0
+ − 1
<?php
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 2
166
+ − 3
/*
0
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
801
eb8b23f11744
Two big commits in one day I know, but redid password storage to use HMAC-SHA1. Consolidated much AES processing to three core methods in session that should handle everything automagically. Installation works; upgrades should. Rebranded as 1.1.6.
Dan
diff
changeset
+ − 5
* Version 1.1.6 (Caoineag beta 1)
536
+ − 6
* Copyright (C) 2006-2008 Dan Fuhry
0
+ − 7
*
+ − 8
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 9
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 10
*
+ − 11
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 12
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 13
*
246
+ − 14
* @package Enano
+ − 15
* @subpackage Frontend
0
+ − 16
*/
246
+ − 17
311
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 18
define('ENANO_INTERFACE_INDEX', '');
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 19
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 20
// For the mighty and brave.
605
+ − 21
// define('ENANO_DEBUG', '');
311
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 22
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 23
// Set up gzip encoding before any output is sent
42
45ebe475ff75
I dunno how many times I'm gonna have to fix the "problem seems to be the hex conversion" bug, but this is at least the fourth try.
Dan
diff
changeset
+ − 24
637
+ − 25
$aggressive_optimize_html = true;
42
45ebe475ff75
I dunno how many times I'm gonna have to fix the "problem seems to be the hex conversion" bug, but this is at least the fourth try.
Dan
diff
changeset
+ − 26
0
+ − 27
global $do_gzip;
637
+ − 28
$do_gzip = true;
42
45ebe475ff75
I dunno how many times I'm gonna have to fix the "problem seems to be the hex conversion" bug, but this is at least the fourth try.
Dan
diff
changeset
+ − 29
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 30
if ( isset($_GET['nocompress']) )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 31
$aggressive_optimize_html = false;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 32
0
+ − 33
error_reporting(E_ALL);
42
45ebe475ff75
I dunno how many times I'm gonna have to fix the "problem seems to be the hex conversion" bug, but this is at least the fourth try.
Dan
diff
changeset
+ − 34
0
+ − 35
if($aggressive_optimize_html || $do_gzip)
+ − 36
{
+ − 37
ob_start();
+ − 38
}
42
45ebe475ff75
I dunno how many times I'm gonna have to fix the "problem seems to be the hex conversion" bug, but this is at least the fourth try.
Dan
diff
changeset
+ − 39
564
a1c450a911a6
Updated version number metadata in system plugin files; added some comments and removed unused code from index.php and includes/graphs.php
Dan
diff
changeset
+ − 40
// start up Enano
0
+ − 41
require('includes/common.php');
42
45ebe475ff75
I dunno how many times I'm gonna have to fix the "problem seems to be the hex conversion" bug, but this is at least the fourth try.
Dan
diff
changeset
+ − 42
0
+ − 43
global $db, $session, $paths, $template, $plugins; // Common objects
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 44
$page_timestamp = time();
42
45ebe475ff75
I dunno how many times I'm gonna have to fix the "problem seems to be the hex conversion" bug, but this is at least the fourth try.
