1
+ − 1
<?php
166
+ − 2
1
+ − 3
/*
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
166
+ − 5
* Version 1.1.1
1
+ − 6
* Copyright (C) 2006-2007 Dan Fuhry
+ − 7
* pageutils.php - a class that handles raw page manipulations, used mostly by AJAX requests or their old-fashioned form-based counterparts
+ − 8
*
+ − 9
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 10
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 11
*
+ − 12
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 13
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 14
*/
+ − 15
+ − 16
class PageUtils {
+ − 17
+ − 18
/**
+ − 19
* List possible username completions
+ − 20
* @param $name the name to check for
+ − 21
* @return array
+ − 22
*/
+ − 23
+ − 24
function checkusername($name)
+ − 25
{
+ − 26
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 27
$q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE username=\''.$db->escape(rawurldecode($name)).'\'');
+ − 28
if(!$q) die(mysql_error());
+ − 29
if($db->numrows() < 1) { $db->free_result(); return('good'); }
+ − 30
else { $db->free_result(); return('bad'); }
+ − 31
}
+ − 32
+ − 33
/**
+ − 34
* Get the wiki formatting source for a page
+ − 35
* @param $page the full page id (Namespace:Pagename)
+ − 36
* @return string
+ − 37
* @todo (DONE) Make it require a password (just for security purposes)
+ − 38
*/
+ − 39
+ − 40
function getsource($page, $password = false)
+ − 41
{
+ − 42
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 43
if(!isset($paths->pages[$page]))
+ − 44
{
+ − 45
return '';
+ − 46
}
+ − 47
+ − 48
if(strlen($paths->pages[$page]['password']) == 40)
+ − 49
{
+ − 50
if(!$password || ( $password != $paths->pages[$page]['password']))
+ − 51
{
+ − 52
return 'invalid_password';
+ − 53
}
+ − 54
}
+ − 55
+ − 56
if(!$session->get_permissions('view_source')) // Dependencies handle this for us - this also checks for read privileges
+ − 57
return 'access_denied';
+ − 58
$pid = RenderMan::strToPageID($page);
+ − 59
if($pid[1] == 'Special' || $pid[1] == 'Admin')
+ − 60
{
+ − 61
die('This type of page ('.$paths->nslist[$pid[1]].') cannot be edited because the page source code is not stored in the database.');
+ − 62
}
+ − 63
+ − 64
$e = $db->sql_query('SELECT page_text,char_tag FROM '.table_prefix.'page_text WHERE page_id=\''.$pid[0].'\' AND namespace=\''.$pid[1].'\'');
+ − 65
if ( !$e )
+ − 66
{
+ − 67
$db->_die('The page text could not be selected.');
+ − 68
}
+ − 69
if( $db->numrows() < 1 )
+ − 70
{
+ − 71
return ''; //$db->_die('There were no rows in the text table that matched the page text query.');
+ − 72
}
+ − 73
+ − 74
$r = $db->fetchrow();
+ − 75
$db->free_result();
+ − 76
$message = $r['page_text'];
+ − 77
+ − 78
return htmlspecialchars($message);
+ − 79
}
+ − 80
+ − 81
/**
+ − 82
* Basically a frontend to RenderMan::getPage(), with the ability to send valid data for nonexistent pages
+ − 83
* @param $page the full page id (Namespace:Pagename)
+ − 84
* @param $send_headers true if the theme headers should be sent (still dependent on current page settings), false otherwise
+ − 85
* @return string
+ − 86
*/
+ − 87
+ − 88
function getpage($page, $send_headers = false, $hist_id = false)
+ − 89
{
+ − 90
die('PageUtils->getpage is deprecated.');
+ − 91
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 92
ob_start();
+ − 93
$pid = RenderMan::strToPageID($page);
+ − 94
//die('<pre>'.print_r($pid, true).'</pre>');
+ − 95
if(isset($paths->pages[$page]['password']) && strlen($paths->pages[$page]['password']) == 40)
+ − 96
{
+ − 97
password_prompt($page);
+ − 98
}
+ − 99
if(isset($paths->pages[$page]))
+ − 100
{
+ − 101
doStats($pid[0], $pid[1]);
+ − 102
}
+ − 103
if($paths->custom_page || $pid[1] == 'Special')
+ − 104
{
+ − 105
// If we don't have access to the page, get out and quick!
+ − 106
if(!$session->get_permissions('read') && $pid[0] != 'Login' && $pid[0] != 'Register')
+ − 107
{
+ − 108
$template->tpl_strings['PAGE_NAME'] = 'Access denied';
+ − 109
+ − 110
if ( $send_headers )
+ − 111
{
+ − 112
$template->header();
+ − 113
}
+ − 114
+ − 115
echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
+ − 116
+ − 117
if ( $send_headers )
+ − 118
{
+ − 119
$template->footer();
+ − 120
}
+ − 121
+ − 122
$r = ob_get_contents();
+ − 123
ob_end_clean();
+ − 124
return $r;
+ − 125
}
+ − 126
+ − 127
$fname = 'page_'.$pid[1].'_'.$paths->pages[$page]['urlname_nons'];
+ − 128
@call_user_func($fname);
+ − 129
+ − 130
}
+ − 131
else if ( $pid[1] == 'Admin' )
+ − 132
{
+ − 133
// If we don't have access to the page, get out and quick!
+ − 134
if(!$session->get_permissions('read'))
+ − 135
{
+ − 136
$template->tpl_strings['PAGE_NAME'] = 'Access denied';
+ − 137
if ( $send_headers )
+ − 138
{
+ − 139
$template->header();
+ − 140
}
+ − 141
echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
+ − 142
if ( $send_headers )
+ − 143
{
+ − 144
$template->footer();
+ − 145
}
+ − 146
$r = ob_get_contents();
+ − 147
ob_end_clean();
+ − 148
return $r;
+ − 149
}
+ − 150
+ − 151
$fname = 'page_'.$pid[1].'_'.$pid[0];
+ − 152
if ( !function_exists($fname) )
+ − 153
{
+ − 154
$title = 'Page backend not found';
+ − 155
$message = "The administration page you are looking for was properly registered using the page API, but the backend function
+ − 156
(<tt>$fname</tt>) was not found. If this is a plugin page, then this is almost certainly a bug with the plugin.";
+ − 157
if ( $send_headers )
+ − 158
{
+ − 159
die_friendly($title, "<p>$message</p>");
+ − 160
}
+ − 161
else
+ − 162
{
+ − 163
echo "<h2>$title</h2>\n<p>$message</p>";
+ − 164
}
+ − 165
}
+ − 166
@call_user_func($fname);
+ − 167
}
+ − 168
else if ( !isset( $paths->pages[$page] ) )
+ − 169
{
+ − 170
ob_start();
+ − 171
$code = $plugins->setHook('page_not_found');
+ − 172
foreach ( $code as $cmd )
+ − 173
{
+ − 174
eval($cmd);
+ − 175
}
+ − 176
$text = ob_get_contents();
+ − 177
if ( $text != '' )
+ − 178
{
+ − 179
ob_end_clean();
+ − 180
return $text;
+ − 181
}
+ − 182
$template->header();
+ − 183
if($m = $paths->sysmsg('Page_not_found'))
+ − 184
{
+ − 185
eval('?>'.RenderMan::render($m));
+ − 186
}
+ − 187
else
+ − 188
{
+ − 189
header('HTTP/1.1 404 Not Found');
+ − 190
echo '<h3>There is no page with this title yet.</h3>
+ − 191
<p>You have requested a page that doesn\'t exist yet.';
+ − 192
if($session->get_permissions('create_page')) echo ' You can <a href="'.makeUrl($paths->page, 'do=edit', true).'" onclick="ajaxEditor(); return false;">create this page</a>, or return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.';
+ − 193
else echo ' Return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.</p>';
+ − 194
if($session->get_permissions('history_rollback')) {
+ − 195
$e = $db->sql_query('SELECT * FROM '.table_prefix.'logs WHERE action=\'delete\' AND page_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace=\''.$pid[1].'\' ORDER BY time_id DESC;');
+ − 196
if(!$e) $db->_die('The deletion log could not be selected.');
+ − 197
if($db->numrows() > 0) {
+ − 198
$r = $db->fetchrow();
+ − 199
echo '<p>This page also appears to have some log entries in the database - it seems that it was deleted on '.$r['date_string'].'. You can probably <a href="'.makeUrl($paths->page, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">roll back</a> the deletion.</p>';
+ − 200
}
+ − 201
$db->free_result();
+ − 202
}
+ − 203
echo '<p>
+ − 204
HTTP Error: 404 Not Found
+ − 205
</p>';
+ − 206
}
+ − 207
$template->footer();
+ − 208
}
+ − 209
else
+ − 210
{
+ − 211
+ − 212
// If we don't have access to the page, get out and quick!
+ − 213
if(!$session->get_permissions('read'))
+ − 214
{
+ − 215
$template->tpl_strings['PAGE_NAME'] = 'Access denied';
+ − 216
if($send_headers) $template->header();
+ − 217
echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
+ − 218
if($send_headers) $template->footer();
+ − 219
$r = ob_get_contents();
+ − 220
ob_end_clean();
+ − 221
return $r;
+ − 222
}
+ − 223
+ − 224
ob_start();
+ − 225
$code = $plugins->setHook('page_custom_handler');
+ − 226
foreach ( $code as $cmd )
+ − 227
{
+ − 228
eval($cmd);
+ − 229
}
+ − 230
$text = ob_get_contents();
+ − 231
if ( $text != '' )
+ − 232
{
+ − 233
ob_end_clean();
+ − 234
return $text;
+ − 235
}
+ − 236
+ − 237
if($hist_id) {
+ − 238
$e = $db->sql_query('SELECT page_text,date_string,char_tag FROM '.table_prefix.'logs WHERE page_id=\''.$paths->pages[$page]['urlname_nons'].'\' AND namespace=\''.$pid[1].'\' AND log_type=\'page\' AND action=\'edit\' AND time_id='.$db->escape($hist_id).'');
+ − 239
if($db->numrows() < 1)
+ − 240
{
+ − 241
$db->_die('There were no rows in the text table that matched the page text query.');
+ − 242
}
+ − 243
$r = $db->fetchrow();
+ − 244
$db->free_result();
+ − 245
$message = '<div class="info-box" style="margin-left: 0; margin-top: 5px;"><b>Notice:</b><br />The page you are viewing was archived on '.$r['date_string'].'.<br /><a href="'.makeUrl($page).'" onclick="ajaxReset(); return false;">View current version</a> | <a href="'.makeUrl($page, 'do=rollback&id='.$hist_id).'" onclick="ajaxRollback(\''.$hist_id.'\')">Restore this version</a></div><br />'.RenderMan::render($r['page_text']);
+ − 246
+ − 247
if( !$paths->pages[$page]['special'] )
+ − 248
{
+ − 249
if($send_headers)
+ − 250
{
+ − 251
$template->header();
+ − 252
}
+ − 253
display_page_headers();
+ − 254
}
+ − 255
+ − 256
eval('?>'.$message);
+ − 257
+ − 258
if( !$paths->pages[$page]['special'] )
+ − 259
{
+ − 260
display_page_footers();
+ − 261
if($send_headers)
+ − 262
{
+ − 263
$template->footer();
+ − 264
}
+ − 265
}
+ − 266
+ − 267
} else {
+ − 268
if(!$paths->pages[$page]['special'])
+ − 269
{
+ − 270
$message = RenderMan::getPage($paths->pages[$page]['urlname_nons'], $pid[1]);
+ − 271
}
+ − 272
else
+ − 273
{
+ − 274
$message = RenderMan::getPage($paths->pages[$page]['urlname_nons'], $pid[1], 0, false, false, false, false);
+ − 275
}
+ − 276
// This line is used to debug wikiformatted code
+ − 277
// die('<pre>'.htmlspecialchars($message).'</pre>');
+ − 278
+ − 279
if( !$paths->pages[$page]['special'] )
+ − 280
{
+ − 281
if($send_headers)
+ − 282
{
+ − 283
$template->header();
+ − 284
}
+ − 285
display_page_headers();
+ − 286
}
+ − 287
+ − 288
// This is it, this is what all of Enano has been working up to...
+ − 289
+ − 290
eval('?>'.$message);
+ − 291
+ − 292
if( !$paths->pages[$page]['special'] )
+ − 293
{
+ − 294
display_page_footers();
+ − 295
if($send_headers)
+ − 296
{
+ − 297
$template->footer();
+ − 298
}
+ − 299
}
+ − 300
}
+ − 301
}
+ − 302
$ret = ob_get_contents();
+ − 303
ob_end_clean();
+ − 304
return $ret;
+ − 305
}
+ − 306
+ − 307
/**
+ − 308
* Writes page data to the database, after verifying permissions and running the XSS filter
+ − 309
* @param $page_id the page ID
+ − 310
* @param $namespace the namespace
+ − 311
* @param $message the text to save
+ − 312
* @return string
+ − 313
*/
+ − 314
+ − 315
function savepage($page_id, $namespace, $message, $summary = 'No edit summary given', $minor = false)
+ − 316
{
+ − 317
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 318
$uid = sha1(microtime());
+ − 319
$pname = $paths->nslist[$namespace] . $page_id;
+ − 320
+ − 321
if(!$session->get_permissions('edit_page'))
+ − 322
return 'Access to edit pages is denied.';
+ − 323
+ − 324
if(!isset($paths->pages[$pname]))
+ − 325
{
+ − 326
if(!PageUtils::createPage($page_id, $namespace))
+ − 327
return 'The page did not exist, and I was not able to create it. Permissions problem?';
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 328
$paths->page_exists = true;
1
+ − 329
}
+ − 330
+ − 331
$prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
+ − 332
$wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
+ − 333
if(($prot || !$wiki) && $session->user_level < USER_LEVEL_ADMIN ) return('You are not authorized to edit this page.');
+ − 334
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 335
// Strip potentially harmful tags and PHP from the message, dependent upon permissions settings
1
+ − 336
$message = RenderMan::preprocess_text($message, false, false);
+ − 337
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 338
$msg = $db->escape($message);
1
+ − 339
+ − 340
$minor = $minor ? 'true' : 'false';
+ − 341
$q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \''.$paths->cpage['urlname_nons'].'\', \''.$paths->namespace.'\', \''.$msg.'\', \''.$uid.'\', \''.$session->username.'\', \''.$db->escape(htmlspecialchars($summary)).'\', '.$minor.');';
+ − 342
if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
+ − 343
+ − 344
$q = 'UPDATE '.table_prefix.'page_text SET page_text=\''.$msg.'\',char_tag=\''.$uid.'\' WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';';
+ − 345
$e = $db->sql_query($q);
+ − 346
if(!$e) $db->_die('Enano was unable to save the page contents. Your changes have been lost <tt>:\'(</tt>.');
+ − 347
+ − 348
$paths->rebuild_page_index($page_id, $namespace);
+ − 349
+ − 350
return 'good';
+ − 351
}
+ − 352
+ − 353
/**
+ − 354
* Creates a page, both in memory and in the database.
