1
+ − 1
<?php
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 2
1
+ − 3
/*
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
166
+ − 5
* Version 1.1.1
1
+ − 6
* pageprocess.php - intelligent retrieval of pages
+ − 7
* Copyright (C) 2006-2007 Dan Fuhry
+ − 8
*
+ − 9
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 10
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 11
*
+ − 12
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 13
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 14
*/
+ − 15
+ − 16
/**
+ − 17
* Class to handle fetching page text (possibly from a cache) and formatting it.
+ − 18
* @package Enano
+ − 19
* @subpackage UI
+ − 20
* @copyright 2007 Dan Fuhry
+ − 21
* @license GNU General Public License <http://www.gnu.org/licenses/gpl.html>
+ − 22
*/
+ − 23
+ − 24
class PageProcessor
+ − 25
{
+ − 26
+ − 27
/**
+ − 28
* Page ID and namespace of the page handled by this instance
+ − 29
* @var string
+ − 30
*/
+ − 31
+ − 32
var $page_id;
+ − 33
var $namespace;
+ − 34
+ − 35
/**
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 36
* The title of the page sent to the template parser
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 37
* @var string
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 38
*/
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 39
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 40
var $title = '';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 41
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 42
/**
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 43
* The information about the page(s) we were redirected from
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 44
* @var array
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 45
*/
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 46
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 47
var $redirect_stack = array();
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 48
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 49
/**
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 50
* The revision ID (history entry) to send. If set to 0 (the default) then the most recent revision will be sent.
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 51
* @var int
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 52
*/
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 53
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 54
var $revision_id = 0;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 55
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 56
/**
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 57
* Unsanitized page ID.
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 58
* @var string
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 59
*/
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 60
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 61
var $page_id_unclean;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 62
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 63
/**
1
+ − 64
* Tracks if the page we're loading exists in the database or not.
+ − 65
* @var bool
+ − 66
*/
+ − 67
+ − 68
var $page_exists = false;
+ − 69
+ − 70
/**
+ − 71
* Permissions!
+ − 72
* @var object
+ − 73
*/
+ − 74
+ − 75
var $perms = null;
+ − 76
+ − 77
/**
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 78
* The SHA1 hash of the user-inputted password for the page
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 79
* @var string
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 80
*/
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 81
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 82
var $password = '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 83
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 84
/**
1
+ − 85
* Switch to track if redirects are allowed. Defaults to true.
+ − 86
* @var bool
+ − 87
*/
+ − 88
+ − 89
var $allow_redir = true;
+ − 90
+ − 91
/**
+ − 92
* If this is set to true, this will call the header and footer funcs on $template when render() is called.
+ − 93
* @var bool
+ − 94
*/
+ − 95
+ − 96
var $send_headers = false;
+ − 97
+ − 98
/**
+ − 99
* Cache the fetched text so we don't fetch it from the DB twice.
+ − 100
* @var string
+ − 101
*/
+ − 102
+ − 103
var $text_cache = '';
+ − 104
+ − 105
/**
+ − 106
* Debugging information to track errors. You can set enable to false to disable sending debug information.
+ − 107
* @var array
+ − 108
*/
+ − 109
+ − 110
var $debug = array(
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 111
'enable' => false,
1
+ − 112
'works' => false
+ − 113
);
+ − 114
+ − 115
/**
+ − 116
* Constructor.
+ − 117
* @param string The page ID (urlname) of the page
+ − 118
* @param string The namespace of the page
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 119
* @param int Optional. The revision ID to send.
1
+ − 120
*/
+ − 121
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 122
function __construct( $page_id, $namespace, $revision_id = 0 )
1
+ − 123
{
+ − 124
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 125
+ − 126
// See if we can get some debug info
+ − 127
if ( function_exists('debug_backtrace') && $this->debug['enable'] )
+ − 128
{
+ − 129
$this->debug['works'] = true;
+ − 130
$this->debug['backtrace'] = enano_debug_print_backtrace(true);
+ − 131
}
+ − 132
+ − 133
// First things first - check page existence and permissions
+ − 134
+ − 135
if ( !isset($paths->nslist[$namespace]) )
+ − 136
{
+ − 137
$this->send_error('The namespace "' . htmlspecialchars($namespace) . '" does not exist.');
+ − 138
}
+ − 139
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 140
if ( !is_int($revision_id) )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 141
$revision_id = 0;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 142
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 143
$this->_setup( $page_id, $namespace, $revision_id );
1
+ − 144
+ − 145
}
+ − 146
+ − 147
/**
61
+ − 148
* The main method to send the page content. Also responsible for checking permissions and calling the statistics counter.
+ − 149
* @param bool If true, the stat counter is called. Defaults to false.