Dan
diff
changeset
+ − 45
307
+ − 46
if ( !isset($_GET['do']) )
+ − 47
{
+ − 48
$_GET['do'] = 'view';
+ − 49
}
0
+ − 50
switch($_GET['do'])
+ − 51
{
+ − 52
default:
759
+ − 53
$code = $plugins->setHook('page_action');
+ − 54
ob_start();
+ − 55
foreach ( $code as $cmd )
+ − 56
{
+ − 57
eval($cmd);
+ − 58
}
+ − 59
if ( $contents = ob_get_contents() )
+ − 60
{
+ − 61
ob_end_clean();
+ − 62
echo $contents;
+ − 63
}
+ − 64
else
+ − 65
{
+ − 66
die_friendly('Invalid action', '<p>The action "'.htmlspecialchars($_GET['do']).'" is not defined. Return to <a href="'.makeUrl($paths->page).'">viewing this page\'s text</a>.</p>');
+ − 67
}
0
+ − 68
break;
+ − 69
case 'view':
+ − 70
// echo PageUtils::getpage($paths->page, true, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 71
$rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
322
+ − 72
$page = new PageProcessor( $paths->page_id, $paths->namespace, $rev_id );
0
+ − 73
$page->send_headers = true;
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 74
$pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 75
$page->password = $pagepass;
61
+ − 76
$page->send(true);
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 77
$page_timestamp = $page->revision_time;
0
+ − 78
break;
+ − 79
case 'comments':
+ − 80
$template->header();
592
+ − 81
require_once(ENANO_ROOT.'/includes/pageutils.php');
0
+ − 82
$sub = ( isset ($_GET['sub']) ) ? $_GET['sub'] : false;
+ − 83
switch($sub)
+ − 84
{
+ − 85
case 'admin':
+ − 86
default:
+ − 87
$act = ( isset ($_GET['action']) ) ? $_GET['action'] : false;
+ − 88
$id = ( isset ($_GET['id']) ) ? intval($_GET['id']) : -1;
322
+ − 89
echo PageUtils::comments_html($paths->page_id, $paths->namespace, $act, Array('id'=>$id));
0
+ − 90
break;
+ − 91
case 'postcomment':
+ − 92
if(empty($_POST['name']) ||
+ − 93
empty($_POST['subj']) ||
+ − 94
empty($_POST['text'])
+ − 95
) { echo 'Invalid request'; break; }
+ − 96
$cid = ( isset($_POST['captcha_id']) ) ? $_POST['captcha_id'] : false;
+ − 97
$cin = ( isset($_POST['captcha_input']) ) ? $_POST['captcha_input'] : false;
322
+ − 98
PageUtils::addcomment($paths->page_id, $paths->namespace, $_POST['name'], $_POST['subj'], $_POST['text'], $cin, $cid); // All filtering, etc. is handled inside this method
+ − 99
echo PageUtils::comments_html($paths->page_id, $paths->namespace);
0
+ − 100
break;
+ − 101
case 'editcomment':
+ − 102
if(!isset($_GET['id']) || ( isset($_GET['id']) && !preg_match('#^([0-9]+)$#', $_GET['id']) )) { echo '<p>Invalid comment ID</p>'; break; }
+ − 103
$q = $db->sql_query('SELECT subject,comment_data,comment_id FROM '.table_prefix.'comments WHERE comment_id='.$_GET['id']);
+ − 104
if(!$q) $db->_die('The comment data could not be selected.');
+ − 105
$row = $db->fetchrow();
+ − 106
$db->free_result();
213
+ − 107
$row['subject'] = str_replace('\'', ''', $row['subject']);
0
+ − 108
echo '<form action="'.makeUrl($paths->page, 'do=comments&sub=savecomment').'" method="post">';
+ − 109
echo "<br /><div class='tblholder'><table border='0' width='100%' cellspacing='1' cellpadding='4'>
213
+ − 110
<tr><td class='row1'>" . $lang->get('comment_postform_field_subject') . "</td><td class='row1'><input type='text' name='subj' value='{$row['subject']}' /></td></tr>
+ − 111
<tr><td class='row2'>" . $lang->get('comment_postform_field_comment') . "</td><td class='row2'><textarea rows='10' cols='40' style='width: 98%;' name='text'>{$row['comment_data']}</textarea></td></tr>
+ − 112
<tr><td class='row1' colspan='2' class='row1' style='text-align: center;'><input type='hidden' name='id' value='{$row['comment_id']}' /><input type='submit' value='" . $lang->get('etc_save_changes') . "' /></td></tr>