+ − 355
* @param string $page_id
+ − 356
* @param string $namespace
+ − 357
* @return bool true on success, false on failure
+ − 358
*/
+ − 359
+ − 360
function createPage($page_id, $namespace, $name = false, $visible = 1)
+ − 361
{
+ − 362
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 363
if(in_array($namespace, Array('Special', 'Admin')))
+ − 364
{
+ − 365
// echo '<b>Notice:</b> PageUtils::createPage: You can\'t create a special page in the database<br />';
+ − 366
return false; // Can't create a special page
+ − 367
}
+ − 368
+ − 369
if(!isset($paths->nslist[$namespace]))
+ − 370
{
+ − 371
// echo '<b>Notice:</b> PageUtils::createPage: Couldn\'t look up the namespace<br />';
+ − 372
return false; // Couldn't look up namespace
+ − 373
}
+ − 374
+ − 375
$pname = $paths->nslist[$namespace] . $page_id;
+ − 376
if(isset($paths->pages[$pname]))
+ − 377
{
+ − 378
// echo '<b>Notice:</b> PageUtils::createPage: Page already exists<br />';
+ − 379
return false; // Page already exists
+ − 380
}
+ − 381
+ − 382
if(!$session->get_permissions('create_page'))
+ − 383
{
+ − 384
// echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create pages<br />';
+ − 385
return false; // Access denied
+ − 386
}
+ − 387
+ − 388
if($session->user_level < USER_LEVEL_ADMIN && $namespace == 'System')
+ − 389
{
+ − 390
// echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />';
+ − 391
return false; // Not authorized to create system messages
+ − 392
}
+ − 393
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 394
$page_id = dirtify_page_id($page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 395
1
+ − 396
if ( !$name )
+ − 397
$name = str_replace('_', ' ', $page_id);
+ − 398
$regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is';
+ − 399
if(!preg_match($regex, $page))
+ − 400
{
+ − 401
//echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />';
+ − 402
return false; // Name contains invalid characters
+ − 403
}
+ − 404
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 405
$page_id = sanitize_page_id( $page_id );
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 406
1
+ − 407
$prot = ( $namespace == 'System' ) ? 1 : 0;
+ − 408
112
+ − 409
$ips = array(
+ − 410
'ip' => array(),
+ − 411
'u' => array()
+ − 412
);
+ − 413
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 414
$page_data = Array(
1
+ − 415
'name'=>$name,
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 416
'urlname'=>$page_id,
1
+ − 417
'namespace'=>$namespace,
112
+ − 418
'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>$prot,'delvotes'=>0,'delvote_ips'=>serialize($ips),'wiki_mode'=>2,
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 419
);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 420
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 421
// die('PageUtils::createpage: Creating page with this data:<pre>' . print_r($page_data, true) . '</pre>');
1
+ − 422
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 423
$paths->add_page($page_data);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 424
112
+ − 425
$qa = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\''.$db->escape($name).'\', \''.$db->escape($page_id).'\', \''.$namespace.'\', '. ( $visible ? '1' : '0' ) .', '.$prot.', \'' . $db->escape(serialize($ips)) . '\');');
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 426
$qb = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace) VALUES(\''.$db->escape($page_id).'\', \''.$namespace.'\');');
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 427
$qc = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'create\', \''.$session->username.'\', \''.$db->escape($page_id).'\', \''.$namespace.'\');');
1
+ − 428
+ − 429
if($qa && $qb && $qc)
+ − 430
return true;
+ − 431
else
+ − 432
{
+ − 433
echo $db->get_error();
+ − 434
return false;
+ − 435
}
+ − 436
}
+ − 437
+ − 438
/**
+ − 439
* Sets the protection level on a page.
+ − 440
* @param $page_id string the page ID
+ − 441
* @param $namespace string the namespace
+ − 442
* @param $level int level of protection - 0 is off, 1 is full, 2 is semi
+ − 443
* @param $reason string why the page is being (un)protected
+ − 444
* @return string - "good" on success, in all other cases, an error string (on query failure, calls $db->_die() )
+ − 445
*/
+ − 446
function protect($page_id, $namespace, $level, $reason)
+ − 447
{
+ − 448
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 449
+ − 450
$pname = $paths->nslist[$namespace] . $page_id;
+ − 451
$wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
+ − 452
$prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
+ − 453
+ − 454
if(!$session->get_permissions('protect')) return('Insufficient access rights');
+ − 455
if(!$wiki) return('Page protection only has an effect when Wiki Mode is enabled.');
+ − 456
if(!preg_match('#^([0-9]+){1}$#', (string)$level)) return('Invalid $level parameter.');
+ − 457
+ − 458
if($reason!='NO_REASON') {
+ − 459
switch($level)
+ − 460
{
+ − 461
case 0:
+ − 462
$q = 'INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'unprot\', \''.$session->username.'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape(htmlspecialchars($reason)).'\');';
+ − 463
break;
+ − 464
case 1:
+ − 465
$q = 'INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'prot\', \''.$session->username.'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape(htmlspecialchars($reason)).'\');';
+ − 466
break;
+ − 467
case 2:
+ − 468
$q = 'INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'semiprot\', \''.$session->username.'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape(htmlspecialchars($reason)).'\');';
+ − 469
break;
+ − 470
default:
+ − 471
return 'PageUtils::protect(): Invalid value for $level';
+ − 472
break;
+ − 473
}
+ − 474
if(!$db->sql_query($q)) $db->_die('The log entry for the page protection could not be inserted.');
+ − 475
}
+ − 476
+ − 477
$q = $db->sql_query('UPDATE '.table_prefix.'pages SET protected='.$_POST['level'].' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
+ − 478
if(!$q) $db->_die('The pages table was not updated.');
+ − 479
+ − 480
return('good');
+ − 481
}
+ − 482
+ − 483
/**
+ − 484
* Generates an HTML table with history information in it.
+ − 485
* @param $page_id the page ID
+ − 486
* @param $namespace the namespace
+ − 487
* @return string
+ − 488
*/
+ − 489
+ − 490
function histlist($page_id, $namespace)
+ − 491
{
+ − 492
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 493
+ − 494
if(!$session->get_permissions('history_view'))
+ − 495
return 'Access denied';
+ − 496
+ − 497
ob_start();
+ − 498
+ − 499
$pname = $paths->nslist[$namespace] . $page_id;
+ − 500
$wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
+ − 501
$prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
+ − 502
+ − 503
$q = 'SELECT time_id,date_string,page_id,namespace,author,edit_summary,minor_edit FROM '.table_prefix.'logs WHERE log_type=\'page\' AND action=\'edit\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' ORDER BY time_id DESC;';
+ − 504
if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
+ − 505
echo 'History of edits and actions<h3>Edits:</h3>';
+ − 506
$numrows = $db->numrows();
+ − 507
if($numrows < 1) echo 'No history entries in this category.';
+ − 508
else
+ − 509
{
+ − 510
+ − 511
echo '<form action="'.makeUrlNS($namespace, $page_id, 'do=diff').'" onsubmit="ajaxHistDiff(); return false;" method="get">
+ − 512
<input type="submit" value="Compare selected revisions" />
115
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 513
' . ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars($paths->nslist[$namespace] . $page_id) . '" />' : '' ) . '
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 514
' . ( $session->sid_super ? '<input type="hidden" name="auth" value="' . $session->sid_super . '" />' : '') . '
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 515
<input type="hidden" name="do" value="diff" />
1
+ − 516
<br /><span> </span>
+ − 517
<div class="tblholder">
+ − 518
<table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 519
<tr>
+ − 520
<th colspan="2">Diff</th>
+ − 521
<th>Date/time</th>
+ − 522
<th>User</th>
+ − 523
<th>Edit summary</th>
+ − 524
<th>Minor</th>
+ − 525
<th colspan="3">Actions</th>
+ − 526
</tr>'."\n"."\n";
+ − 527
$cls = 'row2';
+ − 528
$ticker = 0;
+ − 529
+ − 530
while($r = $db->fetchrow()) {
+ − 531
+ − 532
$ticker++;
+ − 533
+ − 534
if($cls == 'row2') $cls = 'row1';
+ − 535
else $cls = 'row2';
+ − 536
+ − 537
echo '<tr>'."\n";
+ − 538
+ − 539
// Diff selection
+ − 540
if($ticker == 1)
+ − 541
{
+ − 542
$s1 = '';
+ − 543
$s2 = 'checked="checked" ';
+ − 544
}
+ − 545
elseif($ticker == 2)
+ − 546
{
+ − 547
$s1 = 'checked="checked" ';
+ − 548
$s2 = '';
+ − 549
}
+ − 550
else
+ − 551
{
+ − 552
$s1 = '';
+ − 553
$s2 = '';
+ − 554
}
+ − 555
if($ticker > 1) echo '<td class="'.$cls.'" style="padding: 0;"><input '.$s1.'name="diff1" type="radio" value="'.$r['time_id'].'" id="diff1_'.$r['time_id'].'" class="clsDiff1Radio" onclick="selectDiff1Button(this);" /></td>'."\n"; else echo '<td class="'.$cls.'"></td>';
+ − 556
if($ticker < $numrows) echo '<td class="'.$cls.'" style="padding: 0;"><input '.$s2.'name="diff2" type="radio" value="'.$r['time_id'].'" id="diff2_'.$r['time_id'].'" class="clsDiff2Radio" onclick="selectDiff2Button(this);" /></td>'."\n"; else echo '<td class="'.$cls.'"></td>';
+ − 557
+ − 558
// Date and time
+ − 559
echo '<td class="'.$cls.'">'.$r['date_string'].'</td class="'.$cls.'">'."\n";
+ − 560
+ − 561
// User
+ − 562
if($session->get_permissions('mod_misc') && preg_match('#^([0-9]*){1,3}\.([0-9]*){1,3}\.([0-9]*){1,3}\.([0-9]*){1,3}$#', $r['author'])) $rc = ' style="cursor: pointer;" title="Click cell background for reverse DNS info" onclick="ajaxReverseDNS(this, \''.$r['author'].'\');"';
+ − 563
else $rc = '';
+ − 564
echo '<td class="'.$cls.'"'.$rc.'><a href="'.makeUrlNS('User', $r['author']).'" ';
+ − 565
if(!isPage($paths->nslist['User'] . $r['author'])) echo 'class="wikilink-nonexistent"';
+ − 566
echo '>'.$r['author'].'</a></td class="'.$cls.'">'."\n";
+ − 567
+ − 568
// Edit summary
+ − 569
echo '<td class="'.$cls.'">'.$r['edit_summary'].'</td>'."\n";
+ − 570
+ − 571
// Minor edit
+ − 572
echo '<td class="'.$cls.'" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'."\n";
+ − 573
+ − 574
// Actions!
+ − 575
echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'oldid='.$r['time_id']).'" onclick="ajaxHistView(\''.$r['time_id'].'\'); return false;">View revision</a></td>'."\n";
+ − 576
echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/'.$r['author']).'">View user contribs</a></td>'."\n";
+ − 577
echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">Revert to this revision</a></td>'."\n";
+ − 578
+ − 579
echo '</tr>'."\n"."\n";
+ − 580
+ − 581
}
+ − 582
echo '</table>
+ − 583
</div>
+ − 584
<br />
+ − 585
<input type="hidden" name="do" value="diff" />
+ − 586
<input type="submit" value="Compare selected revisions" />
+ − 587
</form>
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 588
<script type="text/javascript">if ( !KILL_SWITCH ) { buildDiffList(); }</script>';
1
+ − 589
}
+ − 590
$db->free_result();
+ − 591
echo '<h3>Other changes:</h3>';
+ − 592
$q = 'SELECT time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit FROM '.table_prefix.'logs WHERE log_type=\'page\' AND action!=\'edit\' AND page_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace=\''.$paths->namespace.'\' ORDER BY time_id DESC;';
+ − 593
if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.');
+ − 594
if($db->numrows() < 1) echo 'No history entries in this category.';
+ − 595
else {
+ − 596
+ − 597
echo '<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th>Date/time</th><th>User</th><th>Minor</th><th>Action taken</th><th>Extra info</th><th colspan="2"></th></tr>';
+ − 598
$cls = 'row2';
+ − 599
while($r = $db->fetchrow()) {
+ − 600
+ − 601
if($cls == 'row2') $cls = 'row1';
+ − 602
else $cls = 'row2';
+ − 603
+ − 604
echo '<tr>';
+ − 605
+ − 606
// Date and time
+ − 607
echo '<td class="'.$cls.'">'.$r['date_string'].'</td class="'.$cls.'">';
+ − 608
+ − 609
// User
+ − 610
echo '<td class="'.$cls.'"><a href="'.makeUrlNS('User', $r['author']).'" ';
+ − 611
if(!isPage($paths->nslist['User'] . $r['author'])) echo 'class="wikilink-nonexistent"';
+ − 612
echo '>'.$r['author'].'</a></td class="'.$cls.'">';
+ − 613
+ − 614
+ − 615
// Minor edit
+ − 616
echo '<td class="'.$cls.'" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>';
+ − 617
+ − 618
// Action taken
+ − 619
echo '<td class="'.$cls.'">';
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 620
// Some of these are sanitized at insert-time. Others follow the newer Enano policy of stripping HTML at runtime.
1
+ − 621
if ($r['action']=='prot') echo 'Protected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
+ − 622
elseif($r['action']=='unprot') echo 'Unprotected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
+ − 623
elseif($r['action']=='semiprot') echo 'Semi-protected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 624
elseif($r['action']=='rename') echo 'Renamed page</td><td class="'.$cls.'">Old title: '.htmlspecialchars($r['edit_summary']);
1
+ − 625
elseif($r['action']=='create') echo 'Created page</td><td class="'.$cls.'">';
28
+ − 626
elseif($r['action']=='delete') echo 'Deleted page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 627
elseif($r['action']=='reupload') echo 'Uploaded new file version</td><td class="'.$cls.'">Reason: '.htmlspecialchars($r['edit_summary']);
1
+ − 628
echo '</td>';
+ − 629
+ − 630
// Actions!