1
+ − 150
*/
+ − 151
61
+ − 152
function send( $do_stats = false )
1
+ − 153
{
+ − 154
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 155
if ( !$this->perms->get_permissions('read') )
+ − 156
{
+ − 157
$this->err_access_denied();
+ − 158
return false;
+ − 159
}
24
+ − 160
$pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
+ − 161
$strict_no_headers = false;
+ − 162
if ( isset($paths->pages[$pathskey]) )
+ − 163
{
+ − 164
if ( $paths->pages[$pathskey]['special'] == 1 )
+ − 165
{
+ − 166
$this->send_headers = false;
+ − 167
$strict_no_headers = true;
+ − 168
}
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 169
if ( isset($paths->pages[$pathskey]['password']) )
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 170
{
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 171
if ( $paths->pages[$pathskey]['password'] != '' && $paths->pages[$pathskey]['password'] != sha1('') )
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 172
{
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 173
$password =& $paths->pages[$pathskey]['password'];
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 174
if ( $this->password != $password )
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 175
{
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 176
$this->err_wrong_password();
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 177
return false;
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 178
}
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 179
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 180
}
24
+ − 181
}
61
+ − 182
if ( $this->page_exists && $this->namespace != 'Special' && $this->namespace != 'Admin' && $do_stats )
+ − 183
{
+ − 184
doStats($this->page_id, $this->namespace);
+ − 185
}
1
+ − 186
if ( $this->namespace == 'Special' || $this->namespace == 'Admin' )
+ − 187
{
+ − 188
if ( !$this->page_exists )
+ − 189
{
+ − 190
redirect( makeUrl(getConfig('main_page')), 'Can\'t find special page', 'The special or administration page you requested does not exist. You will now be transferred to the main page.', 2 );
+ − 191
}
+ − 192
$func_name = "page_{$this->namespace}_{$this->page_id}";
+ − 193
if ( function_exists($func_name) )
+ − 194
{
+ − 195
return @call_user_func($func_name);
+ − 196
}
+ − 197
else
+ − 198
{
+ − 199
$title = 'Page backend not found';
+ − 200
$message = "The administration page you are looking for was properly registered using the page API, but the backend function
+ − 201
(<tt>$fname</tt>) was not found. If this is a plugin page, then this is almost certainly a bug with the plugin.";
+ − 202
+ − 203
if ( $this->send_headers )
+ − 204
{
+ − 205
$template->tpl_strings['PAGE_NAME'] = $title;
+ − 206
$template->header();
+ − 207
echo "<p>$message</p>";
+ − 208
$template->footer();
+ − 209
}
+ − 210
else
+ − 211
{
+ − 212
echo "<h2>$title</h2>
+ − 213
<p>$message</p>";
+ − 214
}
+ − 215
return false;
+ − 216
}
+ − 217
}
91
+ − 218
else if ( $this->namespace == 'User' && strpos($this->page_id, '/') === false )
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 219
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 220
$this->_handle_userpage();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 221
}
1
+ − 222
else if ( ( $this->namespace == 'Template' || $this->namespace == 'System' ) && $this->page_exists )
+ − 223
{
+ − 224
$this->header();
+ − 225
+ − 226
$text = $this->fetch_text();
+ − 227
$text = preg_replace('/<noinclude>(.*?)<\/noinclude>/is', '\\1', $text);
+ − 228
$text = preg_replace('/<nodisplay>(.*?)<\/nodisplay>/is', '', $text);
+ − 229
+ − 230
$text = RenderMan::render( $text );
+ − 231
+ − 232
echo $text;
+ − 233
+ − 234
$this->footer();
+ − 235
+ − 236
}
+ − 237
else if ( !$this->page_exists )
+ − 238
{
+ − 239
// Perhaps this is hooked?
+ − 240
ob_start();
+ − 241
+ − 242
$code = $plugins->setHook('page_not_found');
+ − 243
foreach ( $code as $cmd )
+ − 244
{
+ − 245
eval($cmd);
+ − 246
}
+ − 247
+ − 248
$ob = ob_get_contents();
+ − 249
+ − 250
if ( empty($ob) )
+ − 251
{
+ − 252
$this->err_page_not_existent();
+ − 253
}
61
+ − 254
else
+ − 255
{
+ − 256
// Something sent content, so we'll assume the page exist...ed at least according to the plugin
+ − 257
if ( $this->namespace != 'Special' && $this->namespace != 'Admin' && $do_stats )
+ − 258
{
+ − 259
doStats($this->page_id, $this->namespace);
+ − 260
}
+ − 261
}
1
+ − 262
}
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 263
else // (disabled for compatibility reasons) if ( in_array($this->namespace, array('Article', 'User', 'Project', 'Help', 'File', 'Category')) && $this->page_exists )
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 264
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 265
// Send as regular page
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 266
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 267
// die($this->page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 268
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 269
$text = $this->fetch_text();
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 270
if ( $text == 'err_no_text_rows' )
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 271
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 272
$this->err_no_rows();
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 273
return false;
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 274
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 275
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 276
{
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 277
$redirect = ( isset($_GET['redirect']) ) ? $_GET['redirect'] : 'YES YOU IDIOT';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 278
if ( preg_match('/^#redirect \[\[([^\]]+)\]\]/i', $text, $match) && $redirect != 'no' )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 279
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 280
// Redirect page!
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 281
$page_to = sanitize_page_id($match[1]);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 282
$page_id_data = RenderMan::strToPageID($page_to);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 283
if ( count($this->redirect_stack) >= 3 )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 284
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 285
$this->render( (!$strict_no_headers), '<div class="usermessage"><b>The maximum number of internal redirects has been exceeded.</b></div>' );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 286
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 287
else
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 288
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 289
$result = $this->_handle_redirect($page_id_data[0], $page_id_data[1]);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 290
if ( $result !== true )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 291
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 292
// There was some error during the redirect process - usually an infinite redirect
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 293
$this->render( (!$strict_no_headers), '<div class="usermessage"><b>' . $result . '</b></div>' );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 294
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 295
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 296
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 297
else
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 298
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 299
$this->render( (!$strict_no_headers) );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 300
}
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 301
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 302
}
1
+ − 303
}
+ − 304
+ − 305
/**
+ − 306
* Sets internal variables.
+ − 307
* @access private
+ − 308
*/
+ − 309
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 310
function _setup($page_id, $namespace, $revision_id)
1
+ − 311
{
+ − 312
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 313
+ − 314
$page_id_cleaned = sanitize_page_id($page_id);
+ − 315
+ − 316
$this->page_id = $page_id_cleaned;
+ − 317
$this->namespace = $namespace;
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 318
$this->revision_id = $revision_id;
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 319
$this->page_id_unclean = dirtify_page_id($page_id);
1
+ − 320
+ − 321
$this->perms = $session->fetch_page_acl( $page_id, $namespace );
+ − 322
+ − 323
// Exception for Admin: pages
+ − 324
if ( $this->namespace == 'Admin' )
+ − 325
{
+ − 326
$fname = "page_Admin_{$this->page_id}";
+ − 327
}
+ − 328
+ − 329
// Does the page "exist"?