0
+ − 113
</table></div>";
+ − 114
echo '</form>';
+ − 115
break;
+ − 116
case 'savecomment':
+ − 117
if(empty($_POST['subj']) || empty($_POST['text'])) { echo '<p>Invalid request</p>'; break; }
322
+ − 118
$r = PageUtils::savecomment_neater($paths->page_id, $paths->namespace, $_POST['subj'], $_POST['text'], (int)$_POST['id']);
0
+ − 119
if($r != 'good') { echo "<pre>$r</pre>"; break; }
322
+ − 120
echo PageUtils::comments_html($paths->page_id, $paths->namespace);
0
+ − 121
break;
+ − 122
case 'deletecomment':
+ − 123
if(!empty($_GET['id']))
+ − 124
{
322
+ − 125
PageUtils::deletecomment_neater($paths->page_id, $paths->namespace, (int)$_GET['id']);
0
+ − 126
}
322
+ − 127
echo PageUtils::comments_html($paths->page_id, $paths->namespace);
0
+ − 128
break;
+ − 129
}
+ − 130
$template->footer();
+ − 131
break;
+ − 132
case 'edit':
285
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 133
if(isset($_POST['_cancel']))
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 134
{
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 135
redirect(makeUrl($paths->page), '', '', 0);
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 136
break;
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 137
}
592
+ − 138
require_once(ENANO_ROOT.'/includes/pageutils.php');
285
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 139
if(isset($_POST['_save']))
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 140
{
337
+ − 141
$captcha_valid = true;
+ − 142
if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
285
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 143
{
337
+ − 144
$captcha_valid = false;
+ − 145
if ( isset($_POST['captcha_id']) && isset($_POST['captcha_code']) )
+ − 146
{
+ − 147
$hash_correct = strtolower($session->get_captcha($_POST['captcha_id']));
+ − 148
$hash_input = strtolower($_POST['captcha_code']);
+ − 149
if ( $hash_input === $hash_correct )
+ − 150
$captcha_valid = true;
+ − 151
}
+ − 152
}
+ − 153
if ( $captcha_valid )
+ − 154
{
+ − 155
$e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['page_text'], $_POST['edit_summary'], isset($_POST['minor']));
+ − 156
if ( $e == 'good' )
+ − 157
{
+ − 158
redirect(makeUrl($paths->page), $lang->get('editor_msg_save_success_title'), $lang->get('editor_msg_save_success_body'), 3);
+ − 159
}
285
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 160
}
0
+ − 161
}
+ − 162
$template->header();
337
+ − 163
if ( isset($captcha_valid) )
+ − 164
{
+ − 165
echo '<div class="usermessage">' . $lang->get('editor_err_captcha_wrong') . '</div>';
+ − 166
}
0
+ − 167
if(isset($_POST['_preview']))
+ − 168
{
+ − 169
$text = $_POST['page_text'];
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 170
$edsumm = $_POST['edit_summary'];
0
+ − 171
echo PageUtils::genPreview($_POST['page_text']);
220
+ − 172
$text = htmlspecialchars($text);
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 173
$revid = 0;
0
+ − 174
}
220
+ − 175
else
+ − 176
{
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 177
$revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0;
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 178
$page = new PageProcessor($paths->page_id, $paths->namespace, $revid);
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 179
$text = $page->fetch_source();
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 180
$edsumm = '';
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 181
// $text = RenderMan::getPage($paths->cpage['urlname_nons'], $paths->namespace, 0, false, false, false, false);