+ − 631
echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/'.$r['author']).'">View user contribs</a></td>';
+ − 632
echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">Revert action</a></td>';
+ − 633
+ − 634
//echo '(<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">rollback</a>) <i>'.$r['date_string'].'</i> '.$r['author'].' (<a href="'.makeUrl($paths->nslist['User'].$r['author']).'">Userpage</a>, <a href="'.makeUrl($paths->nslist['Special'].'Contributions/'.$r['author']).'">Contrib</a>): ';
+ − 635
+ − 636
if($r['minor_edit']) echo '<b> - minor edit</b>';
+ − 637
echo '<br />';
+ − 638
+ − 639
echo '</tr>';
+ − 640
}
+ − 641
echo '</table></div>';
+ − 642
}
+ − 643
$db->free_result();
+ − 644
$ret = ob_get_contents();
+ − 645
ob_end_clean();
+ − 646
return $ret;
+ − 647
}
+ − 648
+ − 649
/**
+ − 650
* Rolls back a logged action
+ − 651
* @param $id the time ID, a.k.a. the primary key in the logs table
+ − 652
* @return string
+ − 653
*/
+ − 654
+ − 655
function rollback($id)
+ − 656
{
+ − 657
global $db, $session, $paths, $template, $plugins; // Common objects
158
+ − 658
if ( !$session->get_permissions('history_rollback') )
+ − 659
{
+ − 660
return('You are not authorized to perform rollbacks.');
+ − 661
}
+ − 662
if ( !preg_match('#^([0-9]+)$#', (string)$id) )
+ − 663
{
+ − 664
return('The value "id" on the query string must be an integer.');
+ − 665
}
1
+ − 666
$e = $db->sql_query('SELECT log_type,action,date_string,page_id,namespace,page_text,char_tag,author,edit_summary FROM '.table_prefix.'logs WHERE time_id='.$id.';');
158
+ − 667
if ( !$e )
+ − 668
{
+ − 669
$db->_die('The rollback data could not be selected.');
+ − 670
}
1
+ − 671
$rb = $db->fetchrow();
+ − 672
$db->free_result();
158
+ − 673
+ − 674
if ( $rb['log_type'] == 'page' && $rb['action'] != 'delete' )
+ − 675
{
+ − 676
$pagekey = $paths->nslist[$rb['namespace']] . $rb['page_id'];
+ − 677
if ( !isset($paths->pages[$pagekey]) )
+ − 678
{
+ − 679
return "Page doesn't exist";
+ − 680
}
+ − 681
$pagedata =& $paths->pages[$pagekey];
+ − 682
$protected = false;
+ − 683
// Special case: is the page protected? if so, check for even_when_protected permissions
+ − 684
if($pagedata['protected'] == 2)
+ − 685
{
+ − 686
// The page is semi-protected, determine permissions
+ − 687
if($session->user_logged_in && $session->reg_time + 60*60*24*4 < time())
+ − 688
{
+ − 689
$protected = false;
+ − 690
}
+ − 691
else
+ − 692
{
+ − 693
$protected = true;
+ − 694
}
+ − 695
}
+ − 696
else
+ − 697
{
+ − 698
$protected = ( $pagedata['protected'] == 1 );
+ − 699
}
+ − 700
+ − 701
$perms = $session->fetch_page_acl($rb['page_id'], $rb['namespace']);
+ − 702
+ − 703
if ( $protected && !$perms->get_permissions('even_when_protected') )
+ − 704
{
+ − 705
return "Because this page is protected, you need moderator rights to roll back changes.";
+ − 706
}
+ − 707
}
+ − 708
else
+ − 709
{
+ − 710
$perms =& $session;
+ − 711
}
+ − 712
+ − 713
switch($rb['log_type'])
+ − 714
{
1
+ − 715
case "page":
158
+ − 716
switch($rb['action'])
+ − 717
{
1
+ − 718
case "edit":
158
+ − 719
if ( !$perms->get_permissions('edit_page') )
+ − 720
return "You don't have permission to edit pages, so rolling back edits can't be allowed either.";
1
+ − 721
$t = $db->escape($rb['page_text']);
+ − 722
$e = $db->sql_query('UPDATE '.table_prefix.'page_text SET page_text=\''.$t.'\',char_tag=\''.$rb['char_tag'].'\' WHERE page_id=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
158
+ − 723
if ( !$e )
+ − 724
{
+ − 725
return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
+ − 726
}
+ − 727
else
+ − 728
{
+ − 729
return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the state it was in on '.$rb['date_string'].'.';
+ − 730
}
1
+ − 731
break;
+ − 732
case "rename":
158
+ − 733
if ( !$perms->get_permissions('rename') )
+ − 734
return "You don't have permission to rename pages, so rolling back renames can't be allowed either.";
1
+ − 735
$t = $db->escape($rb['edit_summary']);
+ − 736
$e = $db->sql_query('UPDATE '.table_prefix.'pages SET name=\''.$t.'\' WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
158
+ − 737
if ( !$e )
+ − 738
{
+ − 739
return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ − 740
}
+ − 741
else
+ − 742
{
+ − 743
return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the name it had ("'.$rb['edit_summary'].'") before '.$rb['date_string'].'.';
+ − 744
}
1
+ − 745
break;
+ − 746
case "prot":
158
+ − 747
if ( !$perms->get_permissions('protect') )
+ − 748
return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
1
+ − 749
$e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=0 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
158
+ − 750
if ( !$e )
+ − 751
return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ − 752
else
+ − 753
return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at '.$rb['date_string'].'.';
1
+ − 754
break;
+ − 755
case "semiprot":
158
+ − 756
if ( !$perms->get_permissions('protect') )
+ − 757
return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
1
+ − 758
$e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=0 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
158
+ − 759
if ( !$e )
+ − 760
return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ − 761
else
+ − 762
return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at '.$rb['date_string'].'.';
1
+ − 763
break;
+ − 764
case "unprot":
158
+ − 765
if ( !$perms->get_permissions('protect') )
+ − 766
return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
1
+ − 767
$e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=1 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\'');
158
+ − 768
if ( !$e )
+ − 769
return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ − 770
else
+ − 771
return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been protected according to the log created at '.$rb['date_string'].'.';
1
+ − 772
break;
+ − 773
case "delete":
158
+ − 774
if ( !$perms->get_permissions('history_rollback_extra') )
+ − 775
return 'Administrative privileges are required for page undeletion.';
+ − 776
if ( isset($paths->pages[$paths->cpage['urlname']]) )
+ − 777
return 'You cannot raise a dead page that is alive.';
1
+ − 778
$name = str_replace('_', ' ', $rb['page_id']);
+ − 779
$e = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace) VALUES( \''.$name.'\', \''.$rb['page_id'].'\',\''.$rb['namespace'].'\' )');if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
+ − 780
$e = $db->sql_query('SELECT page_text,char_tag FROM '.table_prefix.'logs WHERE page_id=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\' AND log_type=\'page\' AND action=\'edit\' ORDER BY time_id DESC;'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
+ − 781
$r = $db->fetchrow();
+ − 782
$e = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\''.$rb['page_id'].'\',\''.$rb['namespace'].'\',\''.$db->escape($r['page_text']).'\',\''.$r['char_tag'].'\')'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
158
+ − 783
return 'The page "'.$name.'" has been undeleted according to the log created at '.$rb['date_string'].'.';
1
+ − 784
break;
+ − 785
case "reupload":
158
+ − 786
if ( !$session->get_permissions('history_rollbacks_extra') )
+ − 787
{
+ − 788
return 'Administrative privileges are required for file rollbacks.';
+ − 789
}
1
+ − 790
$newtime = time();
+ − 791
$newdate = date('d M Y h:i a');
158
+ − 792
if(!$db->sql_query('UPDATE '.table_prefix.'logs SET time_id='.$newtime.',date_string=\''.$newdate.'\' WHERE time_id='.$id))
+ − 793
return 'Error during query: '.mysql_error();
+ − 794
if(!$db->sql_query('UPDATE '.table_prefix.'files SET time_id='.$newtime.' WHERE time_id='.$id))
+ − 795
return 'Error during query: '.mysql_error();
+ − 796
return 'The file has been rolled back to the version uploaded on '.date('d M Y h:i a', (int)$id).'.';
1
+ − 797
break;
+ − 798
default:
+ − 799
return('Rollback of the action "'.$rb['action'].'" is not yet supported.');
+ − 800
break;
+ − 801
}
+ − 802
break;
+ − 803
case "security":
+ − 804
case "login":
+ − 805
return('A '.$rb['log_type'].'-related log entry cannot be rolled back.');
+ − 806
break;
+ − 807
default:
+ − 808
return('Unknown log entry type: "'.$rb['log_type'].'"');
+ − 809
}
+ − 810
}
+ − 811
+ − 812
/**
+ − 813
* Posts a comment.
+ − 814
* @param $page_id the page ID
+ − 815
* @param $namespace the namespace
+ − 816
* @param $name the name of the person posting, defaults to current username/IP
+ − 817
* @param $subject the subject line of the comment
+ − 818
* @param $text the comment text
+ − 819
* @return string javascript code
+ − 820
*/
+ − 821
+ − 822
function addcomment($page_id, $namespace, $name, $subject, $text, $captcha_code = false, $captcha_id = false)
+ − 823
{
+ − 824
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 825
$_ob = '';
+ − 826
if(!$session->get_permissions('post_comments'))
+ − 827
return 'Access denied';
+ − 828
if(getConfig('comments_need_login') == '2' && !$session->user_logged_in) _die('Access denied to post comments: you need to be logged in first.');
+ − 829
if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
+ − 830
{
+ − 831
if(!$captcha_code || !$captcha_id) _die('BUG: PageUtils::addcomment: no CAPTCHA data passed to method');
+ − 832
$result = $session->get_captcha($captcha_id);
+ − 833
if($captcha_code != $result) _die('The confirmation code you entered was incorrect.');
+ − 834
}
+ − 835
$text = RenderMan::preprocess_text($text);
+ − 836
$name = $session->user_logged_in ? RenderMan::preprocess_text($session->username) : RenderMan::preprocess_text($name);
+ − 837
$subj = RenderMan::preprocess_text($subject);
+ − 838
if(getConfig('approve_comments')=='1') $appr = '0'; else $appr = '1';
+ − 839
$q = 'INSERT INTO '.table_prefix.'comments(page_id,namespace,subject,comment_data,name,user_id,approved,time) VALUES(\''.$page_id.'\',\''.$namespace.'\',\''.$subj.'\',\''.$text.'\',\''.$name.'\','.$session->user_id.','.$appr.','.time().')';
+ − 840
$e = $db->sql_query($q);
+ − 841
if(!$e) die('alert(unescape(\''.rawurlencode('Error inserting comment data: '.mysql_error().'\n\nQuery:\n'.$q).'\'))');
+ − 842
else $_ob .= '<div class="info-box">Your comment has been posted.</div>';
+ − 843
return PageUtils::comments($page_id, $namespace, false, Array(), $_ob);
+ − 844
}
+ − 845
+ − 846
/**
+ − 847
* Generates partly-compiled HTML/Javascript code to be eval'ed by the user's browser to display comments
+ − 848
* @param $page_id the page ID
+ − 849
* @param $namespace the namespace
+ − 850
* @param $action administrative action to perform, default is false
+ − 851
* @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 852
* @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 853
* @return array
+ − 854
* @access private
+ − 855
*/
+ − 856
+ − 857
function comments_raw($page_id, $namespace, $action = false, $flags = Array(), $_ob = '')
+ − 858
{
+ − 859
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 860
+ − 861
$pname = $paths->nslist[$namespace] . $page_id;
+ − 862
+ − 863
ob_start();
+ − 864
+ − 865
if($action && $session->get_permissions('mod_comments')) // Nip hacking attempts in the bud
+ − 866
{
+ − 867
switch($action) {
+ − 868
case "delete":
+ − 869
if(isset($flags['id']))
+ − 870
{
+ − 871
$q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND comment_id='.intval($flags['id']).' LIMIT 1;';
+ − 872
} else {
+ − 873
$n = $db->escape($flags['name']);
+ − 874
$s = $db->escape($flags['subj']);
+ − 875
$t = $db->escape($flags['text']);
+ − 876
$q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND name=\''.$n.'\' AND subject=\''.$s.'\' AND comment_data=\''.$t.'\' LIMIT 1;';
+ − 877
}
+ − 878
$e=$db->sql_query($q);
+ − 879
if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));');
+ − 880
break;
+ − 881
case "approve":
+ − 882
if(isset($flags['id']))
+ − 883
{
+ − 884
$where = 'comment_id='.intval($flags['id']);
+ − 885
} else {
+ − 886
$n = $db->escape($flags['name']);
+ − 887
$s = $db->escape($flags['subj']);
+ − 888
$t = $db->escape($flags['text']);
+ − 889
$where = 'name=\''.$n.'\' AND subject=\''.$s.'\' AND comment_data=\''.$t.'\'';
+ − 890
}
+ − 891
$q = 'SELECT approved FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND '.$where.' LIMIT 1;';
+ − 892
$e = $db->sql_query($q);
+ − 893
if(!$e) die('alert(unesape(\''.rawurlencode('Error selecting approval status: '.mysql_error().'\n\nQuery:\n'.$q).'\'));');
+ − 894
$r = $db->fetchrow();
+ − 895
$db->free_result();
+ − 896
$a = ( $r['approved'] ) ? '0' : '1';
+ − 897
$q = 'UPDATE '.table_prefix.'comments SET approved='.$a.' WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND '.$where.';';
+ − 898
$e=$db->sql_query($q);
+ − 899
if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));');
+ − 900
if($a=='1') $v = 'Unapprove';
+ − 901
else $v = 'Approve';
+ − 902
echo 'document.getElementById("mdgApproveLink'.$_GET['id'].'").innerHTML="'.$v.'";';
+ − 903
break;
+ − 904
}
+ − 905
}
+ − 906
+ − 907
if(!defined('ENANO_TEMPLATE_LOADED'))
+ − 908
{
+ − 909
$template->load_theme($session->theme, $session->style);
+ − 910
}
+ − 911
+ − 912
$tpl = $template->makeParser('comment.tpl');
+ − 913
+ − 914
$e = $db->sql_query('SELECT * FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND approved=0;');
+ − 915
if(!$e) $db->_die('The comment text data could not be selected.');
+ − 916
$num_unapp = $db->numrows();
+ − 917
$db->free_result();
+ − 918