4
+ − 330
if ( $paths->cpage['urlname_nons'] == $page_id && $paths->namespace == $namespace && !$paths->page_exists && ( $this->namespace != 'Admin' || ($this->namespace == 'Admin' && !function_exists($fname) ) ) )
1
+ − 331
{
+ − 332
$this->page_exists = false;
+ − 333
}
+ − 334
else if ( !isset( $paths->pages[ $paths->nslist[$namespace] . $page_id ] ) && ( $this->namespace == 'Admin' && !function_exists($fname) ) )
+ − 335
{
+ − 336
$this->page_exists = false;
+ − 337
}
+ − 338
else
+ − 339
{
+ − 340
$this->page_exists = true;
+ − 341
}
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 342
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 343
// Compatibility with older databases
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 344
if ( strstr($this->page_id, '.2e') && !$this->page_exists )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 345
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 346
$page_id = str_replace('.2e', '.', $page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 347
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 348
if ( $paths->cpage['urlname_nons'] == $page_id && $paths->namespace == $namespace && !$paths->page_exists && ( $this->namespace != 'Admin' || ($this->namespace == 'Admin' && !function_exists($fname) ) ) )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 349
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 350
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 351
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 352
else if ( !isset( $paths->pages[ $paths->nslist[$namespace] . $page_id ] ) && ( $this->namespace == 'Admin' && !function_exists($fname) ) )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 353
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 354
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 355
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 356
else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 357
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 358
$this->page_exists = true;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 359
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 360
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 361
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 362
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 363
$this->title = get_page_title_ns($this->page_id, $this->namespace);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 364
1
+ − 365
}
+ − 366
+ − 367
/**
+ − 368
* Renders it all in one go, and echoes it out. This assumes that the text is in the DB.
+ − 369
* @access private
+ − 370
*/
+ − 371
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 372
function render($incl_inner_headers = true, $_errormsg = false)
1
+ − 373
{
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 374
global $db, $session, $paths, $template, $plugins; // Common objects
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 375
1
+ − 376
$text = $this->fetch_text();
91
+ − 377
$text = preg_replace('/([\s]*)__NOBREADCRUMBS__([\s]*)/', '', $text);
+ − 378
$text = preg_replace('/([\s]*)__NOTOC__([\s]*)/', '', $text);
1
+ − 379
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 380
$redir_enabled = false;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 381
if ( preg_match('/^#redirect \[\[([^\]]+?)\]\]/i', $text, $match ) )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 382
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 383
$redir_enabled = true;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 384
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 385
$oldtarget = RenderMan::strToPageID($match[1]);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 386
$oldtarget[0] = sanitize_page_id($oldtarget[0]);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 387
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 388
$url = makeUrlNS($oldtarget[1], $oldtarget[0], false, true);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 389
$page_id_key = $paths->nslist[ $oldtarget[1] ] . $oldtarget[0];
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 390
$page_data = $paths->pages[$page_id_key];
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 391
$title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$oldtarget[1]] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $oldtarget[0] ) ) );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 392
if ( !isset($page_data['name']) )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 393
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 394
$cls = 'class="wikilink-nonexistent"';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 395
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 396
else
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 397
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 398
$cls = '';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 399
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 400
$a = '<a ' . $cls . ' href="' . $url . '">' . $title . '</a>';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 401
$redir_html = '<br /><div class="mdg-infobox">
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 402
<table border="0" width="100%" cellspacing="0" cellpadding="0">
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 403
<tr>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 404
<td valign="top">
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 405
<img alt="Cute wet-floor icon" src="'.scriptPath.'/images/redirector.png" />
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 406
</td>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 407
<td valign="top" style="padding-left: 10px;">
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 408
<b>This page is a <i>redirector</i>.</b><br />
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 409
This means that this page will not show its own content by default. Instead it will display the contents of the page it redirects to.<br /><br />
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 410
To create a redirect page, make the <i>first characters</i> in the page content <tt>#redirect [[Page_ID]]</tt>. For more information, see the
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 411
Enano <a href="http://enanocms.org/Help:Wiki_formatting" onclick="window.open(this.href); return false;">Wiki formatting guide</a>.<br /><br />
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 412
This page redirects to ' . $a . '.
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 413
</td>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 414
</tr>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 415
</table>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 416
</div>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 417
<br />
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 418
<hr style="margin-left: 1em; width: 200px;" />';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 419
$text = str_replace($match[0], '', $text);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 420
$text = trim($text);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 421
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 422
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 423
$template->tpl_strings['PAGE_NAME'] = htmlspecialchars( $this->title );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 424
1
+ − 425
$this->header();
91
+ − 426
$this->do_breadcrumbs();
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 427
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 428
if ( $_errormsg )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 429
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 430
echo $_errormsg;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 431
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 432
24
+ − 433
if ( $incl_inner_headers )
+ − 434
{
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 435
if ( count($this->redirect_stack) > 0 )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 436
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 437
$stack = array_reverse($this->redirect_stack);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 438
foreach ( $stack as $oldtarget )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 439
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 440
$url = makeUrlNS($oldtarget[1], $oldtarget[0], 'redirect=no', true);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 441
$page_id_key = $paths->nslist[ $oldtarget[1] ] . $oldtarget[0];
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 442
$page_data = $paths->pages[$page_id_key];
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 443
$title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$oldtarget[1]] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $oldtarget[0] ) ) );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 444
$a = '<a href="' . $url . '">' . $title . '</a>';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 445
echo '<small>(Redirected from ' . $a . ')<br /></small>';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 446
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 447
}
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 448
display_page_headers();
24
+ − 449
}
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 450
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 451
if ( $this->revision_id )
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 452
{
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 453
echo '<div class="info-box" style="margin-left: 0; margin-top: 5px;"><b>Notice:</b><br />The page you are viewing was archived on '.date('F d, Y \a\t h:i a', $this->revision_id).'.<br /><a href="'.makeUrlNS($this->namespace, $this->page_id).'" onclick="ajaxReset(); return false;">View current version</a> | <a href="'.makeUrlNS($this->namespace, $this->pageid, 'do=rollback&id='.$this->revision_id).'" onclick="ajaxRollback(\''.$this->revision_id.'\')">Restore this version</a></div><br />';
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 454
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 455
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 456
if ( $redir_enabled )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 457
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 458
echo $redir_html;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 459
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 460
25
+ − 461
if ( $incl_inner_headers )
+ − 462
{
+ − 463
$text = '?>' . RenderMan::render($text);
+ − 464
}
+ − 465
else
+ − 466
{
+ − 467
$text = '?>' . $text;
26
+ − 468
$text = preg_replace('/<nowiki>(.*?)<\/nowiki>/s', '\\1', $text);
25
+ − 469
}
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 470
// echo('<pre>'.htmlspecialchars($text).'</pre>');
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 471
eval ( $text );
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 472
24
+ − 473
if ( $incl_inner_headers )
+ − 474
{
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 475
display_page_footers();
24
+ − 476
}
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 477
1
+ − 478
$this->footer();
+ − 479
}
+ − 480
+ − 481
/**
+ − 482
* Sends the page header, dependent on, of course, whether we're supposed to.
