_user') . '</label></p>
1
+ − 2211 <p>' . $template->username_field('data[target_id_user]') . '</p>
219
+ − 2212 <p>' . $lang->get('acl_lbl_scope') . '</p>
+ − 2213 <p><label><input name="data[scope]" value="only_this" type="radio" checked="checked" /> ' . $lang->get('acl_radio_scope_thispage') . '</p>
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2214 ' . $groupsel . '
219
+ − 2215 <p><label><input name="data[scope]" value="entire_site" type="radio" /> ' . $lang->get('acl_radio_scope_wholesite') . '</p>
1
+ − 2216 <div style="margin: 0 auto 0 0; text-align: right;">
+ − 2217 <input name="data[mode]" value="seltarget" type="hidden" />
+ − 2218 <input type="hidden" name="data[page_id]" value="' . $paths->cpage['urlname_nons'] . '" />
+ − 2219 <input type="hidden" name="data[namespace]" value="' . $paths->namespace . '" />
219
+ − 2220 <input type="submit" value="' . htmlspecialchars($lang->get('etc_wizard_next')) . '" />
1
+ − 2221 </div>';
+ − 2222 echo $formend;
+ − 2223 break;
+ − 2224 case 'success':
+ − 2225 echo '<div class="info-box">
219
+ − 2226 <b>' . $lang->get('acl_lbl_save_success_title') . '</b><br />
+ − 2227 ' . $lang->get('acl_lbl_save_success_body', array( 'target_name' => $response['target_name'] )) . '<br />
1
+ − 2228 ' . $formstart . '
+ − 2229 <input type="hidden" name="data[mode]" value="seltarget" />
+ − 2230 <input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2231 <input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2232 <input type="hidden" name="data[target_id_grp]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2233 <input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
+ − 2234 <input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
+ − 2235 <input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
219
+ − 2236 <input type="submit" value="' . $lang->get('acl_btn_returnto_editor') . '" /> <input type="submit" name="data[act_go_stage1]" value="' . $lang->get('acl_btn_returnto_userscope') . '" />
1
+ − 2237 ' . $formend . '
+ − 2238 </div>';
+ − 2239 break;
+ − 2240 case 'delete':
+ − 2241 echo '<div class="info-box">
219
+ − 2242 <b>' . $lang->get('acl_lbl_delete_success_title') . '</b><br />
+ − 2243 ' . $lang->get('acl_lbl_delete_success_body', array('target_name' => $response['target_name'])) . '<br />
1
+ − 2244 ' . $formstart . '
+ − 2245 <input type="hidden" name="data[mode]" value="seltarget" />
+ − 2246 <input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2247 <input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2248 <input type="hidden" name="data[target_id_grp]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2249 <input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
+ − 2250 <input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
+ − 2251 <input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
219
+ − 2252 <input type="submit" value="' . $lang->get('acl_btn_returnto_editor') . '" /> <input type="submit" name="data[act_go_stage1]" value="' . $lang->get('acl_btn_returnto_userscope') . '" />
1
+ − 2253 ' . $formend . '
+ − 2254 </div>';
+ − 2255 break;
+ − 2256 case 'seltarget':
+ − 2257 if ( $response['type'] == 'edit' )
+ − 2258 {
219
+ − 2259 echo '<h3>' . $lang->get('acl_lbl_editwin_title_edit') . '</h3>';
1
+ − 2260 }
+ − 2261 else
+ − 2262 {
219
+ − 2263 echo '<h3>' . $lang->get('acl_lbl_editwin_title_create') . '</h3>';
1
+ − 2264 }
219
+ − 2265 $type = ( $response['target_type'] == ACL_TYPE_GROUP ) ? $lang->get('acl_target_type_group') : $lang->get('acl_target_type_user');
+ − 2266 $scope = ( $response['page_id'] ) ? ( $response['namespace'] == '__PageGroup' ? $lang->get('acl_scope_type_pagegroup') : $lang->get('acl_scope_type_thispage') ) : $lang->get('acl_scope_type_wholesite');
+ − 2267 $subs = array(
+ − 2268 'target_type' => $type,
+ − 2269 'target' => $response['target_name'],
+ − 2270 'scope_type' => $scope
+ − 2271 );
+ − 2272 echo $lang->get('acl_lbl_editwin_body', $subs);
1
+ − 2273 echo $formstart;
+ − 2274 $parser = $template->makeParserText( $response['template']['acl_field_begin'] );
+ − 2275 echo $parser->run();
+ − 2276 $parser = $template->makeParserText( $response['template']['acl_field_item'] );
+ − 2277 $cls = 'row2';
+ − 2278 foreach ( $response['acl_types'] as $acl_type => $value )
+ − 2279 {
+ − 2280 $vars = Array(
+ − 2281 'FIELD_DENY_CHECKED' => '',
+ − 2282 'FIELD_DISALLOW_CHECKED' => '',
+ − 2283 'FIELD_WIKIMODE_CHECKED' => '',
+ − 2284 'FIELD_ALLOW_CHECKED' => '',
+ − 2285 );
+ − 2286 $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2287 $vars['ROW_CLASS'] = $cls;
+ − 2288
+ − 2289 switch ( $response['current_perms'][$acl_type] )
+ − 2290 {
+ − 2291 case AUTH_ALLOW:
+ − 2292 $vars['FIELD_ALLOW_CHECKED'] = 'checked="checked"';
+ − 2293 break;
+ − 2294 case AUTH_WIKIMODE:
+ − 2295 $vars['FIELD_WIKIMODE_CHECKED'] = 'checked="checked"';
+ − 2296 break;
+ − 2297 case AUTH_DISALLOW:
+ − 2298 default:
+ − 2299 $vars['FIELD_DISALLOW_CHECKED'] = 'checked="checked"';
+ − 2300 break;
+ − 2301 case AUTH_DENY:
+ − 2302 $vars['FIELD_DENY_CHECKED'] = 'checked="checked"';
+ − 2303 break;
+ − 2304 }
+ − 2305 $vars['FIELD_NAME'] = 'data[perms][' . $acl_type . ']';
219
+ − 2306 if ( preg_match('/^([a-z0-9_]+)$/', $response['acl_descs'][$acl_type]) )
+ − 2307 {
+ − 2308 $vars['FIELD_DESC'] = $lang->get($response['acl_descs'][$acl_type]);
+ − 2309 }
+ − 2310 else
+ − 2311 {
+ − 2312 $vars['FIELD_DESC'] = $response['acl_descs'][$acl_type];
+ − 2313 }
1
+ − 2314 $parser->assign_vars($vars);
+ − 2315 echo $parser->run();
+ − 2316 }
+ − 2317 $parser = $template->makeParserText( $response['template']['acl_field_end'] );
+ − 2318 echo $parser->run();
+ − 2319 echo '<div style="margin: 10px auto 0 0; text-align: right;">
+ − 2320 <input name="data[mode]" value="save_' . $response['type'] . '" type="hidden" />
+ − 2321 <input type="hidden" name="data[page_id]" value="' . (( $response['page_id'] ) ? $response['page_id'] : 'false') . '" />
+ − 2322 <input type="hidden" name="data[namespace]" value="' . (( $response['namespace'] ) ? $response['namespace'] : 'false') . '" />
+ − 2323 <input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2324 <input type="hidden" name="data[target_id]" value="' . $response['target_id'] . '" />
+ − 2325 <input type="hidden" name="data[target_name]" value="' . $response['target_name'] . '" />
219
+ − 2326 ' . ( ( $response['type'] == 'edit' ) ? '<input type="submit" value="' . $lang->get('etc_save_changes') . '" /> <input type="submit" name="data[act_delete_rule]" value="' . $lang->get('acl_btn_deleterule') . '" style="color: #AA0000;" onclick="return confirm(\'' . addslashes($lang->get('acl_msg_deleterule_confirm')) . '\');" />' : '<input type="submit" value="' . $lang->get('acl_btn_createrule') . '" />' ) . '
1
+ − 2327 </div>';
+ − 2328 echo $formend;
+ − 2329 break;
+ − 2330 case 'error':
+ − 2331 ob_end_clean();
+ − 2332 die_friendly('Error occurred', '<p>Error returned by permissions API:</p><pre>' . htmlspecialchars($response['error']) . '</pre>');
+ − 2333 break;
+ − 2334 }
+ − 2335 $ret = ob_get_contents();
+ − 2336 ob_end_clean();
+ − 2337 echo
+ − 2338 $template->getHeader() .
+ − 2339 $ret .
+ − 2340 $template->getFooter();
+ − 2341 }
+ − 2342
+ − 2343 /**
+ − 2344 * Preprocessor to turn the form-submitted data from the ACL editor into something the backend can handle
+ − 2345 * @param array The posted data
+ − 2346 * @return array
+ − 2347 * @access private
+ − 2348 */
+ − 2349
+ − 2350 function acl_preprocess($parms)
+ − 2351 {
+ − 2352 if ( !isset($parms['mode']) )
+ − 2353 // Nothing to do
+ − 2354 return $parms;
+ − 2355 switch ( $parms['mode'] )
+ − 2356 {
+ − 2357 case 'seltarget':
+ − 2358
+ − 2359 // Who's affected?
+ − 2360 $parms['target_type'] = intval( $parms['target_type'] );
+ − 2361 $parms['target_id'] = ( $parms['target_type'] == ACL_TYPE_GROUP ) ? $parms['target_id_grp'] : $parms['target_id_user'];
+ − 2362
+ − 2363 case 'save_edit':
+ − 2364 case 'save_new':
+ − 2365 if ( isset($parms['act_delete_rule']) )
+ − 2366 {
+ − 2367 $parms['mode'] = 'delete';
+ − 2368 }
+ − 2369
+ − 2370 // Scope (just this page or entire site?)
+ − 2371 if ( $parms['scope'] == 'entire_site' || ( $parms['page_id'] == 'false' && $parms['namespace'] == 'false' ) )
+ − 2372 {
+ − 2373 $parms['page_id'] = false;
+ − 2374 $parms['namespace'] = false;
+ − 2375 }
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2376 else if ( $parms['scope'] == 'page_group' )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2377 {
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2378 $parms['page_id'] = $parms['pg_id'];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2379 $parms['namespace'] = '__PageGroup';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2380 }
1
+ − 2381
+ − 2382 break;
+ − 2383 }
+ − 2384
+ − 2385 if ( isset($parms['act_go_stage1']) )
+ − 2386 {
+ − 2387 $parms = array(
+ − 2388 'mode' => 'listgroups'
+ − 2389 );
+ − 2390 }
+ − 2391
+ − 2392 return $parms;
+ − 2393 }
+ − 2394
+ − 2395 function acl_postprocess($response)
+ − 2396 {
+ − 2397 if(!isset($response['mode']))
+ − 2398 {
+ − 2399 if ( isset($response['groups']) )
+ − 2400 $response['mode'] = 'stage1';
+ − 2401 else
+ − 2402 $response = Array(
+ − 2403 'mode' => 'error',
+ − 2404 'error' => 'Invalid action passed by API backend.',
+ − 2405 );
+ − 2406 }
+ − 2407 return $response;
+ − 2408 }
+ − 2409
+ − 2410 }
+ − 2411
+ − 2412 ?>