$e = $db->sql_query('SELECT * FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND approved=1;');
+ − 919
if(!$e) $db->_die('The comment text data could not be selected.');
+ − 920
$num_app = $db->numrows();
+ − 921
$db->free_result();
+ − 922
$lq = $db->sql_query('SELECT c.comment_id,c.subject,c.name,c.comment_data,c.approved,c.time,c.user_id,u.user_level,u.signature
+ − 923
FROM '.table_prefix.'comments AS c
+ − 924
LEFT JOIN '.table_prefix.'users AS u
+ − 925
ON c.user_id=u.user_id
+ − 926
WHERE page_id=\''.$page_id.'\'
+ − 927
AND namespace=\''.$namespace.'\' ORDER BY c.time ASC;');
+ − 928
if(!$lq) _die('The comment text data could not be selected. '.mysql_error());
+ − 929
$_ob .= '<h3>Article Comments</h3>';
+ − 930
$n = ( $session->get_permissions('mod_comments')) ? $db->numrows() : $num_app;
+ − 931
if($n==1) $s = 'is '.$n.' comment'; else $s = 'are '.$n.' comments';
+ − 932
if($n < 1)
+ − 933
{
+ − 934
$_ob .= '<p>There are currently no comments on this '.strtolower($namespace).'';
+ − 935
if($namespace != 'Article') $_ob .= ' page';
+ − 936
$_ob .= '.</p>';
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 937
} else $_ob .= '<p>There '.$s.' on this article.';
1
+ − 938
if($session->get_permissions('mod_comments') && $num_unapp > 0) $_ob .= ' <span style="color: #D84308">'.$num_unapp.' of those are unapproved.</span>';
+ − 939
elseif(!$session->get_permissions('mod_comments') && $num_unapp > 0) { $u = ($num_unapp == 1) ? "is $num_unapp comment" : "are $num_unapp comments"; $_ob .= ' However, there ' . $u . ' awating approval.'; }
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 940
$_ob .= '</p>';
1
+ − 941
$list = 'list = { ';
+ − 942
// _die(htmlspecialchars($ttext));
+ − 943
$i = -1;
+ − 944
while($row = $db->fetchrow($lq))
+ − 945
{
+ − 946
$i++;
+ − 947
$strings = Array();
+ − 948
$bool = Array();
+ − 949
if($session->get_permissions('mod_comments') || $row['approved']) {
+ − 950
$list .= $i . ' : { \'comment\' : unescape(\''.rawurlencode($row['comment_data']).'\'), \'name\' : unescape(\''.rawurlencode($row['name']).'\'), \'subject\' : unescape(\''.rawurlencode($row['subject']).'\'), }, ';
+ − 951
+ − 952
// Comment ID (used in the Javascript apps)
+ − 953
$strings['ID'] = (string)$i;
+ − 954
+ − 955
// Determine the name, and whether to link to the user page or not
+ − 956
$name = '';
+ − 957
if($row['user_id'] > 0) $name .= '<a href="'.makeUrlNS('User', str_replace(' ', '_', $row['name'])).'">';
+ − 958
$name .= $row['name'];
+ − 959
if($row['user_id'] > 0) $name .= '</a>';
+ − 960
$strings['NAME'] = $name; unset($name);
+ − 961
+ − 962
// Subject
+ − 963
$s = $row['subject'];
+ − 964
if(!$row['approved']) $s .= ' <span style="color: #D84308">(Unapproved)</span>';
+ − 965
$strings['SUBJECT'] = $s;
+ − 966
+ − 967
// Date and time
+ − 968
$strings['DATETIME'] = date('F d, Y h:i a', $row['time']);
+ − 969
+ − 970
// User level
+ − 971
switch($row['user_level'])
+ − 972
{
+ − 973
default:
+ − 974
case USER_LEVEL_GUEST:
+ − 975
$l = 'Guest';
+ − 976
break;
+ − 977
case USER_LEVEL_MEMBER:
+ − 978
$l = 'Member';
+ − 979
break;
+ − 980
case USER_LEVEL_MOD:
+ − 981
$l = 'Moderator';
+ − 982
break;
+ − 983
case USER_LEVEL_ADMIN:
+ − 984
$l = 'Administrator';
+ − 985
break;
+ − 986
}
+ − 987
$strings['USER_LEVEL'] = $l; unset($l);
+ − 988
+ − 989
// The actual comment data
+ − 990
$strings['DATA'] = RenderMan::render($row['comment_data']);
+ − 991
+ − 992
if($session->get_permissions('edit_comments'))
+ − 993
{
+ − 994
// Edit link
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 995
$strings['EDIT_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=editcomment&id='.$row['comment_id']).'" id="editbtn_'.$i.'">edit</a>';
1
+ − 996
+ − 997
// Delete link
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 998
$strings['DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=deletecomment&id='.$row['comment_id']).'">delete</a>';
1
+ − 999
}
+ − 1000
else
+ − 1001
{
+ − 1002
// Edit link
+ − 1003
$strings['EDIT_LINK'] = '';
+ − 1004
+ − 1005
// Delete link
+ − 1006
$strings['DELETE_LINK'] = '';
+ − 1007
}
+ − 1008
+ − 1009
// Send PM link
+ − 1010
$strings['SEND_PM_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/To/'.$row['name']).'">Send private message</a><br />' : '';
+ − 1011
+ − 1012
// Add Buddy link
+ − 1013
$strings['ADD_BUDDY_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add/'.$row['name']).'">Add to buddy list</a>' : '';
+ − 1014
+ − 1015
// Mod links
+ − 1016
$applink = '';
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 1017
$applink .= '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=approve&id='.$row['comment_id']).'" id="mdgApproveLink'.$i.'">';
1
+ − 1018
if($row['approved']) $applink .= 'Unapprove';
+ − 1019
else $applink .= 'Approve';
+ − 1020
$applink .= '</a>';
+ − 1021
$strings['MOD_APPROVE_LINK'] = $applink; unset($applink);
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 1022
$strings['MOD_DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=delete&id='.$row['comment_id']).'">Delete</a>';
1
+ − 1023
+ − 1024
// Signature
+ − 1025
$strings['SIGNATURE'] = '';
+ − 1026
if($row['signature'] != '') $strings['SIGNATURE'] = RenderMan::render($row['signature']);
+ − 1027
+ − 1028
$bool['auth_mod'] = ($session->get_permissions('mod_comments')) ? true : false;
+ − 1029
$bool['can_edit'] = ( ( $session->user_logged_in && $row['name'] == $session->username && $session->get_permissions('edit_comments') ) || $session->get_permissions('mod_comments') ) ? true : false;
+ − 1030
$bool['signature'] = ( $strings['SIGNATURE'] == '' ) ? false : true;
+ − 1031
+ − 1032
// Done processing and compiling, now let's cook it into HTML
+ − 1033
$tpl->assign_vars($strings);
+ − 1034
$tpl->assign_bool($bool);
+ − 1035
$_ob .= $tpl->run();
+ − 1036
}
+ − 1037
}
+ − 1038
if(getConfig('comments_need_login') != '2' || $session->user_logged_in)
+ − 1039
{
+ − 1040
if(!$session->get_permissions('post_comments'))
+ − 1041
{
+ − 1042
$_ob .= '<h3>Got something to say?</h3><p>Access to post comments on this page is denied.</p>';
+ − 1043
}
+ − 1044
else
+ − 1045
{
+ − 1046
$_ob .= '<h3>Got something to say?</h3>If you have comments or suggestions on this article, you can shout it out here.';
+ − 1047
if(getConfig('approve_comments')=='1') $_ob .= ' Before your comment will be visible to the public, a moderator will have to approve it.';
+ − 1048
if(getConfig('comments_need_login') == '1' && !$session->user_logged_in) $_ob .= ' Because you are not logged in, you will need to enter a visual confirmation before your comment will be posted.';
+ − 1049
$sn = $session->user_logged_in ? $session->username . '<input name="name" id="mdgScreenName" type="hidden" value="'.$session->username.'" />' : '<input name="name" id="mdgScreenName" type="text" size="35" />';
+ − 1050
$_ob .= ' <a href="#" id="mdgCommentFormLink" style="display: none;" onclick="document.getElementById(\'mdgCommentForm\').style.display=\'block\';this.style.display=\'none\';return false;">Leave a comment...</a>
+ − 1051
<div id="mdgCommentForm">
+ − 1052
<h3>Comment form</h3>
+ − 1053
<form action="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=postcomment').'" method="post" style="margin-left: 1em">
+ − 1054
<table border="0">
+ − 1055
<tr><td>Your name or screen name:</td><td>'.$sn.'</td></tr>
+ − 1056
<tr><td>Comment subject:</td><td><input name="subj" id="mdgSubject" type="text" size="35" /></td></tr>';
+ − 1057
if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
+ − 1058
{
+ − 1059
$session->kill_captcha();
+ − 1060
$captcha = $session->make_captcha();
+ − 1061
$_ob .= '<tr><td>Visual confirmation:<br /><small>Please enter the code you see on the right.</small></td><td><img src="'.makeUrlNS('Special', 'Captcha/'.$captcha).'" alt="Visual confirmation" style="cursor: pointer;" onclick="this.src = \''.makeUrlNS("Special", "Captcha/".$captcha).'/\'+Math.floor(Math.random() * 100000);" /><input name="captcha_id" id="mdgCaptchaID" type="hidden" value="'.$captcha.'" /><br />Code: <input name="captcha_input" id="mdgCaptchaInput" type="text" size="10" /><br /><small><script type="text/javascript">document.write("If you can\'t read the code, click on the image to generate a new one.");</script><noscript>If you can\'t read the code, please refresh this page to generate a new one.</noscript></small></td></tr>';
+ − 1062
}
+ − 1063
$_ob .= '
+ − 1064
<tr><td valign="top">Comment text:<br />(most HTML will be stripped)</td><td><textarea name="text" id="mdgCommentArea" rows="10" cols="40"></textarea></td></tr>
+ − 1065
<tr><td colspan="2" style="text-align: center;"><input type="submit" value="Submit Comment" /></td></tr>
+ − 1066
</table>
+ − 1067
</form>
+ − 1068
</div>';
+ − 1069
}
+ − 1070
} else {
+ − 1071
$_ob .= '<h3>Got something to say?</h3><p>You need to be logged in to post comments. <a href="'.makeUrlNS('Special', 'Login/'.$pname.'%2523comments').'">Log in</a></p>';
+ − 1072
}
+ − 1073
$list .= '};';
+ − 1074
echo 'document.getElementById(\'ajaxEditContainer\').innerHTML = unescape(\''. rawurlencode($_ob) .'\');
+ − 1075
' . $list;
+ − 1076
echo 'Fat.fade_all(); document.getElementById(\'mdgCommentForm\').style.display = \'none\'; document.getElementById(\'mdgCommentFormLink\').style.display="inline";';
+ − 1077
+ − 1078
$ret = ob_get_contents();
+ − 1079
ob_end_clean();
+ − 1080
return Array($ret, $_ob);
+ − 1081
+ − 1082
}
+ − 1083
+ − 1084
/**
+ − 1085
* Generates ready-to-execute Javascript code to be eval'ed by the user's browser to display comments
+ − 1086
* @param $page_id the page ID
+ − 1087
* @param $namespace the namespace
+ − 1088
* @param $action administrative action to perform, default is false
+ − 1089
* @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 1090
* @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 1091
* @return string
+ − 1092
*/
+ − 1093
+ − 1094
function comments($page_id, $namespace, $action = false, $id = -1, $_ob = '')
+ − 1095
{
+ − 1096
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1097
$r = PageUtils::comments_raw($page_id, $namespace, $action, $id, $_ob);
+ − 1098
return $r[0];
+ − 1099
}
+ − 1100
+ − 1101
/**
+ − 1102
* Generates HTML code for comments - used in browser compatibility mode
+ − 1103
* @param $page_id the page ID
+ − 1104
* @param $namespace the namespace
+ − 1105
* @param $action administrative action to perform, default is false
+ − 1106
* @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 1107
* @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 1108
* @return string
+ − 1109
*/
+ − 1110
+ − 1111
function comments_html($page_id, $namespace, $action = false, $id = -1, $_ob = '')
+ − 1112
{
+ − 1113
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1114
$r = PageUtils::comments_raw($page_id, $namespace, $action, $id, $_ob);
+ − 1115
return $r[1];
+ − 1116
}
+ − 1117
+ − 1118
/**
+ − 1119
* Updates comment data.
+ − 1120
* @param $page_id the page ID
+ − 1121
* @param $namespace the namespace
+ − 1122
* @param $subject new subject
+ − 1123
* @param $text new text
+ − 1124
* @param $old_subject the old subject, unprocessed and identical to the value in the DB
+ − 1125
* @param $old_text the old text, unprocessed and identical to the value in the DB
+ − 1126
* @param $id the javascript list ID, used internally by the client-side app
+ − 1127
* @return string
+ − 1128
*/
+ − 1129
+ − 1130
function savecomment($page_id, $namespace, $subject, $text, $old_subject, $old_text, $id = -1)
+ − 1131
{
+ − 1132
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1133
if(!$session->get_permissions('edit_comments'))
+ − 1134
return 'result="BAD";error="Access denied"';
+ − 1135
// Avoid SQL injection
+ − 1136
$old_text = $db->escape($old_text);
+ − 1137
$old_subject = $db->escape($old_subject);
+ − 1138
// Safety check - username/login
+ − 1139
if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
+ − 1140
{
+ − 1141
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
+ − 1142
$q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_data=\''.$old_text.'\' AND subject=\''.$old_subject.'\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;';
+ − 1143
$s = $db->sql_query($q);
+ − 1144
if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1145
$r = $db->fetchrow($s);
+ − 1146
$db->free_result();
+ − 1147
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1148
}
+ − 1149
$s = RenderMan::preprocess_text($subject);
+ − 1150
$t = RenderMan::preprocess_text($text);
+ − 1151
$sql = 'UPDATE '.table_prefix.'comments SET subject=\''.$s.'\',comment_data=\''.$t.'\' WHERE comment_data=\''.$old_text.'\' AND subject=\''.$old_subject.'\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\'';
+ − 1152
$result = $db->sql_query($sql);
+ − 1153
if($result)
+ − 1154
{
+ − 1155
return 'result="GOOD";
+ − 1156
list['.$id.'][\'subject\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $s))))).'\');
+ − 1157
list['.$id.'][\'comment\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t))))).'\'); id = '.$id.';
+ − 1158
s = unescape(\''.rawurlencode($s).'\');
+ − 1159
t = unescape(\''.str_replace('%5Cn', '<br \\/>', rawurlencode(RenderMan::render(str_replace('{{EnAnO:Newline}}', "\n", stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t)))))).'\');';
+ − 1160
}
+ − 1161
else
+ − 1162
{
+ − 1163
return 'result="BAD"; error=unescape("'.rawurlencode('Enano encountered a problem whilst saving the comment.