+ − 483
*/
+ − 484
+ − 485
function header()
+ − 486
{
+ − 487
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 488
if ( $this->send_headers )
+ − 489
$template->header();
+ − 490
}
+ − 491
+ − 492
/**
+ − 493
* Sends the page footer, dependent on, of course, whether we're supposed to.
+ − 494
*/
+ − 495
+ − 496
function footer()
+ − 497
{
+ − 498
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 499
if ( $this->send_headers )
+ − 500
$template->footer();
+ − 501
}
+ − 502
+ − 503
/**
+ − 504
* Fetches the raw, unfiltered page text.
+ − 505
* @access public
+ − 506
*/
+ − 507
+ − 508
function fetch_text()
+ − 509
{
+ − 510
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 511
+ − 512
if ( !empty($this->text_cache) )
+ − 513
{
+ − 514
return $this->text_cache;
+ − 515
}
+ − 516
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 517
if ( $this->revision_id > 0 && is_int($this->revision_id) )
1
+ − 518
{
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 519
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 520
$q = $db->sql_query('SELECT page_text, char_tag, date_string FROM '.table_prefix.'logs WHERE page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\' AND time_id=' . $this->revision_id . ';');
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 521
if ( !$q )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 522
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 523
$this->send_error('Error during SQL query.', true);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 524
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 525
if ( $db->numrows() < 1 )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 526
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 527
// Compatibility fix for old pages with dots in the page ID
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 528
if ( strstr($this->page_id, '.2e') )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 529
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 530
$db->free_result();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 531
$page_id = str_replace('.2e', '.', $this->page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 532
$q = $db->sql_query('SELECT page_text, char_tag, date_string FROM '.table_prefix.'logs WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $this->namespace . '\' AND time_id=' . $this->revision_id . ';');
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 533
if ( !$q )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 534
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 535
$this->send_error('Error during SQL query.', true);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 536
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 537
if ( $db->numrows() < 1 )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 538
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 539
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 540
return 'err_no_text_rows';
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 541
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 542
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 543
else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 544
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 545
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 546
return 'err_no_text_rows';
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 547
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 548
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 549
else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 550
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 551
$row = $db->fetchrow();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 552
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 553
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 554
$db->free_result();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 555
1
+ − 556
}
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 557
else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 558
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 559
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 560
$q = $db->sql_query('SELECT page_text, char_tag FROM '.table_prefix.'page_text WHERE page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\';');
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 561
if ( !$q )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 562
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 563
$this->send_error('Error during SQL query.', true);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 564
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 565
if ( $db->numrows() < 1 )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 566
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 567
// Compatibility fix for old pages with dots in the page ID
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 568
if ( strstr($this->page_id, '.2e') )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 569
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 570
$db->free_result();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 571
$page_id = str_replace('.2e', '.', $this->page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 572
$q = $db->sql_query('SELECT page_text, char_tag FROM '.table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $this->namespace . '\';');
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 573
if ( !$q )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 574
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 575
$this->send_error('Error during SQL query.', true);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 576
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 577
if ( $db->numrows() < 1 )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 578
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 579
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 580
return 'err_no_text_rows';
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 581
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 582
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 583
else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 584
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 585
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 586
return 'err_no_text_rows';
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 587
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 588
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 589
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 590
$row = $db->fetchrow();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 591
$db->free_result();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 592
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 593
}
1
+ − 594
+ − 595
if ( !empty($row['char_tag']) )
+ − 596
{
+ − 597
// This page text entry uses the old text-escaping format
+ − 598
$from = array(
+ − 599
"{APOS:{$row['char_tag']}}",
+ − 600
"{QUOT:{$row['char_tag']}}",
+ − 601
"{SLASH:{$row['char_tag']}}"
+ − 602
);
+ − 603
$to = array("'", '"', '\\');
+ − 604
$row['page_text'] = str_replace($from, $to, $row['page_text']);
+ − 605
}
+ − 606
+ − 607
$this->text_cache = $row['page_text'];
+ − 608
+ − 609
return $row['page_text'];
+ − 610
+ − 611
}
+ − 612
+ − 613
/**
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 614
* Handles the extra overhead required for user pages.
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 615
* @access private
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 616
*/
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 617
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 618
function _handle_userpage()
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 619
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 620
global $db, $session, $paths, $template, $plugins; // Common objects