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 182
}
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 183
if ( $revid > 0 )
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 184
{
468
+ − 185
$time = $page->revision_time;
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 186
// Retrieve information about this revision and the current one
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 187
$q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 188
LEFT JOIN ' . table_prefix . 'logs AS l2
468
+ − 189
ON ( l2.log_id = ' . $revid . '
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 190
AND l2.log_type = \'page\'
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 191
AND l2.action = \'edit\'
468
+ − 192
AND l2.page_id = \'' . $db->escape($paths->page_id) . '\'
+ − 193
AND l2.namespace = \'' . $db->escape($paths->namespace) . '\'
+ − 194
AND l1.is_draft != 1
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 195
)
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 196
WHERE l1.log_type = \'page\'
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 197
AND l1.action = \'edit\'
468
+ − 198
AND l1.page_id = \'' . $db->escape($paths->page_id) . '\'
+ − 199
AND l1.namespace = \'' . $db->escape($paths->namespace) . '\'
+ − 200
AND l1.time_id > ' . $time . '
+ − 201
AND l1.is_draft != 1
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 202
ORDER BY l1.time_id DESC;');
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 203
if ( !$q )
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 204
$db->die_json();
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 205
468
+ − 206
if ( $db->numrows() > 0 )
+ − 207
{
+ − 208
echo '<div class="usermessage">' . $lang->get('editor_msg_editing_old_revision') . '</div>';
+ − 209
+ − 210
$rev_count = $db->numrows() - 2;
+ − 211
$row = $db->fetchrow();
+ − 212
$undo_info = array(
+ − 213
'old_author' => $row['oldrev_author'],
+ − 214
'current_author' => $row['currentrev_author'],
+ − 215
'undo_count' => max($rev_count, 1),
+ − 216
'last_rev_id' => $revid
+ − 217
);
+ − 218
}
+ − 219
else
+ − 220
{
+ − 221
$revid = 0;
+ − 222
}
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 223
$db->free_result();
220
+ − 224
}
0
+ − 225
echo '
+ − 226
<form action="'.makeUrl($paths->page, 'do=edit').'" method="post" enctype="multipart/form-data">
+ − 227
<br />
+ − 228
<textarea name="page_text" rows="20" cols="60" style="width: 97%;">'.$text.'</textarea><br />
+ − 229
<br />
+ − 230
';
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 231
$edsumm = ( $revid > 0 ) ? $lang->get('editor_reversion_edit_summary', $undo_info) : $edsumm;
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 232
echo $lang->get('editor_lbl_edit_summary') . ' <input name="edit_summary" type="text" size="40" value="' . htmlspecialchars($edsumm) . '" /><br /><label><input type="checkbox" name="minor" /> ' . $lang->get('editor_lbl_minor_edit_field') . '</label><br />';
337
+ − 233
if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
+ − 234
{
+ − 235
echo '<br /><table border="0"><tr><td>';
+ − 236
echo '<b>' . $lang->get('editor_lbl_field_captcha') . '</b><br />'
+ − 237
. '<br />'
+ − 238
. $lang->get('editor_msg_captcha_pleaseenter') . '<br /><br />'
+ − 239
. $lang->get('editor_msg_captcha_blind');
+ − 240
echo '</td><td>';
+ − 241
$hash = $session->make_captcha();
+ − 242
echo '<img src="' . makeUrlNS('Special', "Captcha/$hash") . '" onclick="this.src+=\'/a\'" style="cursor: pointer;" /><br />';
+ − 243
echo '<input type="hidden" name="captcha_id" value="' . $hash . '" />';
+ − 244