+ − 1164
Performed SQL:
+ − 1165
'.$sql.'
+ − 1166
+ − 1167
Error returned by MySQL: '.mysql_error()).'");';
+ − 1168
}
+ − 1169
}
+ − 1170
+ − 1171
/**
+ − 1172
* Updates comment data using the comment_id column instead of the old, messy way
+ − 1173
* @param $page_id the page ID
+ − 1174
* @param $namespace the namespace
+ − 1175
* @param $subject new subject
+ − 1176
* @param $text new text
+ − 1177
* @param $id the comment ID (primary key in enano_comments table)
+ − 1178
* @return string
+ − 1179
*/
+ − 1180
+ − 1181
function savecomment_neater($page_id, $namespace, $subject, $text, $id)
+ − 1182
{
+ − 1183
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1184
if(!is_int($id)) die('PageUtils::savecomment: $id is not an integer, aborting for safety');
+ − 1185
if(!$session->get_permissions('edit_comments'))
+ − 1186
return 'Access denied';
+ − 1187
// Safety check - username/login
+ − 1188
if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
+ − 1189
{
+ − 1190
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
+ − 1191
$q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_id='.$id.' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;';
+ − 1192
$s = $db->sql_query($q);
+ − 1193
if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1194
$r = $db->fetchrow($s);
+ − 1195
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1196
$db->free_result();
+ − 1197
}
+ − 1198
$s = RenderMan::preprocess_text($subject);
+ − 1199
$t = RenderMan::preprocess_text($text);
+ − 1200
$sql = 'UPDATE '.table_prefix.'comments SET subject=\''.$s.'\',comment_data=\''.$t.'\' WHERE comment_id='.$id.' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\'';
+ − 1201
$result = $db->sql_query($sql);
+ − 1202
if($result)
+ − 1203
return 'good';
+ − 1204
else return 'Enano encountered a problem whilst saving the comment.
+ − 1205
Performed SQL:
+ − 1206
'.$sql.'
+ − 1207
+ − 1208
Error returned by MySQL: '.mysql_error();
+ − 1209
}
+ − 1210
+ − 1211
/**
+ − 1212
* Deletes a comment.
+ − 1213
* @param $page_id the page ID
+ − 1214
* @param $namespace the namespace
+ − 1215
* @param $name the name the user posted under
+ − 1216
* @param $subj the subject of the comment to be deleted
+ − 1217
* @param $text the text of the comment to be deleted
+ − 1218
* @param $id the javascript list ID, used internally by the client-side app
+ − 1219
* @return string
+ − 1220
*/
+ − 1221
+ − 1222
function deletecomment($page_id, $namespace, $name, $subj, $text, $id)
+ − 1223
{
+ − 1224
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1225
+ − 1226
if(!$session->get_permissions('edit_comments'))
+ − 1227
return 'alert("Access to delete/edit comments is denied");';
+ − 1228
+ − 1229
if(!preg_match('#^([0-9]+)$#', (string)$id)) die('$_GET[id] is improperly formed.');
+ − 1230
$n = $db->escape($name);
+ − 1231
$s = $db->escape($subj);
+ − 1232
$t = $db->escape($text);
+ − 1233
+ − 1234
// Safety check - username/login
+ − 1235
if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
+ − 1236
{
+ − 1237
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
+ − 1238
$q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_data=\''.$t.'\' AND subject=\''.$s.'\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;';
+ − 1239
$s = $db->sql_query($q);
+ − 1240
if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1241
$r = $db->fetchrow($s);
+ − 1242
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1243
$db->free_result();
+ − 1244
}
+ − 1245
$q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND name=\''.$n.'\' AND subject=\''.$s.'\' AND comment_data=\''.$t.'\' LIMIT 1;';
+ − 1246
$e=$db->sql_query($q);
+ − 1247
if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));');
+ − 1248
return('good');
+ − 1249
}
+ − 1250
+ − 1251
/**
+ − 1252
* Deletes a comment in a cleaner fashion.
+ − 1253
* @param $page_id the page ID
+ − 1254
* @param $namespace the namespace
+ − 1255
* @param $id the comment ID (primary key)
+ − 1256
* @return string
+ − 1257
*/
+ − 1258
+ − 1259
function deletecomment_neater($page_id, $namespace, $id)
+ − 1260
{
+ − 1261
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1262
+ − 1263
if(!preg_match('#^([0-9]+)$#', (string)$id)) die('$_GET[id] is improperly formed.');
+ − 1264
+ − 1265
if(!$session->get_permissions('edit_comments'))
+ − 1266
return 'alert("Access to delete/edit comments is denied");';
+ − 1267
+ − 1268
// Safety check - username/login
+ − 1269
if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
+ − 1270
{
+ − 1271
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
+ − 1272
$q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_id='.$id.' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;';
+ − 1273
$s = $db->sql_query($q);
+ − 1274
if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1275
$r = $db->fetchrow($s);
+ − 1276
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1277
$db->free_result();
+ − 1278
}
+ − 1279
$q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND comment_id='.$id.' LIMIT 1;';
+ − 1280
$e=$db->sql_query($q);
+ − 1281
if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));');
+ − 1282
return('good');
+ − 1283
}
+ − 1284
+ − 1285
/**
+ − 1286
* Renames a page.
+ − 1287
* @param $page_id the page ID
+ − 1288
* @param $namespace the namespace
+ − 1289
* @param $name the new name for the page
+ − 1290
* @return string error string or success message
+ − 1291
*/
+ − 1292
+ − 1293
function rename($page_id, $namespace, $name)
+ − 1294
{
+ − 1295
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1296
+ − 1297
$pname = $paths->nslist[$namespace] . $page_id;
+ − 1298
+ − 1299
$prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
+ − 1300
$wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
+ − 1301
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1302
if( empty($name))
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1303
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1304
die('Name is too short');
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1305
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1306
if( ( $session->get_permissions('rename') && ( ( $prot && $session->get_permissions('even_when_protected') ) || !$prot ) ) && ( $paths->namespace != 'Special' && $paths->namespace != 'Admin' ))
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1307
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1308
$e = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'rename\', \''.$db->escape($paths->cpage['urlname_nons']).'\', \''.$paths->namespace.'\', \''.$db->escape($session->username).'\', \''.$db->escape($paths->cpage['name']).'\')');
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1309
if ( !$e )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1310
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1311
$db->_die('The page title could not be updated.');
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1312
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1313
$e = $db->sql_query('UPDATE '.table_prefix.'pages SET name=\''.$db->escape($name).'\' WHERE urlname=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\';');
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1314
if ( !$e )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1315
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1316
$db->_die('The page title could not be updated.');
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1317
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1318
else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1319
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1320
return('The page "'.$paths->pages[$pname]['name'].'" has been renamed to "'.$name.'". You are encouraged to leave a comment explaining your action.' . "\n\n" . 'You will see the change take effect the next time you reload this page.');
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1321
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1322
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1323
else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1324
{
1
+ − 1325
return('Access is denied.');
+ − 1326
}
+ − 1327
}
+ − 1328
+ − 1329
/**
+ − 1330
* Flushes (clears) the action logs for a given page
+ − 1331
* @param $page_id the page ID
+ − 1332
* @param $namespace the namespace
+ − 1333
* @return string error/success string
+ − 1334
*/
+ − 1335
+ − 1336
function flushlogs($page_id, $namespace)
+ − 1337
{
+ − 1338
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1339
if(!$session->get_permissions('clear_logs')) die('Administrative privileges are required to flush logs, you loser.');
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1340
$e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE page_id=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\';');
1
+ − 1341
if(!$e) $db->_die('The log entries could not be deleted.');
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1342
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1343
// If the page exists, make a backup of it in case it gets spammed/vandalized
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1344
// If not, the admin's probably deleting a trash page
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1345
if ( isset($paths->pages[ $paths->nslist[$namespace] . $page_id ]) )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1346
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1347
$e = $db->sql_query('SELECT page_text,char_tag FROM '.table_prefix.'page_text WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1348
if(!$e) $db->_die('The current page text could not be selected; as a result, creating the backup of the page failed. Please make a backup copy of the page by clicking Edit this page and then clicking Save Changes.');
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1349
$row = $db->fetchrow();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1350
$db->free_result();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1351
$q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape($row['page_text']).'\', \''.$row['char_tag'].'\', \''.$session->username.'\', \''."Automatic backup created when logs were purged".'\', '.'false'.');';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1352
if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1353
}
1
+ − 1354
return('The logs for this page have been cleared. A backup of this page has been added to the logs table so that this page can be restored in case of vandalism or spam later.');
+ − 1355
}
+ − 1356
+ − 1357
/**
+ − 1358
* Deletes a page.
28
+ − 1359
* @param string $page_id the condemned page ID
+ − 1360
* @param string $namespace the condemned namespace
+ − 1361
* @param string The reason for deleting the page in question
1
+ − 1362
* @return string
+ − 1363
*/
+ − 1364
28
+ − 1365
function deletepage($page_id, $namespace, $reason)
1
+ − 1366
{
+ − 1367
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1368
$perms = $session->fetch_page_acl($page_id, $namespace);
28
+ − 1369
$x = trim($reason);
+ − 1370
if ( empty($x) )
+ − 1371
{
+ − 1372
return 'Invalid reason for deletion passed';
+ − 1373
}
+ − 1374
if(!$perms->get_permissions('delete_page')) return('Administrative privileges are required to delete pages, you loser.');
+ − 1375
$e = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'delete\', \''.$page_id.'\', \''.$namespace.'\', \''.$session->username.'\', \'' . $db->escape(htmlspecialchars($reason)) . '\')');
1
+ − 1376
if(!$e) $db->_die('The page log entry could not be inserted.');
+ − 1377
$e = $db->sql_query('DELETE FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\'');
+ − 1378
if(!$e) $db->_die('The page categorization entries could not be deleted.');
+ − 1379
$e = $db->sql_query('DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\'');
+ − 1380
if(!$e) $db->_die('The page comments could not be deleted.');
+ − 1381
$e = $db->sql_query('DELETE FROM '.table_prefix.'page_text WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\'');
+ − 1382
if(!$e) $db->_die('The page text entry could not be deleted.');
+ − 1383
$e = $db->sql_query('DELETE FROM '.table_prefix.'pages WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\'');
+ − 1384
if(!$e) $db->_die('The page entry could not be deleted.');
+ − 1385
$e = $db->sql_query('DELETE FROM '.table_prefix.'files WHERE page_id=\''.$page_id.'\'');
+ − 1386
if(!$e) $db->_die('The file entry could not be deleted.');
+ − 1387
return('This page has been deleted. Note that there is still a log of edits and actions in the database, and anyone with admin rights can raise this page from the dead unless the log is cleared. If the deleted file is an image, there may still be cached thumbnails of it in the cache/ directory, which is inaccessible to users.');
+ − 1388
}
+ − 1389
+ − 1390
/**
+ − 1391
* Increments the deletion votes for a page by 1, and adds the current username/IP to the list of users that have voted for the page to prevent dual-voting
+ − 1392
* @param $page_id the page ID
+ − 1393
* @param $namespace the namespace
+ − 1394
* @return string
+ − 1395
*/
+ − 1396
+ − 1397
function delvote($page_id, $namespace)
+ − 1398
{
+ − 1399
global $db, $session, $paths, $template, $plugins; // Common objects
112
+ − 1400
if ( !$session->get_permissions('vote_delete') )
+ − 1401
{
1
+ − 1402
return 'Access denied';
112
+ − 1403
}
+ − 1404
+ − 1405
if ( $namespace == 'Admin' || $namespace == 'Special' || $namespace == 'System' )
+ − 1406
{
+ − 1407
return 'Special pages and system messages can\'t be voted for deletion.';
+ − 1408
}
+ − 1409
+ − 1410
$pname = $paths->nslist[$namespace] . sanitize_page_id($page_id);
+ − 1411
+ − 1412
if ( !isset($paths->pages[$pname]) )
+ − 1413
{
+ − 1414
return 'The page does not exist.';
+ − 1415
}
+ − 1416
+ − 1417
$cv =& $paths->pages[$pname]['delvotes'];
+ − 1418
$ips = $paths->pages[$pname]['delvote_ips'];
+ − 1419
+ − 1420
if ( empty($ips) )
+ − 1421
{
+ − 1422
$ips = array(
+ − 1423
'ip' => array(),
+ − 1424
'u' => array()
+ − 1425
);
+ − 1426
}
+ − 1427
else
+ − 1428
{
+ − 1429
$ips = @unserialize($ips);
+ − 1430
if ( !$ips )
+ − 1431
{
+ − 1432
$ips = array(
+ − 1433
'ip' => array(),
+ − 1434
'u' => array()
+ − 1435
);
+ − 1436
}
+ − 1437
}
+ − 1438
+ − 1439
if ( in_array($session->username, $ips['u']) || in_array($_SERVER['REMOTE_ADDR'], $ips['ip']) )
+ − 1440
{
+ − 1441
return 'It appears that you have already voted to have this page deleted.';
+ − 1442
}
+ − 1443
+ − 1444
$ips['u'][] = $session->username;
+ − 1445
$ips['ip'][] = $_SERVER['REMOTE_ADDR'];
+ − 1446
$ips = $db->escape( serialize($ips) );
+ − 1447
1
+ − 1448
$cv++;
112
+ − 1449
1
+ − 1450
$q = 'UPDATE '.table_prefix.'pages SET delvotes='.$cv.',delvote_ips=\''.$ips.'\' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\'';
+ − 1451
$w = $db->sql_query($q);
112
+ − 1452
+ − 1453
return 'Your vote to have this page deleted has been cast.'."\nYou are encouraged to leave a comment explaining the reason for your vote.";
1
+ − 1454
}
+ − 1455
+ − 1456
/**
+ − 1457
* Resets the number of votes against a page to 0.