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 621
global $email;
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 622
285
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 623
$page_urlname = dirtify_page_id($this->page_id);
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 624
if ( $this->page_id == $paths->cpage['urlname_nons'] && $this->namespace == $paths->namespace )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 625
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 626
$page_name = ( isset($paths->cpage['name']) ) ? $paths->cpage['name'] : $this->page_id;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 627
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 628
else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 629
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 630
$page_name = ( isset($paths->pages[$this->page_id]) ) ? $paths->pages[$this->page_id]['name'] : $this->page_id;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 631
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 632
285
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 633
$target_username = strtr($page_urlname,
22
+ − 634
Array(
+ − 635
'_' => ' ',
+ − 636
'<' => '<',
+ − 637
'>' => '>'
+ − 638
));
+ − 639
+ − 640
$target_username = preg_replace('/^' . preg_quote($paths->nslist['User']) . '/', '', $target_username);
91
+ − 641
$target_username = explode('/', $target_username);
+ − 642
$target_username = $target_username[0];
22
+ − 643
+ − 644
if ( ( $page_name == str_replace('_', ' ', $this->page_id) || $page_name == $paths->nslist['User'] . str_replace('_', ' ', $this->page_id) ) || !$this->page_exists )
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 645
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 646
$page_name = "$target_username's user page";
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 647
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 648
else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 649
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 650
// User has a custom title for their userpage
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 651
$page_name = $paths->pages[ $paths->nslist[$this->namespace] . $this->page_id ]['name'];
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 652
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 653
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 654
$template->tpl_strings['PAGE_NAME'] = htmlspecialchars($page_name);
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 655
22
+ − 656
$q = $db->sql_query('SELECT u.username, u.user_id AS authoritative_uid, u.real_name, u.email, u.reg_time, x.*, COUNT(c.comment_id) AS n_comments
+ − 657
FROM '.table_prefix.'users u
+ − 658
LEFT JOIN '.table_prefix.'users_extra AS x
+ − 659
ON ( u.user_id = x.user_id OR x.user_id IS NULL )
+ − 660
LEFT JOIN '.table_prefix.'comments AS c
47
+ − 661
ON ( ( c.user_id=u.user_id AND c.name=u.username AND c.approved=1 ) OR ( c.comment_id IS NULL AND c.approved IS NULL ) )
22
+ − 662
WHERE u.username=\'' . $db->escape($target_username) . '\'
+ − 663
GROUP BY u.user_id;');
+ − 664
if ( !$q )
+ − 665
$db->_die();
+ − 666
+ − 667
$user_exists = true;
+ − 668
+ − 669
if ( $db->numrows() < 1 )
+ − 670
{
+ − 671
$user_exists = false;
+ − 672
}
+ − 673
else
+ − 674
{
+ − 675
$userdata = $db->fetchrow();
+ − 676
if ( $userdata['authoritative_uid'] == 1 )
+ − 677
{
+ − 678
// Hide data for anonymous user
+ − 679
$user_exists = false;
+ − 680
unset($userdata);
+ − 681
}
+ − 682
}
+ − 683
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 684
$this->header();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 685
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 686
// if ( $send_headers )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 687
// {
22
+ − 688
// display_page_headers();
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 689
// }
16
+ − 690
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 691
// Start left sidebar: basic user info, latest comments
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 692
22
+ − 693
if ( $user_exists ):
+ − 694
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 695
echo '<table border="0" cellspacing="4" cellpadding="0" style="width: 100%;">';
22
+ − 696
echo '<tr><td style="width: 150px;" valign="top">';
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 697
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 698
echo '<div class="tblholder">
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 699
<table border="0" cellspacing="1" cellpadding="4">';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 700
22
+ − 701
//
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 702
// Main part of sidebar
22
+ − 703
//
+ − 704
+ − 705
// Basic user info
+ − 706
+ − 707
echo '<tr><th class="subhead">All about ' . htmlspecialchars($target_username) . '</th></tr>';
+ − 708
echo '<tr><td class="row3">Joined: ' . date('F d, Y h:i a', $userdata['reg_time']) . '</td></tr>';
+ − 709
echo '<tr><td class="row1">Total comments: ' . $userdata['n_comments'] . '</td></tr>';
+ − 710
+ − 711
if ( !empty($userdata['real_name']) )
+ − 712
{
31
+ − 713
echo '<tr><td class="row3">Real name: ' . $userdata['real_name'] . '</td></tr>';
22
+ − 714
}
+ − 715
108
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 716
// Administer user button
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 717
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 718
if ( $session->user_level >= USER_LEVEL_ADMIN )
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 719
{
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 720
echo '<tr><td class="row1"><a href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'UserManager&src=get&user=' . urlencode($target_username), true) . '" onclick="ajaxAdminUser(\'' . addslashes($target_username) . '\'); return false;">Administer user</a></td></tr>';
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 721
}
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 722
22
+ − 723
// Comments
+ − 724
+ − 725
echo '<tr><th class="subhead">' . htmlspecialchars($target_username) . '\'s latest comments</th></tr>';
47
+ − 726
$q = $db->sql_query('SELECT page_id, namespace, subject, time FROM '.table_prefix.'comments WHERE name=\'' . $db->escape($target_username) . '\' AND user_id=' . $userdata['authoritative_uid'] . ' AND approved=1 ORDER BY time DESC LIMIT 5;');
22
+ − 727
if ( !$q )
+ − 728
$db->_die();
+ − 729
+ − 730
$comments = Array();
+ − 731
$no_comments = false;
+ − 732
+ − 733
if ( $row = $db->fetchrow() )
+ − 734
{
+ − 735
do
+ − 736
{
+ − 737
$row['time'] = date('F d, Y', $row['time']);
+ − 738
$comments[] = $row;
+ − 739
}
+ − 740
while ( $row = $db->fetchrow() );
+ − 741
}
+ − 742
else
+ − 743
{
+ − 744
$no_comments = true;
+ − 745
}
+ − 746
+ − 747
echo '<tr><td class="row3">';
+ − 748
echo '<div style="border: 1px solid #000000; padding: 0px; margin: 0; max-height: 200px; clip: rect(0px,auto,auto,0px); overflow: auto; background-color: transparent;" class="tblholder">';
+ − 749
+ − 750
echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 751
$class = 'row1';
+ − 752
+ − 753
$tpl = '<tr>
+ − 754
<td class="{CLASS}">
+ − 755
<a href="{PAGE_LINK}" <!-- BEGINNOT page_exists -->class="wikilink-nonexistent"<!-- END page_exists -->>{PAGE}</a><br />
+ − 756
<small>Posted {DATE}<br /></small>
+ − 757
<b><a href="{COMMENT_LINK}">{SUBJECT}</a></b>
+ − 758
</td>
+ − 759
</tr>';
+ − 760
$parser = $template->makeParserText($tpl);
+ − 761
+ − 762
if ( count($comments) > 0 )
+ − 763
{
+ − 764
foreach ( $comments as $comment )
+ − 765
{
+ − 766
$c_page_id = $paths->nslist[ $comment['namespace'] ] . sanitize_page_id($comment['page_id']);
+ − 767
if ( isset($paths->pages[ $c_page_id ]) )
+ − 768
{
+ − 769
$parser->assign_bool(array(
+ − 770
'page_exists' => true
+ − 771
));
83
+ − 772