echo $lang->get('editor_lbl_field_captcha_code') . ' <input type="text" name="captcha_code" value="" size="9" />';
+ − 245
echo '</td></tr></table>';
+ − 246
}
0
+ − 247
echo '<br />
220
+ − 248
<input type="submit" name="_save" value="' . $lang->get('editor_btn_save') . '" style="font-weight: bold;" />
+ − 249
<input type="submit" name="_preview" value="' . $lang->get('editor_btn_preview') . '" />
+ − 250
<input type="submit" name="_revert" value="' . $lang->get('editor_btn_revert') . '" />
+ − 251
<input type="submit" name="_cancel" value="' . $lang->get('editor_btn_cancel') . '" />
0
+ − 252
</form>
+ − 253
';
832
7152ca0a0ce9
Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
diff
changeset
+ − 254
if ( getConfig('wiki_edit_notice', '0') == '1' )
160
+ − 255
{
+ − 256
$notice = getConfig('wiki_edit_notice_text');
+ − 257
echo RenderMan::render($notice);
+ − 258
}
0
+ − 259
$template->footer();
+ − 260
break;
+ − 261
case 'viewsource':
+ − 262
$template->header();
322
+ − 263
$text = RenderMan::getPage($paths->page_id, $paths->namespace, 0, false, false, false, false);
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
diff
changeset
+ − 264
$text = htmlspecialchars($text);
0
+ − 265
echo '
+ − 266
<form action="'.makeUrl($paths->page, 'do=edit').'" method="post">
+ − 267
<br />
+ − 268
<textarea readonly="readonly" name="page_text" rows="20" cols="60" style="width: 97%;">'.$text.'</textarea>';
+ − 269
echo '<br />
220
+ − 270
<input type="submit" name="_cancel" value="' . $lang->get('editor_btn_closeviewer') . '" />
0
+ − 271
</form>
+ − 272
';
+ − 273
$template->footer();
+ − 274
break;
+ − 275
case 'history':
592
+ − 276
require_once(ENANO_ROOT.'/includes/pageutils.php');
322
+ − 277
$hist = PageUtils::histlist($paths->page_id, $paths->namespace);
0
+ − 278
$template->header();
+ − 279
echo $hist;
+ − 280
$template->footer();
+ − 281
break;
+ − 282
case 'rollback':
+ − 283
$id = (isset($_GET['id'])) ? $_GET['id'] : false;
826
+ − 284
if(!$id || !ctype_digit($id)) die_friendly('Invalid action ID', '<p>The URL parameter "id" is not an integer. Exiting to prevent nasties like SQL injection, etc.</p>');
481
+ − 285
+ − 286
$id = intval($id);
+ − 287
+ − 288
$page = new PageProcessor($paths->page_id, $paths->namespace);
+ − 289
$result = $page->rollback_log_entry($id);
+ − 290
+ − 291
if ( $result['success'] )
+ − 292
{
+ − 293
$result = $lang->get("page_msg_rb_success_{$result['action']}", array('dateline' => $result['dateline']));
+ − 294
}
+ − 295
else
+ − 296
{
+ − 297
$result = $lang->get("page_err_{$result['error']}", array('action' => @$result['action']));
+ − 298
}
+ − 299
0
+ − 300
$template->header();
481
+ − 301
echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a></p>';
0
+ − 302
$template->footer();
+ − 303
break;
+ − 304
case 'catedit':
592
+ − 305
require_once(ENANO_ROOT.'/includes/pageutils.php');
0
+ − 306
if(isset($_POST['__enanoSaveButton']))
+ − 307
{
+ − 308
unset($_POST['__enanoSaveButton']);
322
+ − 309
$val = PageUtils::catsave($paths->page_id, $paths->namespace, $_POST);
0
+ − 310
if($val == 'GOOD')
+ − 311
{
+ − 312
header('Location: '.makeUrl($paths->page)); echo '<html><head><title>Redirecting...</title></head><body>If you haven\'t been redirected yet, <a href="'.makeUrl($paths->page).'">click here</a>.'; break;
+ − 313
} else {
+ − 314
die_friendly('Error saving category information', '<p>'.$val.'</p>');
+ − 315
}
+ − 316
}
+ − 317
elseif(isset($_POST['__enanoCatCancel']))
+ − 318
{
+ − 319
header('Location: '.makeUrl($paths->page)); echo '<html><head><title>Redirecting...</title></head><body>If you haven\'t been redirected yet, <a href="'.makeUrl($paths->page).'">click here</a>.'; break;