+ − 1458
* @param $page_id the page ID
+ − 1459
* @param $namespace the namespace
+ − 1460
* @return string
+ − 1461
*/
+ − 1462
+ − 1463
function resetdelvotes($page_id, $namespace)
+ − 1464
{
+ − 1465
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1466
if(!$session->get_permissions('vote_reset')) die('You need moderator rights in order to do this, stinkin\' hacker.');
112
+ − 1467
$q = 'UPDATE '.table_prefix.'pages SET delvotes=0,delvote_ips=\'' . $db->escape(serialize(array('ip'=>array(),'u'=>array()))) . '\' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\'';
1
+ − 1468
$e = $db->sql_query($q);
+ − 1469
if(!$e) $db->_die('The number of delete votes was not reset.');
+ − 1470
else return('The number of votes for having this page deleted has been reset to zero.');
+ − 1471
}
+ − 1472
+ − 1473
/**
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1474
* Gets a list of styles for a given theme name. As of Banshee, this returns JSON.
1
+ − 1475
* @param $id the name of the directory for the theme
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1476
* @return string JSON string with an array containing a list of themes
1
+ − 1477
*/
+ − 1478
+ − 1479
function getstyles()
+ − 1480
{
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1481
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1482
1
+ − 1483
$dir = './themes/'.$_GET['id'].'/css/';
+ − 1484
$list = Array();
+ − 1485
// Open a known directory, and proceed to read its contents
+ − 1486
if (is_dir($dir)) {
+ − 1487
if ($dh = opendir($dir)) {
+ − 1488
while (($file = readdir($dh)) !== false) {
+ − 1489
if(preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css') { // _printable.css should be included with every theme
+ − 1490
// it should be a copy of the original style, but
+ − 1491
// mostly black and white
+ − 1492
// Note to self: document this
+ − 1493
$list[] = substr($file, 0, strlen($file)-4);
+ − 1494
}
+ − 1495
}
+ − 1496
closedir($dh);
+ − 1497
}
+ − 1498
}
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1499
else
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1500
{
39
c83ff194977a
Changed animation on flying message boxes; bugfix for "Array" response in theme changer; added diff CSS to enano-shared; allowed spaces in username during install
Dan
diff
changeset
+ − 1501
return($json->encode(Array('mode' => 'error', 'error' => $dir.' is not a dir')));
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1502
}
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1503
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1504
return $json->encode($list);
1
+ − 1505
}
+ − 1506
+ − 1507
/**
+ − 1508
* Assembles a Javascript app with category information
+ − 1509
* @param $page_id the page ID
+ − 1510
* @param $namespace the namespace
+ − 1511
* @return string Javascript code
+ − 1512
*/
+ − 1513
+ − 1514
function catedit($page_id, $namespace)
+ − 1515
{
+ − 1516
$d = PageUtils::catedit_raw($page_id, $namespace);
+ − 1517
return $d[0] . ' /* BEGIN CONTENT */ document.getElementById("ajaxEditContainer").innerHTML = unescape(\''.rawurlencode($d[1]).'\');';
+ − 1518
}
+ − 1519
+ − 1520
/**
+ − 1521
* Does the actual HTML/javascript generation for cat editing, but returns an array
+ − 1522
* @access private
+ − 1523
*/
+ − 1524
+ − 1525
function catedit_raw($page_id, $namespace)
+ − 1526
{
+ − 1527
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1528
ob_start();
+ − 1529
$_ob = '';
+ − 1530
$e = $db->sql_query('SELECT category_id FROM '.table_prefix.'categories WHERE page_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace=\''.$paths->namespace.'\'');
+ − 1531
if(!$e) jsdie('Error selecting category information for current page: '.mysql_error());
+ − 1532
$cat_current = Array();
+ − 1533
while($r = $db->fetchrow())
+ − 1534
{
+ − 1535
$cat_current[] = $r;
+ − 1536
}
+ − 1537
$db->free_result();
+ − 1538
$cat_all = Array();
+ − 1539
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1540
{
+ − 1541
if($paths->pages[$i]['namespace']=='Category') $cat_all[] = $paths->pages[$i];
+ − 1542
}
+ − 1543
+ − 1544
// Make $cat_all an associative array, like $paths->pages
+ − 1545
$sz = sizeof($cat_all);
+ − 1546
for($i=0;$i<$sz;$i++)
+ − 1547
{
+ − 1548
$cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i];
+ − 1549
}
+ − 1550
// Now, the "zipper" function - join the list of categories with the list of cats that this page is a part of
+ − 1551
$cat_info = $cat_all;
+ − 1552
for($i=0;$i<sizeof($cat_current);$i++)
+ − 1553
{
+ − 1554
$un = $cat_current[$i]['category_id'];
+ − 1555
$cat_info[$un]['member'] = true;
+ − 1556
}
+ − 1557
// Now copy the information we just set into the numerically named keys
+ − 1558
for($i=0;$i<sizeof($cat_info)/2;$i++)
+ − 1559
{
+ − 1560
$un = $cat_info[$i]['urlname_nons'];
+ − 1561
$cat_info[$i] = $cat_info[$un];
+ − 1562
}
+ − 1563
+ − 1564
echo 'catlist = new Array();'; // Initialize the client-side category list
+ − 1565
$_ob .= '<h3>Select which categories this page should be included in.</h3>
+ − 1566
<form name="mdgCatForm" action="'.makeUrlNS($namespace, $page_id, 'do=catedit').'" method="post">';
+ − 1567
if ( sizeof($cat_info) < 1 )
+ − 1568
{
+ − 1569
$_ob .= '<p>There are no categories on this site yet.</p>';
+ − 1570
}
+ − 1571
for ( $i = 0; $i < sizeof($cat_info) / 2; $i++ )
+ − 1572
{
+ − 1573
// Protection code added 1/3/07
+ − 1574
// Updated 3/4/07
+ − 1575
$is_prot = false;
+ − 1576
$perms = $session->fetch_page_acl($cat_info[$i]['urlname_nons'], 'Category');
+ − 1577
if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
+ − 1578
( $cat_info[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) )
+ − 1579
$is_prot = true;
+ − 1580
$prot = ( $is_prot ) ? ' disabled="disabled" ' : '';
+ − 1581
$prottext = ( $is_prot ) ? ' <img alt="(protected)" width="16" height="16" src="'.scriptPath.'/images/lock16.png" />' : '';
+ − 1582
echo 'catlist['.$i.'] = \''.$cat_info[$i]['urlname_nons'].'\';';
+ − 1583
$_ob .= '<span class="catCheck"><input '.$prot.' name="'.$cat_info[$i]['urlname_nons'].'" id="mdgCat_'.$cat_info[$i]['urlname_nons'].'" type="checkbox"';
+ − 1584
if(isset($cat_info[$i]['member'])) $_ob .= ' checked="checked"';
+ − 1585
$_ob .= '/> <label for="mdgCat_'.$cat_info[$i]['urlname_nons'].'">'.$cat_info[$i]['name'].$prottext.'</label></span><br />';
+ − 1586
}
+ − 1587
+ − 1588
$disabled = ( sizeof($cat_info) < 1 ) ? 'disabled="disabled"' : '';
+ − 1589
+ − 1590
$_ob .= '<div style="border-top: 1px solid #CCC; padding-top: 5px; margin-top: 10px;"><input name="__enanoSaveButton" ' . $disabled . ' style="font-weight: bold;" type="submit" onclick="ajaxCatSave(); return false;" value="Save changes" /> <input name="__enanoCatCancel" type="submit" onclick="ajaxReset(); return false;" value="Cancel" /></div></form>';
+ − 1591
+ − 1592
$cont = ob_get_contents();
+ − 1593
ob_end_clean();
+ − 1594
return Array($cont, $_ob);
+ − 1595
}
+ − 1596
+ − 1597
/**
+ − 1598
* Saves category information
+ − 1599
* WARNING: If $which_cats is empty, all the category information for the selected page will be nuked!
+ − 1600
* @param $page_id string the page ID
+ − 1601
* @param $namespace string the namespace
+ − 1602
* @param $which_cats array associative array of categories to put the page in
+ − 1603
* @return string "GOOD" on success, error string on failure
+ − 1604
*/
+ − 1605
+ − 1606
function catsave($page_id, $namespace, $which_cats)
+ − 1607
{
+ − 1608
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1609
if(!$session->get_permissions('edit_cat')) return('Insufficient privileges to change category information');
+ − 1610
+ − 1611
$page_perms = $session->fetch_page_acl($page_id, $namespace);
+ − 1612
$page_data =& $paths->pages[$paths->nslist[$namespace].$page_id];
+ − 1613
+ − 1614
$cat_all = Array();
+ − 1615
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1616
{
+ − 1617
if($paths->pages[$i]['namespace']=='Category') $cat_all[] = $paths->pages[$i];
+ − 1618
}
+ − 1619
+ − 1620
// Make $cat_all an associative array, like $paths->pages
+ − 1621
$sz = sizeof($cat_all);
+ − 1622
for($i=0;$i<$sz;$i++)
+ − 1623
{
+ − 1624
$cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i];
+ − 1625
}
+ − 1626
+ − 1627
$rowlist = Array();
+ − 1628
+ − 1629
for($i=0;$i<sizeof($cat_all)/2;$i++)
+ − 1630
{
+ − 1631
$auth = true;
+ − 1632
$perms = $session->fetch_page_acl($cat_all[$i]['urlname_nons'], 'Category');
+ − 1633
if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
+ − 1634
( $cat_all[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) ||
+ − 1635
( !$page_perms->get_permissions('even_when_protected') && $page_data['protected'] == '1' ) )
+ − 1636
$auth = false;
+ − 1637
if(!$auth)
+ − 1638
{
+ − 1639
// Find out if the page is currently in the category
+ − 1640
$q = $db->sql_query('SELECT * FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
+ − 1641
if(!$q)
+ − 1642
return 'MySQL error: '.$db->get_error();
+ − 1643
if($db->numrows() > 0)
+ − 1644
{
+ − 1645
$auth = true;
+ − 1646
$which_cats[$cat_all[$i]['urlname_nons']] = true; // Force the category to stay in its current state
+ − 1647
}
+ − 1648
$db->free_result();
+ − 1649
}
+ − 1650
if(isset($which_cats[$cat_all[$i]['urlname_nons']]) && $which_cats[$cat_all[$i]['urlname_nons']] == true /* for clarity ;-) */ && $auth ) $rowlist[] = '(\''.$page_id.'\', \''.$namespace.'\', \''.$cat_all[$i]['urlname_nons'].'\')';
+ − 1651
}
+ − 1652
if(sizeof($rowlist) > 0)
+ − 1653
{
+ − 1654
$val = implode(',', $rowlist);
+ − 1655
$q = 'INSERT INTO '.table_prefix.'categories(page_id,namespace,category_id) VALUES' . $val . ';';
+ − 1656
$e = $db->sql_query('DELETE FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
+ − 1657
if(!$e) $db->_die('The old category data could not be deleted.');
+ − 1658
$e = $db->sql_query($q);
+ − 1659
if(!$e) $db->_die('The new category data could not be inserted.');
+ − 1660
return('GOOD');
+ − 1661
}
+ − 1662
else
+ − 1663
{
+ − 1664
$e = $db->sql_query('DELETE FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
+ − 1665
if(!$e) $db->_die('The old category data could not be deleted.');
+ − 1666
return('GOOD');
+ − 1667
}
+ − 1668
}
+ − 1669
+ − 1670
/**
+ − 1671
* Sets the wiki mode level for a page.
+ − 1672
* @param $page_id string the page ID
+ − 1673
* @param $namespace string the namespace
+ − 1674
* @param $level int 0 for off, 1 for on, 2 for use global setting
+ − 1675
* @return string "GOOD" on success, error string on failure
+ − 1676
*/
+ − 1677
+ − 1678
function setwikimode($page_id, $namespace, $level)
+ − 1679
{
+ − 1680
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1681
if(!$session->get_permissions('set_wiki_mode')) return('Insufficient access rights');
+ − 1682
if(!isset($level) || (isset($level) && !preg_match('#^([0-2]){1}$#', (string)$level))) return('Invalid mode string');
+ − 1683
$q = $db->sql_query('UPDATE '.table_prefix.'pages SET wiki_mode='.$level.' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
+ − 1684
if(!$q) return('Error during update query: '.mysql_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
+ − 1685
return('GOOD');
+ − 1686
}
+ − 1687
+ − 1688
/**
+ − 1689
* Sets the access password for a page.
+ − 1690
* @param $page_id string the page ID
+ − 1691
* @param $namespace string the namespace
+ − 1692
* @param $pass string the SHA1 hash of the password - if the password doesn't match the regex ^([0-9a-f]*){40,40}$ it will be sha1'ed
+ − 1693
* @return string
+ − 1694
*/
+ − 1695
+ − 1696
function setpass($page_id, $namespace, $pass)
+ − 1697
{
+ − 1698
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1699
// Determine permissions
+ − 1700
if($paths->pages[$paths->nslist[$namespace].$page_id]['password'] != '')
+ − 1701
$a = $session->get_permissions('password_reset');
+ − 1702
else
+ − 1703
$a = $session->get_permissions('password_set');
+ − 1704
if(!$a)
+ − 1705
return 'Access is denied';
+ − 1706
if(!isset($pass)) return('Password was not set on URL');
+ − 1707
$p = $pass;
+ − 1708
if(!preg_match('#([0-9a-f]){40,40}#', $p)) $p = sha1($p);
+ − 1709
if($p=='da39a3ee5e6b4b0d3255bfef95601890afd80709') $p = '';
+ − 1710
$e = $db->sql_query('UPDATE '.table_prefix.'pages SET password=\''.$p.'\' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\';');
+ − 1711
if(!$e) die('PageUtils::setpass(): Error during update query: '.mysql_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
+ − 1712
if($p=='') return('The password for this page has been disabled.');
+ − 1713
else return('The password for this page has been set.');
+ − 1714
}
+ − 1715
+ − 1716
/**
+ − 1717
* Generates some preview HTML
+ − 1718
* @param $text string the wikitext to use
+ − 1719
* @return string
+ − 1720
*/
+ − 1721
+ − 1722
function genPreview($text)
+ − 1723
{
102
+ − 1724
$ret = '<div class="info-box"><b>Reminder:</b> This is only a preview - your changes to this page have not yet been saved.</div><div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: 250px; overflow: auto; margin: 1em 0 1em 1em;">';
+ − 1725
$text = RenderMan::render(RenderMan::preprocess_text($text, false, false));
+ − 1726
ob_start();
+ − 1727
eval('?>' . $text);
+ − 1728
$text = ob_get_contents();
+ − 1729
ob_end_clean();
+ − 1730
$ret .= $text;
+ − 1731
$ret .= '</div>';
+ − 1732
return $ret;
1
+ − 1733
}
+ − 1734
+ − 1735
/**
+ − 1736
* Makes a scrollable box
+ − 1737
* @param string $text the inner HTML
+ − 1738
* @param int $height Optional - the maximum height. Defaults to 250.