$page_title = htmlspecialchars($paths->pages[ $c_page_id ]['name']);
22
+ − 773
}
+ − 774
else
+ − 775
{
+ − 776
$parser->assign_bool(array(
+ − 777
'page_exists' => false
+ − 778
));
+ − 779
$page_title = htmlspecialchars(dirtify_page_id($c_page_id));
+ − 780
}
+ − 781
$parser->assign_vars(array(
+ − 782
'CLASS' => $class,
+ − 783
'PAGE_LINK' => makeUrlNS($comment['namespace'], sanitize_page_id($comment['page_id'])),
+ − 784
'PAGE' => $page_title,
+ − 785
'SUBJECT' => $comment['subject'],
+ − 786
'DATE' => $comment['time'],
+ − 787
'COMMENT_LINK' => makeUrlNS($comment['namespace'], sanitize_page_id($comment['page_id']), 'do=comments', true)
+ − 788
));
+ − 789
$class = ( $class == 'row3' ) ? 'row1' : 'row3';
+ − 790
echo $parser->run();
+ − 791
}
+ − 792
}
+ − 793
else
+ − 794
{
+ − 795
echo '<tr><td class="' . $class . '">This user has not posted any comments.</td></tr>';
+ − 796
}
+ − 797
echo '</table>';
+ − 798
+ − 799
echo '</div>';
+ − 800
echo '</td></tr>';
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 801
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 802
echo ' </table>
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 803
</div>';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 804
22
+ − 805
echo '</td><td valign="top" style="padding: 0 10px;">';
+ − 806
+ − 807
else:
+ − 808
+ − 809
// Nothing for now
+ − 810
+ − 811
endif;
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 812
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 813
// User's own content
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 814
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 815
$send_headers = $this->send_headers;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 816
$this->send_headers = false;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 817
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 818
if ( $this->page_exists )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 819
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 820
$this->render();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 821
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 822
else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 823
{
22
+ − 824
$this->err_page_not_existent(true);
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 825
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 826
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 827
// Right sidebar
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 828
22
+ − 829
if ( $user_exists ):
+ − 830
+ − 831
echo '</td><td style="width: 150px;" valign="top">';
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 832
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 833
echo '<div class="tblholder">
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 834
<table border="0" cellspacing="1" cellpadding="4">';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 835
22
+ − 836
//
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 837
// Main part of sidebar
22
+ − 838
//
+ − 839
+ − 840
// Contact information
+ − 841
+ − 842
echo '<tr><th class="subhead">Get in touch</th></tr>';
+ − 843
+ − 844
$class = 'row3';
+ − 845
+ − 846
if ( $userdata['email_public'] == 1 )
+ − 847
{
+ − 848
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 849
$email_link = $email->encryptEmail($userdata['email']);
+ − 850
echo '<tr><td class="'.$class.'">E-mail address: ' . $email_link . '</td></tr>';
+ − 851
}
+ − 852
+ − 853
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 854
if ( $session->user_logged_in )
+ − 855
{
+ − 856
echo '<tr><td class="'.$class.'">Send ' . htmlspecialchars($target_username) . ' a <a href="' . makeUrlNS('Special', 'PrivateMessages/Compose/to/' . $this->page_id, false, true) . '">Private Message</a>!</td></tr>';
+ − 857
}
+ − 858
else
+ − 859
{
+ − 860
echo '<tr><td class="'.$class.'">You could send ' . htmlspecialchars($target_username) . ' a private message if you were <a href="' . makeUrlNS('Special', 'Login/' . $paths->nslist[$this->namespace] . $this->page_id) . '">logged in</a>.</td></tr>';
+ − 861
}
+ − 862
+ − 863
if ( !empty($userdata['user_aim']) )
+ − 864
{
+ − 865
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
37
+ − 866
echo '<tr><td class="'.$class.'">AIM: ' . $userdata['user_aim'] . '</td></tr>';
22
+ − 867
}
+ − 868
+ − 869
if ( !empty($userdata['user_yahoo']) )
+ − 870
{
+ − 871
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
37
+ − 872
echo '<tr><td class="'.$class.'">Yahoo! IM: ' . $userdata['user_yahoo'] . '</td></tr>';
22
+ − 873
}
+ − 874
+ − 875
if ( !empty($userdata['user_msn']) )
+ − 876
{
+ − 877
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 878
$email_link = $email->encryptEmail($userdata['user_msn']);
+ − 879
echo '<tr><td class="'.$class.'">WLM: ' . $email_link . '</td></tr>';
+ − 880
}
+ − 881
+ − 882
if ( !empty($userdata['user_xmpp']) )
+ − 883
{
+ − 884
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 885
$email_link = $email->encryptEmail($userdata['user_xmpp']);
+ − 886
echo '<tr><td class="'.$class.'">XMPP/Jabber: ' . $email_link . '</td></tr>';
+ − 887
}
+ − 888
+ − 889
// Real life
+ − 890
+ − 891
echo '<tr><th class="subhead">' . htmlspecialchars($target_username) . ' in real life</th></tr>';
+ − 892
+ − 893
if ( !empty($userdata['user_location']) )
+ − 894
{
+ − 895
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
37
+ − 896
echo '<tr><td class="'.$class.'">Location: ' . $userdata['user_location'] . '</td></tr>';
22
+ − 897
}
+ − 898
+ − 899
if ( !empty($userdata['user_job']) )
+ − 900
{
+ − 901
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
37
+ − 902
echo '<tr><td class="'.$class.'">Job/occupation: ' . $userdata['user_job'] . '</td></tr>';
22
+ − 903
}
+ − 904
+ − 905
if ( !empty($userdata['user_hobbies']) )
+ − 906
{
+ − 907
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
37
+ − 908
echo '<tr><td class="'.$class.'">Enjoys: ' . $userdata['user_hobbies'] . '</td></tr>';
22
+ − 909
}
+ − 910
28
+ − 911
if ( empty($userdata['user_location']) && empty($userdata['user_job']) && empty($userdata['user_hobbies']) )
+ − 912
{
+ − 913
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 914
echo '<tr><td class="'.$class.'">' . htmlspecialchars($target_username) . ' hasn\'t posted any real-life contact information.</td></tr>';
+ − 915
}
+ − 916
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 917
echo ' </table>
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 918
</div>';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 919
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 920
echo '</tr></table>';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 921
22
+ − 922
else:
+ − 923
+ − 924
echo '<p>Additional information: user "' . htmlspecialchars($target_username) . '" does not exist.</p>';
+ − 925
+ − 926
endif;
+ − 927
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 928
// if ( $send_headers )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 929
// {
22
+ − 930
// display_page_footers();
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 931
// }
16
+ − 932
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 933
$this->send_headers = $send_headers;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 934
unset($send_headers);
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 935
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 936
$this->footer();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 937
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 938
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 939
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 940
/**
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 941
* Pushes to the redirect stack and resets the instance. This depends on the page ID and namespace already being validated and sanitized, and does not check the size of the redirect stack.