+ − 320
}
+ − 321
$template->header();
322
+ − 322
$c = PageUtils::catedit_raw($paths->page_id, $paths->namespace);
0
+ − 323
echo $c[1];
+ − 324
$template->footer();
+ − 325
break;
+ − 326
case 'moreoptions':
+ − 327
$template->header();
220
+ − 328
echo '<div class="menu_nojs" style="width: 150px; padding: 0;"><ul style="display: block;"><li><div class="label">' . $lang->get('ajax_lbl_moreoptions_nojs') . '</div><div style="clear: both;"></div></li>'.$template->toolbar_menu.'</ul></div>';
0
+ − 329
$template->footer();
+ − 330
break;
+ − 331
case 'protect':
+ − 332
if (!isset($_REQUEST['level'])) die_friendly('Invalid request', '<p>No protection level specified</p>');
592
+ − 333
require_once(ENANO_ROOT.'/includes/pageutils.php');
0
+ − 334
if(!empty($_POST['reason']))
+ − 335
{
+ − 336
if(!preg_match('#^([0-2]*){1}$#', $_POST['level'])) die_friendly('Error protecting page', '<p>Request validation failed</p>');
322
+ − 337
PageUtils::protect($paths->page_id, $paths->namespace, intval($_POST['level']), $_POST['reason']);
220
+ − 338
+ − 339
die_friendly($lang->get('page_protect_lbl_success_title'), '<p>' . $lang->get('page_protect_lbl_success_body', array( 'page_link' => makeUrl($paths->page) )) . '</p>');
0
+ − 340
}
+ − 341
$template->header();
+ − 342
?>
+ − 343
<form action="<?php echo makeUrl($paths->page, 'do=protect'); ?>" method="post">
+ − 344
<input type="hidden" name="level" value="<?php echo $_REQUEST['level']; ?>" />
220
+ − 345
<?php if(isset($_POST['reason'])) echo '<p style="color: red;">' . $lang->get('page_protect_err_need_reason') . '</p>'; ?>
+ − 346
<p><?php echo $lang->get('page_protect_lbl_reason'); ?></p>
0
+ − 347
<p><input type="text" name="reason" size="40" /><br />
220
+ − 348
<?php echo $lang->get('page_protect_lbl_level'); ?> <b><?php
0
+ − 349
switch($_REQUEST['level'])
+ − 350
{
+ − 351
case '0':
220
+ − 352
echo $lang->get('page_protect_lbl_level_none');
0
+ − 353
break;
+ − 354
case '1':
220
+ − 355
echo $lang->get('page_protect_lbl_level_full');
0
+ − 356
break;
+ − 357
case '2':
220
+ − 358
echo $lang->get('page_protect_lbl_level_semi');
0
+ − 359
break;
+ − 360
default:
+ − 361
echo 'None;</b> Warning: request validation will fail after clicking submit<b>';
+ − 362
}
+ − 363
?></b></p>
220
+ − 364
<p><input type="submit" value="<?php echo htmlspecialchars($lang->get('page_protect_btn_submit')) ?>" style="font-weight: bold;" /></p>
0
+ − 365
</form>
+ − 366
<?php
+ − 367
$template->footer();
+ − 368
break;
+ − 369
case 'rename':
592
+ − 370
require_once(ENANO_ROOT.'/includes/pageutils.php');
0
+ − 371
if(!empty($_POST['newname']))
+ − 372
{
322
+ − 373
$r = PageUtils::rename($paths->page_id, $paths->namespace, $_POST['newname']);
304
+ − 374
die_friendly($lang->get('page_rename_success_title'), '<p>'.nl2br($r).' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>');
0
+ − 375
}
+ − 376
$template->header();
+ − 377
?>
+ − 378
<form action="<?php echo makeUrl($paths->page, 'do=rename'); ?>" method="post">
220
+ − 379
<?php if(isset($_POST['newname'])) echo '<p style="color: red;">' . $lang->get('page_rename_err_need_name') . '</p>'; ?>
+ − 380
<p><?php echo $lang->get('page_rename_lbl'); ?></p>
0
+ − 381
<p><input type="text" name="newname" size="40" /></p>
220
+ − 382
<p><input type="submit" value="<?php echo htmlspecialchars($lang->get('page_rename_btn_submit')); ?>" style="font-weight: bold;" /></p>
0
+ − 383
</form>
+ − 384
<?php
42
45ebe475ff75
I dunno how many times I'm gonna have to fix the "problem seems to be the hex conversion" bug, but this is at least the fourth try.