+ − 1739
* @return string
+ − 1740
*/
+ − 1741
+ − 1742
function scrollBox($text, $height = 250)
+ − 1743
{
+ − 1744
return '<div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: '.(string)intval($height).'px; overflow: auto; margin: 1em 0 1em 1em;">'.$text.'</div>';
+ − 1745
}
+ − 1746
+ − 1747
/**
+ − 1748
* Generates a diff summary between two page revisions.
+ − 1749
* @param $page_id the page ID
+ − 1750
* @param $namespace the namespace
+ − 1751
* @param $id1 the time ID of the first revision
+ − 1752
* @param $id2 the time ID of the second revision
+ − 1753
* @return string XHTML-formatted diff
+ − 1754
*/
+ − 1755
+ − 1756
function pagediff($page_id, $namespace, $id1, $id2)
+ − 1757
{
+ − 1758
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1759
if(!$session->get_permissions('history_view'))
+ − 1760
return 'Access denied';
+ − 1761
if(!preg_match('#^([0-9]+)$#', (string)$id1) ||
+ − 1762
!preg_match('#^([0-9]+)$#', (string)$id2 )) return 'SQL injection attempt';
+ − 1763
// OK we made it through security
+ − 1764
// Safest way to make sure we don't end up with the revisions in wrong columns is to make 2 queries
+ − 1765
if(!$q1 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM '.table_prefix.'logs WHERE time_id='.$id1.' AND log_type=\'page\' AND action=\'edit\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';')) return 'MySQL error: '.mysql_error();
+ − 1766
if(!$q2 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM '.table_prefix.'logs WHERE time_id='.$id2.' AND log_type=\'page\' AND action=\'edit\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';')) return 'MySQL error: '.mysql_error();
+ − 1767
$row1 = $db->fetchrow($q1);
+ − 1768
$db->free_result($q1);
+ − 1769
$row2 = $db->fetchrow($q2);
+ − 1770
$db->free_result($q2);
+ − 1771
if(sizeof($row1) < 1 || sizeof($row2) < 2) return 'Couldn\'t find any rows that matched the query. The time ID probably doesn\'t exist in the logs table.';
+ − 1772
$text1 = $row1['page_text'];
+ − 1773
$text2 = $row2['page_text'];
+ − 1774
$time1 = date('F d, Y h:i a', $id1);
+ − 1775
$time2 = date('F d, Y h:i a', $id2);
+ − 1776
$_ob = "
+ − 1777
<p>Comparing revisions: {$time1} → {$time2}</p>
+ − 1778
";
+ − 1779
// Free some memory
+ − 1780
unset($row1, $row2, $q1, $q2);
+ − 1781
+ − 1782
$_ob .= RenderMan::diff($text1, $text2);
+ − 1783
return $_ob;
+ − 1784
}
+ − 1785
+ − 1786
/**
+ − 1787
* Gets ACL information about the selected page for target type X and target ID Y.
+ − 1788
* @param string $page_id The page ID
+ − 1789
* @param string $namespace The namespace
+ − 1790
* @param array $parms What to select. This is an array purely for JSON compatibility. It should be an associative array with keys target_type and target_id.
+ − 1791
* @return array
+ − 1792
*/
+ − 1793
+ − 1794
function acl_editor($parms = Array())
+ − 1795
{
+ − 1796
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1797
if(!$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN)
40
+ − 1798
{
+ − 1799
return Array(
+ − 1800
'mode' => 'error',
+ − 1801
'error' => 'You are not authorized to view or edit access control lists.'
+ − 1802
);
+ − 1803
}
1
+ − 1804
$parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false;
+ − 1805
$parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false;
+ − 1806
$page_id =& $parms['page_id'];
+ − 1807
$namespace =& $parms['namespace'];
+ − 1808
$page_where_clause = ( empty($page_id) || empty($namespace) ) ? 'AND a.page_id IS NULL AND a.namespace IS NULL' : 'AND a.page_id=\''.$db->escape($page_id).'\' AND a.namespace=\''.$db->escape($namespace).'\'';
+ − 1809
$page_where_clause_lite = ( empty($page_id) || empty($namespace) ) ? 'AND page_id IS NULL AND namespace IS NULL' : 'AND page_id=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\'';
+ − 1810
//die(print_r($page_id,true));
+ − 1811
$template->load_theme();
+ − 1812
// $perms_obj = $session->fetch_page_acl($page_id, $namespace);
+ − 1813
$perms_obj =& $session;
+ − 1814
$return = Array();
+ − 1815
if ( !file_exists(ENANO_ROOT . '/themes/' . $session->theme . '/acledit.tpl') )
+ − 1816
{
+ − 1817
return Array(
+ − 1818
'mode' => 'error',
+ − 1819
'error' => 'It seems that (a) the file acledit.tpl is missing from these theme, and (b) the JSON response is working.',
+ − 1820
);
+ − 1821
}
+ − 1822
$return['template'] = $template->extract_vars('acledit.tpl');
+ − 1823
$return['page_id'] = $page_id;
+ − 1824
$return['namespace'] = $namespace;
+ − 1825
if(isset($parms['mode']))
+ − 1826
{
+ − 1827
switch($parms['mode'])
+ − 1828
{
+ − 1829
case 'listgroups':
+ − 1830
$return['groups'] = Array();
+ − 1831
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups ORDER BY group_name ASC;');
+ − 1832
while($row = $db->fetchrow())
+ − 1833
{
+ − 1834
$return['groups'][] = Array(
+ − 1835
'id' => $row['group_id'],
+ − 1836
'name' => $row['group_name'],
+ − 1837
);
+ − 1838
}
+ − 1839
$db->free_result();
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1840
$return['page_groups'] = Array();
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1841
$q = $db->sql_query('SELECT pg_id,pg_name FROM '.table_prefix.'page_groups ORDER BY pg_name ASC;');
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1842
if ( !$q )
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1843
return Array(
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1844
'mode' => 'error',
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1845
'error' => $db->get_error()
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1846
);
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1847
while ( $row = $db->fetchrow() )
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1848
{
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1849
$return['page_groups'][] = Array(
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1850
'id' => $row['pg_id'],
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1851
'name' => $row['pg_name']
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1852
);
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1853
}
1
+ − 1854
break;
+ − 1855
case 'seltarget':
+ − 1856
$return['mode'] = 'seltarget';
+ − 1857
$return['acl_types'] = $perms_obj->acl_types;
+ − 1858
$return['acl_deps'] = $perms_obj->acl_deps;
+ − 1859
$return['acl_descs'] = $perms_obj->acl_descs;
+ − 1860
$return['target_type'] = $parms['target_type'];
+ − 1861
$return['target_id'] = $parms['target_id'];
+ − 1862
switch($parms['target_type'])
+ − 1863
{
+ − 1864
case ACL_TYPE_USER:
+ − 1865
$q = $db->sql_query('SELECT a.rules,u.user_id FROM '.table_prefix.'users AS u
+ − 1866
LEFT JOIN '.table_prefix.'acl AS a
+ − 1867
ON a.target_id=u.user_id
+ − 1868
WHERE a.target_type='.ACL_TYPE_USER.'
+ − 1869
AND u.username=\''.$db->escape($parms['target_id']).'\'
+ − 1870
'.$page_where_clause.';');
+ − 1871
if(!$q)
+ − 1872
return(Array('mode'=>'error','error'=>mysql_error()));
+ − 1873
if($db->numrows() < 1)
+ − 1874
{
+ − 1875
$return['type'] = 'new';
+ − 1876
$q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($parms['target_id']).'\';');
+ − 1877
if(!$q)
+ − 1878
return(Array('mode'=>'error','error'=>mysql_error()));
+ − 1879
if($db->numrows() < 1)
+ − 1880
return Array('mode'=>'error','error'=>'The username you entered was not found.');
+ − 1881
$row = $db->fetchrow();
+ − 1882
$return['target_name'] = $return['target_id'];
+ − 1883
$return['target_id'] = intval($row['user_id']);
+ − 1884
$return['current_perms'] = $session->acl_types;
+ − 1885
}
+ − 1886
else
+ − 1887
{
+ − 1888
$return['type'] = 'edit';
+ − 1889
$row = $db->fetchrow();
+ − 1890
$return['target_name'] = $return['target_id'];
+ − 1891
$return['target_id'] = intval($row['user_id']);
+ − 1892
$return['current_perms'] = $session->acl_merge($perms_obj->acl_types, $session->string_to_perm($row['rules']));
+ − 1893
}
+ − 1894
$db->free_result();
+ − 1895
// Eliminate types that don't apply to this namespace
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1896
if ( $namespace && $namespace != '__PageGroup' )
1
+ − 1897
{
+ − 1898
foreach ( $return['current_perms'] AS $i => $perm )
+ − 1899
{
+ − 1900
if ( ( $page_id != null && $namespace != null ) && ( !in_array ( $namespace, $session->acl_scope[$i] ) && !in_array('All', $session->acl_scope[$i]) ) )
+ − 1901
{
+ − 1902
// echo "// SCOPE CONTROL: eliminating: $i\n";
+ − 1903
unset($return['current_perms'][$i]);
+ − 1904
unset($return['acl_types'][$i]);
+ − 1905
unset($return['acl_descs'][$i]);
+ − 1906
unset($return['acl_deps'][$i]);
+ − 1907
}
+ − 1908
}
+ − 1909
}
+ − 1910
break;
+ − 1911
case ACL_TYPE_GROUP:
+ − 1912
$q = $db->sql_query('SELECT a.rules,g.group_name,g.group_id FROM '.table_prefix.'groups AS g
+ − 1913
LEFT JOIN '.table_prefix.'acl AS a
+ − 1914
ON a.target_id=g.group_id
+ − 1915
WHERE a.target_type='.ACL_TYPE_GROUP.'
+ − 1916
AND g.group_id=\''.intval($parms['target_id']).'\'
+ − 1917
'.$page_where_clause.';');
+ − 1918
if(!$q)
+ − 1919
return(Array('mode'=>'error','error'=>mysql_error()));
+ − 1920
if($db->numrows() < 1)
+ − 1921
{
+ − 1922
$return['type'] = 'new';
+ − 1923
$q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups WHERE group_id=\''.intval($parms['target_id']).'\';');
+ − 1924
if(!$q)
+ − 1925
return(Array('mode'=>'error','error'=>mysql_error()));
+ − 1926
if($db->numrows() < 1)
+ − 1927
return Array('mode'=>'error','error'=>'The group ID you submitted is not valid.');
+ − 1928
$row = $db->fetchrow();
+ − 1929
$return['target_name'] = $row['group_name'];
+ − 1930
$return['target_id'] = intval($row['group_id']);
+ − 1931
$return['current_perms'] = $session->acl_types;
+ − 1932
}
+ − 1933
else
+ − 1934
{
+ − 1935
$return['type'] = 'edit';
+ − 1936
$row = $db->fetchrow();
+ − 1937
$return['target_name'] = $row['group_name'];
+ − 1938
$return['target_id'] = intval($row['group_id']);
+ − 1939
$return['current_perms'] = $session->acl_merge($session->acl_types, $session->string_to_perm($row['rules']));
+ − 1940
}
+ − 1941
$db->free_result();
+ − 1942
// Eliminate types that don't apply to this namespace
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1943
if ( $namespace && $namespace != '__PageGroup' )
1
+ − 1944
{
+ − 1945
foreach ( $return['current_perms'] AS $i => $perm )
+ − 1946
{
+ − 1947
if ( ( $page_id != false && $namespace != false ) && ( !in_array ( $namespace, $session->acl_scope[$i] ) && !in_array('All', $session->acl_scope[$i]) ) )
+ − 1948
{
+ − 1949
// echo "// SCOPE CONTROL: eliminating: $i\n"; //; ".print_r($namespace,true).":".print_r($page_id,true)."\n";
+ − 1950
unset($return['current_perms'][$i]);
+ − 1951
unset($return['acl_types'][$i]);
+ − 1952
unset($return['acl_descs'][$i]);
+ − 1953
unset($return['acl_deps'][$i]);
+ − 1954
}
+ − 1955
}
+ − 1956
}
+ − 1957
//return Array('mode'=>'debug','text'=>print_r($return, true));
+ − 1958
break;
+ − 1959
default:
+ − 1960
return Array('mode'=>'error','error','Invalid ACL type ID');
+ − 1961
break;
+ − 1962
}
+ − 1963
return $return;
+ − 1964
break;
+ − 1965
case 'save_new':
+ − 1966
case 'save_edit':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1967
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1968
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1969
return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1970
}
1
+ − 1971
$q = $db->sql_query('DELETE FROM '.table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
+ − 1972
'.$page_where_clause_lite.';');
+ − 1973
if(!$q)
+ − 1974
return Array('mode'=>'error','error'=>mysql_error());
+ − 1975
$rules = $session->perm_to_string($parms['perms']);
+ − 1976
if ( sizeof ( $rules ) < 1 )
+ − 1977
{
+ − 1978
return array(
+ − 1979
'mode' => 'error',
+ − 1980
'error' => 'Supplied rule list has a length of zero'
+ − 1981
);
+ − 1982
}
+ − 1983
$q = ($page_id && $namespace) ? 'INSERT INTO '.table_prefix.'acl ( target_type, target_id, page_id, namespace, rules )
+ − 1984
VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \''.$db->escape($page_id).'\', \''.$db->escape($namespace).'\', \''.$db->escape($rules).'\' )' :
+ − 1985
'INSERT INTO '.table_prefix.'acl ( target_type, target_id, rules )
+ − 1986
VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \''.$db->escape($rules).'\' )';
+ − 1987
if(!$db->sql_query($q)) return Array('mode'=>'error','error'=>mysql_error());
+ − 1988
return Array(
+ − 1989
'mode' => 'success',
+ − 1990
'target_type' => $parms['target_type'],
+ − 1991
'target_id' => $parms['target_id'],
+ − 1992
'target_name' => $parms['target_name'],
+ − 1993
'page_id' => $page_id,
+ − 1994
'namespace' => $namespace,
+ − 1995
);
+ − 1996
break;
+ − 1997
case 'delete':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1998
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 1999
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2000
return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2001
}
1
+ − 2002
$q = $db->sql_query('DELETE FROM '.table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
+ − 2003
'.$page_where_clause_lite.';');
+ − 2004
if(!$q)
+ − 2005
return Array('mode'=>'error','error'=>mysql_error());
+ − 2006
return Array(
+ − 2007
'mode' => 'delete',
+ − 2008
'target_type' => $parms['target_type'],
+ − 2009
'target_id' => $parms['target_id'],
+ − 2010
'target_name' => $parms['target_name'],
+ − 2011
'page_id' => $page_id,
+ − 2012
'namespace' => $namespace,
+ − 2013
);
+ − 2014
break;
+ − 2015
default:
+ − 2016
return Array('mode'=>'error','error'=>'Hacking attempt');
+ − 2017
break;
+ − 2018
}
+ − 2019
}
+ − 2020
return $return;
+ − 2021
}
+ − 2022
+ − 2023
/**
+ − 2024
* Same as PageUtils::acl_editor(), but the parms are a JSON string instead of an array. This also returns a JSON string.