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 942
* @param string Page ID to redirect to
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 943
* @param string Namespace to redirect to
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 944
* @access private
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 945
*/
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 946
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 947
function _handle_redirect($page_id, $namespace)
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 948
{
92
+ − 949
global $db, $session, $paths, $template, $plugins; // Common objects
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 950
$arr_pid = array($this->page_id, $this->namespace);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 951
if ( $namespace == 'Special' || $namespace == 'Admin' )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 952
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 953
return 'This page redirects to a Special or Administration page, which is not allowed.';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 954
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 955
if ( in_array($this->redirect_stack, $arr_pid) )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 956
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 957
return 'This page infinitely redirects with another page (or another series of pages), and the infinite redirect was trapped.';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 958
}
92
+ − 959
$page_id_key = $paths->nslist[ $namespace ] . sanitize_page_id($page_id);
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 960
if ( !isset($paths->pages[$page_id_key]) )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 961
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 962
return 'This page redirects to another page that doesn\'t exist.';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 963
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 964
$this->redirect_stack[] = $arr_pid;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 965
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 966
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 967
// Nuke the text cache to avoid infinite loops, gah...
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 968
$this->text_cache = '';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 969
$this->_setup($page_id, $namespace, 0);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 970
$this->send();
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 971
return true;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 972
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 973
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 974
/**
1
+ − 975
* Send the error message to the user that the access to this page is denied.
+ − 976
* @access private
+ − 977
*/
+ − 978
+ − 979
function err_access_denied()
+ − 980
{
+ − 981
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 982
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 983
// Log it for crying out loud
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 984
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'illegal_page\', '.time().', \''.date('d M Y h:i a').'\', \''.$db->escape($session->username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(serialize(array($this->page_id, $this->namespace))) . '\')');
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 985
1
+ − 986
$ob = '';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 987
//$template->tpl_strings['PAGE_NAME'] = 'Access denied';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 988
$template->tpl_strings['PAGE_NAME'] = htmlspecialchars( $this->title );
1
+ − 989
+ − 990
if ( $this->send_headers )
+ − 991
{
+ − 992
$ob .= $template->getHeader();
+ − 993
}
+ − 994
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 995
if ( count($this->redirect_stack) > 0 )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 996
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 997
$stack = array_reverse($this->redirect_stack);
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 998
foreach ( $stack as $oldtarget )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 999
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1000
$url = makeUrlNS($oldtarget[1], $oldtarget[0], 'redirect=no', true);
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1001
$page_id_key = $paths->nslist[ $oldtarget[1] ] . $oldtarget[0];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1002
$page_data = $paths->pages[$page_id_key];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1003
$title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$oldtarget[1]] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $oldtarget[0] ) ) );
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1004
$a = '<a href="' . $url . '">' . $title . '</a>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1005
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1006
$url = makeUrlNS($this->namespace, $this->page_id, 'redirect=no', true);
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1007
$page_id_key = $paths->nslist[ $this->namespace ] . $this->page_id;
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1008
$page_data = $paths->pages[$page_id_key];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1009
$title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$this->namespace] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $this->page_id ) ) );
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1010
$b = '<a href="' . $url . '">' . $title . '</a>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1011
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1012
$ob .= '<small>(Redirected to ' . $b . ' from ' . $a . ')<br /></small>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1013
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1014
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1015
1
+ − 1016
$ob .= '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
+ − 1017
+ − 1018
if ( $this->send_headers )
+ − 1019
{
+ − 1020
$ob .= $template->getFooter();
+ − 1021
}
+ − 1022
echo $ob;
+ − 1023
}
+ − 1024
+ − 1025
/**
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1026
* Inform the user of an incorrect or absent password
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1027
* @access private
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1028
*/
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1029
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1030
function err_wrong_password()
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1031
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1032
global $db, $session, $paths, $template, $plugins; // Common objects
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1033
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1034
$title = 'Password required';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1035
$message = ( empty($this->password) ) ? '<p>Access to this page requires a password. Please enter the password for this page below:</p>' : '<p>The password you entered for this page was incorrect. Please enter the password for this page below:</p>';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1036
$message .= '<form action="' . makeUrlNS($this->namespace, $this->page_id) . '" method="post">
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1037
<p>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1038
<label>Password: <input name="pagepass" type="password" /></label> <input type="submit" value="Submit" />
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1039
</p>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1040
</form>';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1041
if ( $this->send_headers )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1042
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1043
$template->tpl_strings['PAGE_NAME'] = $title;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1044
$template->header();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1045
echo "$message";
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1046
$template->footer();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1047
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1048
else
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1049
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1050
echo "<h2>$title</h2>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1051
$message";
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1052
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1053
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1054
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1055
/**
1
+ − 1056
* Send the error message to the user complaining that there weren't any rows.
+ − 1057
* @access private
+ − 1058
*/
+ − 1059
+ − 1060
function err_no_rows()
+ − 1061
{
+ − 1062
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1063
+ − 1064
$title = 'No text rows';
+ − 1065
$message = 'While the page\'s existence was verified, there were no rows in the database that matched the query for the text. This may indicate a bug with the software; ask the webmaster for more information. The offending query was:<pre>' . $db->latest_query . '</pre>';
+ − 1066
if ( $this->send_headers )
+ − 1067
{
+ − 1068
$template->tpl_strings['PAGE_NAME'] = $title;
+ − 1069
$template->header();
+ − 1070
echo "<p>$message</p>";
+ − 1071
$template->footer();
+ − 1072
}
+ − 1073
else
+ − 1074
{
+ − 1075
echo "<h2>$title</h2>
+ − 1076
<p>$message</p>";
+ − 1077
}
+ − 1078
}
+ − 1079
+ − 1080
/**
+ − 1081
* Tell the user the page doesn't exist, and present them with their options.
+ − 1082
* @access private
+ − 1083
*/
+ − 1084
22
+ − 1085
function err_page_not_existent($userpage = false)
1
+ − 1086
{
+ − 1087
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1088
91
+ − 1089
header('HTTP/1.1 404 Not Found');
+ − 1090
1
+ − 1091
$this->header();
91
+ − 1092
$this->do_breadcrumbs();
+ − 1093
22
+ − 1094
if ( $userpage )
+ − 1095
{
+ − 1096
echo '<h3>There is no page with this title yet.</h3>
+ − 1097
<p>This user has not created his or her user page yet.';
+ − 1098
}
+ − 1099
else
+ − 1100
{
+ − 1101
echo '<h3>There is no page with this title yet.</h3>
+ − 1102
<p>You have requested a page that doesn\'t exist yet.';
+ − 1103
}
1
+ − 1104
if ( $session->get_permissions('create_page') )
+ − 1105
{
+ − 1106
echo ' You can <a href="'.makeUrlNS($this->namespace, $this->page_id, 'do=edit', true).'" onclick="ajaxEditor(); return false;">create this page</a>, or return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.';
+ − 1107
}
+ − 1108
else
+ − 1109
{
+ − 1110
echo ' Return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.</p>';
+ − 1111
}
+ − 1112
if ( $session->get_permissions('history_rollback') )
+ − 1113
{
+ − 1114
$e = $db->sql_query('SELECT * FROM ' . table_prefix . 'logs WHERE action=\'delete\' AND page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\' ORDER BY time_id DESC;');
+ − 1115
if ( !$e )
+ − 1116
{
+ − 1117
$db->_die('The deletion log could not be selected.');
+ − 1118
}
+ − 1119
if ( $db->numrows() > 0 )
+ − 1120
{
+ − 1121
$r = $db->fetchrow();
28
+ − 1122
echo '<p><b>This page was deleted on ' . $r['date_string'] . '.</b> The stated reason was:</p><blockquote>' . $r['edit_summary'] . '</blockquote><p>You can probably <a href="'.makeUrl($paths->page, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">roll back</a> the deletion.</p>';
93
+ − 1123
if ( $session->user_level >= USER_LEVEL_ADMIN )
+ − 1124
{
+ − 1125
echo '<p>Additional admin options: <a href="' . makeUrl($paths->page, 'do=detag', true) . '" title="Remove any tags on this page">detag page</a></p>';
+ − 1126
}
1
+ − 1127
}
+ − 1128
$db->free_result();
+ − 1129
}
+ − 1130
echo '<p>
+ − 1131
HTTP Error: 404 Not Found
+ − 1132
</p>';
+ − 1133
$this->footer();
+ − 1134
}
+ − 1135
+ − 1136
/**
91
+ − 1137
* Echoes out breadcrumb data, if appropriate.
+ − 1138
* @access private
+ − 1139
*/
+ − 1140
+ − 1141
function do_breadcrumbs()
+ − 1142
{
+ − 1143
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1144
if ( strpos($this->text_cache, '__NOBREADCRUMBS__') !== false )
+ − 1145
return false;
+ − 1146
$breadcrumb_data = explode('/', $this->page_id);
+ − 1147
if ( count($breadcrumb_data) > 1 )
+ − 1148
{
+ − 1149
echo '<!-- Start breadcrumbs -->
+ − 1150
<div class="breadcrumbs">
+ − 1151
';
+ − 1152
foreach ( $breadcrumb_data as $i => $higherpage )
+ − 1153
{
+ − 1154
$higherpage = $paths->nslist[$this->namespace] . sanitize_page_id(implode('/', array_slice($breadcrumb_data, 0, ($i+1))));
+ − 1155
if ( ($i + 1) == count($breadcrumb_data) )
+ − 1156
{
+ − 1157
$title = get_page_title($higherpage, false);
+ − 1158
if ( !$this->page_exists )
+ − 1159
{
+ − 1160
$title = explode('/', $title);
+ − 1161
$title = array_reverse($title);
+ − 1162
$title = $title[0];
+ − 1163
}
+ − 1164
echo htmlspecialchars($title);
+ − 1165
break;
+ − 1166
}
+ − 1167
else if ( isPage($higherpage) )
+ − 1168
{
+ − 1169
$title = get_page_title($higherpage, false);
+ − 1170
echo '<a href="' . makeUrl($higherpage, false, true) . '">' . htmlspecialchars($title) . '</a>';
+ − 1171
}
+ − 1172
else
+ − 1173
{
+ − 1174
$title = get_page_title($higherpage, false);
+ − 1175
$title = explode('/', $title);
+ − 1176
$title = array_reverse($title);
+ − 1177
$title = $title[0];
+ − 1178
echo '<a href="' . makeUrl($higherpage, false, true) . '" class="wikilink-nonexistent">' . htmlspecialchars($title) . '</a>';
+ − 1179
}
+ − 1180
echo ' » ';
+ − 1181
}
+ − 1182
echo '</div>
+ − 1183
<!-- End breadcrumbs -->
+ − 1184
';
+ − 1185
}
+ − 1186
}
+ − 1187
+ − 1188
/**
1
+ − 1189
* PHP 4 constructor.
+ − 1190
* @see PageProcessor::__construct()
+ − 1191
*/
+ − 1192
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1193
function PageProcessor( $page_id, $namespace, $revision_id = 0 )
1
+ − 1194
{
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1195
$this->__construct($page_id, $namespace, $revision_id);
1
+ − 1196
}
+ − 1197
+ − 1198
/**
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1199
* Send an error message and die. For debugging or critical technical errors only - nothing that would under normal circumstances be shown to the user.
1
+ − 1200
* @var string Error message
+ − 1201
* @var bool If true, send DBAL's debugging information as well
+ − 1202
*/
+ − 1203
+ − 1204
function send_error($message, $sql = false)
+ − 1205
{
+ − 1206
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1207
+ − 1208
$content = "<p>$message</p>";
+ − 1209
$template->tpl_strings['PAGE_NAME'] = 'General error in page fetcher';
+ − 1210
+ − 1211
if ( $this->debug['works'] )
+ − 1212
{
+ − 1213
$content .= $this->debug['backtrace'];
+ − 1214
}
+ − 1215
+ − 1216
header('HTTP/1.1 500 Internal Server Error');
+ − 1217
+ − 1218
$template->header();
+ − 1219
echo $content;
+ − 1220
$template->footer();
+ − 1221
+ − 1222
$db->close();
+ − 1223
+ − 1224
exit;
+ − 1225
+ − 1226
}
+ − 1227
+ − 1228
} // class PageProcessor
+ − 1229
+ − 1230
?>