+ − 2025
* @param string $parms Same as PageUtils::acl_editor/$parms, but should be a valid JSON string.
+ − 2026
* @return string
+ − 2027
*/
+ − 2028
+ − 2029
function acl_json($parms = '{ }')
+ − 2030
{
+ − 2031
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2032
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 2033
$parms = $json->decode($parms);
+ − 2034
$ret = PageUtils::acl_editor($parms);
+ − 2035
$ret = $json->encode($ret);
+ − 2036
return $ret;
+ − 2037
}
+ − 2038
+ − 2039
/**
+ − 2040
* A non-Javascript frontend for the ACL API.
+ − 2041
* @param array The request data, if any, this should be in the format required by PageUtils::acl_editor()
+ − 2042
*/
+ − 2043
+ − 2044
function aclmanager($parms)
+ − 2045
{
+ − 2046
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2047
ob_start();
+ − 2048
// Convenience
+ − 2049
$formstart = '<form
+ − 2050
action="' . makeUrl($paths->page, 'do=aclmanager', true) . '"
+ − 2051
method="post" enctype="multipart/form-data"
+ − 2052
onsubmit="if(!submitAuthorized) return false;"
+ − 2053
>';
+ − 2054
$formend = '</form>';
+ − 2055
$parms = PageUtils::acl_preprocess($parms);
+ − 2056
$response = PageUtils::acl_editor($parms);
+ − 2057
$response = PageUtils::acl_postprocess($response);
+ − 2058
+ − 2059
//die('<pre>' . htmlspecialchars(print_r($response, true)) . '</pre>');
+ − 2060
+ − 2061
switch($response['mode'])
+ − 2062
{
+ − 2063
case 'debug':
+ − 2064
echo '<pre>' . htmlspecialchars($response['text']) . '</pre>';
+ − 2065
break;
+ − 2066
case 'stage1':
+ − 2067
echo '<h3>Manage page access</h3>
+ − 2068
<p>Please select who should be affected by this access rule.</p>';
+ − 2069
echo $formstart;
+ − 2070
echo '<p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_GROUP . '" checked="checked" /> A usergroup</label></p>
+ − 2071
<p><select name="data[target_id_grp]">';
+ − 2072
foreach ( $response['groups'] as $group )
+ − 2073
{
+ − 2074
echo '<option value="' . $group['id'] . '">' . $group['name'] . '</option>';
+ − 2075
}
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2076
// page group selector
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2077
$groupsel = '';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2078
if ( count($response['page_groups']) > 0 )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2079
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2080
$groupsel = '<p><label><input type="radio" name="data[scope]" value="page_group" /> A group of pages</label></p>
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2081
<p><select name="data[pg_id]">';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2082
foreach ( $response['page_groups'] as $grp )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2083
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2084
$groupsel .= '<option value="' . $grp['id'] . '">' . htmlspecialchars($grp['name']) . '</option>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2085
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2086
$groupsel .= '</select></p>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2087
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2088
1
+ − 2089
echo '</select></p>
+ − 2090
<p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_USER . '" /> A specific user</label></p>
+ − 2091
<p>' . $template->username_field('data[target_id_user]') . '</p>
+ − 2092
<p>What should this access rule control?</p>
+ − 2093
<p><label><input name="data[scope]" value="only_this" type="radio" checked="checked" /> Only this page</p>
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2094
' . $groupsel . '
1
+ − 2095
<p><label><input name="data[scope]" value="entire_site" type="radio" /> The entire site</p>
+ − 2096
<div style="margin: 0 auto 0 0; text-align: right;">
+ − 2097
<input name="data[mode]" value="seltarget" type="hidden" />
+ − 2098
<input type="hidden" name="data[page_id]" value="' . $paths->cpage['urlname_nons'] . '" />
+ − 2099
<input type="hidden" name="data[namespace]" value="' . $paths->namespace . '" />
+ − 2100
<input type="submit" value="Next >" />
+ − 2101
</div>';
+ − 2102
echo $formend;
+ − 2103
break;
+ − 2104
case 'success':
+ − 2105
echo '<div class="info-box">
+ − 2106
<b>Permissions updated</b><br />
+ − 2107
The permissions for ' . $response['target_name'] . ' on this page have been updated successfully.<br />
+ − 2108
' . $formstart . '
+ − 2109
<input type="hidden" name="data[mode]" value="seltarget" />
+ − 2110
<input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2111
<input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2112
<input type="hidden" name="data[target_id_grp]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2113
<input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
+ − 2114
<input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
+ − 2115
<input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
+ − 2116
<input type="submit" value="Return to ACL editor" /> <input type="submit" name="data[act_go_stage1]" value="Return to user/scope selection" />
+ − 2117
' . $formend . '
+ − 2118
</div>';
+ − 2119
break;
+ − 2120
case 'delete':
+ − 2121
echo '<div class="info-box">
+ − 2122
<b>Rule deleted</b><br />
+ − 2123
The selected access rule has been successfully deleted.<br />
+ − 2124
' . $formstart . '
+ − 2125
<input type="hidden" name="data[mode]" value="seltarget" />
+ − 2126
<input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2127
<input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2128
<input type="hidden" name="data[target_id_grp]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2129
<input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
+ − 2130
<input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
+ − 2131
<input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
+ − 2132
<input type="submit" value="Return to ACL editor" /> <input type="submit" name="data[act_go_stage1]" value="Return to user/scope selection" />
+ − 2133
' . $formend . '
+ − 2134
</div>';
+ − 2135
break;
+ − 2136
case 'seltarget':
+ − 2137
if ( $response['type'] == 'edit' )
+ − 2138
{
+ − 2139
echo '<h3>Editing permissions</h3>';
+ − 2140
}
+ − 2141
else
+ − 2142
{
+ − 2143
echo '<h3>Create new rule</h3>';
+ − 2144
}
+ − 2145
$type = ( $response['target_type'] == ACL_TYPE_GROUP ) ? 'group' : 'user';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2146
$scope = ( $response['page_id'] ) ? ( $response['namespace'] == '__PageGroup' ? 'this group of pages' : 'this page' ) : 'this entire site';
1
+ − 2147
echo 'This panel allows you to edit what the '.$type.' "'.$response['target_name'].'" can do on <b>'.$scope.'</b>. Unless you set a permission to "Deny", these permissions may be overridden by other rules.';
+ − 2148
echo $formstart;
+ − 2149
$parser = $template->makeParserText( $response['template']['acl_field_begin'] );
+ − 2150
echo $parser->run();
+ − 2151
$parser = $template->makeParserText( $response['template']['acl_field_item'] );
+ − 2152
$cls = 'row2';
+ − 2153
foreach ( $response['acl_types'] as $acl_type => $value )
+ − 2154
{
+ − 2155
$vars = Array(
+ − 2156
'FIELD_DENY_CHECKED' => '',
+ − 2157
'FIELD_DISALLOW_CHECKED' => '',
+ − 2158
'FIELD_WIKIMODE_CHECKED' => '',
+ − 2159
'FIELD_ALLOW_CHECKED' => '',
+ − 2160
);
+ − 2161
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2162
$vars['ROW_CLASS'] = $cls;
+ − 2163
+ − 2164
switch ( $response['current_perms'][$acl_type] )
+ − 2165
{
+ − 2166
case AUTH_ALLOW:
+ − 2167
$vars['FIELD_ALLOW_CHECKED'] = 'checked="checked"';
+ − 2168
break;
+ − 2169
case AUTH_WIKIMODE:
+ − 2170
$vars['FIELD_WIKIMODE_CHECKED'] = 'checked="checked"';
+ − 2171
break;
+ − 2172
case AUTH_DISALLOW:
+ − 2173
default:
+ − 2174
$vars['FIELD_DISALLOW_CHECKED'] = 'checked="checked"';
+ − 2175
break;
+ − 2176
case AUTH_DENY:
+ − 2177
$vars['FIELD_DENY_CHECKED'] = 'checked="checked"';
+ − 2178
break;
+ − 2179
}
+ − 2180
$vars['FIELD_NAME'] = 'data[perms][' . $acl_type . ']';
+ − 2181
$vars['FIELD_DESC'] = $response['acl_descs'][$acl_type];
+ − 2182
$parser->assign_vars($vars);
+ − 2183
echo $parser->run();
+ − 2184
}
+ − 2185
$parser = $template->makeParserText( $response['template']['acl_field_end'] );
+ − 2186
echo $parser->run();
+ − 2187
echo '<div style="margin: 10px auto 0 0; text-align: right;">
+ − 2188
<input name="data[mode]" value="save_' . $response['type'] . '" type="hidden" />
+ − 2189
<input type="hidden" name="data[page_id]" value="' . (( $response['page_id'] ) ? $response['page_id'] : 'false') . '" />
+ − 2190
<input type="hidden" name="data[namespace]" value="' . (( $response['namespace'] ) ? $response['namespace'] : 'false') . '" />
+ − 2191
<input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2192
<input type="hidden" name="data[target_id]" value="' . $response['target_id'] . '" />
+ − 2193
<input type="hidden" name="data[target_name]" value="' . $response['target_name'] . '" />
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2194
' . ( ( $response['type'] == 'edit' ) ? '<input type="submit" value="Save changes" /> <input type="submit" name="data[act_delete_rule]" value="Delete rule" style="color: #AA0000;" onclick="return confirm(\'Do you really want to delete this ACL rule?\');" />' : '<input type="submit" value="Create rule" />' ) . '
1
+ − 2195
</div>';
+ − 2196
echo $formend;
+ − 2197
break;
+ − 2198
case 'error':
+ − 2199
ob_end_clean();
+ − 2200
die_friendly('Error occurred', '<p>Error returned by permissions API:</p><pre>' . htmlspecialchars($response['error']) . '</pre>');
+ − 2201
break;
+ − 2202
}
+ − 2203
$ret = ob_get_contents();
+ − 2204
ob_end_clean();
+ − 2205
echo
+ − 2206
$template->getHeader() .
+ − 2207
$ret .
+ − 2208
$template->getFooter();
+ − 2209
}
+ − 2210
+ − 2211
/**
+ − 2212
* Preprocessor to turn the form-submitted data from the ACL editor into something the backend can handle
+ − 2213
* @param array The posted data
+ − 2214
* @return array
+ − 2215
* @access private
+ − 2216
*/
+ − 2217
+ − 2218
function acl_preprocess($parms)
+ − 2219
{
+ − 2220
if ( !isset($parms['mode']) )
+ − 2221
// Nothing to do
+ − 2222
return $parms;
+ − 2223
switch ( $parms['mode'] )
+ − 2224
{
+ − 2225
case 'seltarget':
+ − 2226
+ − 2227
// Who's affected?
+ − 2228
$parms['target_type'] = intval( $parms['target_type'] );
+ − 2229
$parms['target_id'] = ( $parms['target_type'] == ACL_TYPE_GROUP ) ? $parms['target_id_grp'] : $parms['target_id_user'];
+ − 2230
+ − 2231
case 'save_edit':
+ − 2232
case 'save_new':
+ − 2233
if ( isset($parms['act_delete_rule']) )
+ − 2234
{
+ − 2235
$parms['mode'] = 'delete';
+ − 2236
}
+ − 2237
+ − 2238
// Scope (just this page or entire site?)
+ − 2239
if ( $parms['scope'] == 'entire_site' || ( $parms['page_id'] == 'false' && $parms['namespace'] == 'false' ) )
+ − 2240
{
+ − 2241
$parms['page_id'] = false;
+ − 2242
$parms['namespace'] = false;
+ − 2243
}
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2244
else if ( $parms['scope'] == 'page_group' )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2245
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2246
$parms['page_id'] = $parms['pg_id'];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2247
$parms['namespace'] = '__PageGroup';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2248
}
1
+ − 2249
+ − 2250
break;
+ − 2251
}
+ − 2252
+ − 2253
if ( isset($parms['act_go_stage1']) )
+ − 2254
{
+ − 2255
$parms = array(
+ − 2256
'mode' => 'listgroups'
+ − 2257
);
+ − 2258
}
+ − 2259
+ − 2260
return $parms;
+ − 2261
}
+ − 2262
+ − 2263
function acl_postprocess($response)
+ − 2264
{
+ − 2265
if(!isset($response['mode']))
+ − 2266
{
+ − 2267
if ( isset($response['groups']) )
+ − 2268
$response['mode'] = 'stage1';
+ − 2269
else
+ − 2270
$response = Array(
+ − 2271
'mode' => 'error',
+ − 2272
'error' => 'Invalid action passed by API backend.',
+ − 2273
);
+ − 2274
}
+ − 2275
return $response;
+ − 2276
}
+ − 2277
+ − 2278
}
+ − 2279
+ − 2280
?>