Dan
diff
changeset
+ − 385
$template->footer();
0
+ − 386
break;
+ − 387
case 'flushlogs':
220
+ − 388
if(!$session->get_permissions('clear_logs'))
+ − 389
{
+ − 390
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>');
+ − 391
}
592
+ − 392
require_once(ENANO_ROOT.'/includes/pageutils.php');
0
+ − 393
if(isset($_POST['_downthejohn']))
+ − 394
{
+ − 395
$template->header();
322
+ − 396
$result = PageUtils::flushlogs($paths->page_id, $paths->namespace);
220
+ − 397
echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>';
0
+ − 398
$template->footer();
+ − 399
break;
+ − 400
}
+ − 401
$template->header();
+ − 402
?>
+ − 403
<form action="<?php echo makeUrl($paths->page, 'do=flushlogs'); ?>" method="post">
220
+ − 404
<?php echo $lang->get('page_flushlogs_warning_stern'); ?>
+ − 405
<p><input type="submit" name="_downthejohn" value="<?php echo htmlspecialchars($lang->get('page_flushlogs_btn_submit')); ?>" style="color: red; font-weight: bold;" /></p>
0
+ − 406
</form>
+ − 407
<?php
+ − 408
$template->footer();
+ − 409
break;
+ − 410
case 'delvote':
592
+ − 411
require_once(ENANO_ROOT.'/includes/pageutils.php');
0
+ − 412
if(isset($_POST['_ballotbox']))
+ − 413
{
+ − 414
$template->header();
322
+ − 415
$result = PageUtils::delvote($paths->page_id, $paths->namespace);
220
+ − 416
echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>';
0
+ − 417
$template->footer();
+ − 418
break;
+ − 419
}
+ − 420
$template->header();
+ − 421
?>
+ − 422
<form action="<?php echo makeUrl($paths->page, 'do=delvote'); ?>" method="post">
220
+ − 423
<?php
+ − 424
echo $lang->get('page_delvote_warning_stern');
+ − 425
echo '<p>';
+ − 426
switch($paths->cpage['delvotes'])
+ − 427
{
+ − 428
case 0: echo $lang->get('page_delvote_count_zero'); break;
+ − 429
case 1: echo $lang->get('page_delvote_count_one'); break;
+ − 430
default: echo $lang->get('page_delvote_count_plural', array('delvotes' => $paths->cpage['delvotes'])); break;
+ − 431
}
+ − 432
echo '</p>';
+ − 433
?>
+ − 434
<p><input type="submit" name="_ballotbox" value="<?php echo htmlspecialchars($lang->get('page_delvote_btn_submit')); ?>" /></p>
0
+ − 435
</form>
+ − 436
<?php
+ − 437
$template->footer();
+ − 438
break;
+ − 439
case 'resetvotes':
592
+ − 440
require_once(ENANO_ROOT.'/includes/pageutils.php');
220
+ − 441
if(!$session->get_permissions('vote_reset'))
+ − 442
{
+ − 443
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>');
+ − 444
}
0
+ − 445
if(isset($_POST['_youmaylivealittlelonger']))
+ − 446
{
+ − 447
$template->header();
322
+ − 448
$result = PageUtils::resetdelvotes($paths->page_id, $paths->namespace);
220
+ − 449
echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>';
0
+ − 450
$template->footer();
+ − 451
break;
+ − 452
}
+ − 453
$template->header();
+ − 454
?>
+ − 455
<form action="<?php echo makeUrl($paths->page, 'do=resetvotes'); ?>" method="post">
220
+ − 456
<p><?php echo $lang->get('ajax_delvote_reset_confirm'); ?></p>
+ − 457
<p><input type="submit" name="_youmaylivealittlelonger" value="<?php echo htmlspecialchars($lang->get('page_delvote_reset_btn_submit')); ?>" /></p>
0
+ − 458
</form>
+ − 459
<?php
+ − 460
$template->footer();
+ − 461
break;
+ − 462
case 'deletepage':
220
+ − 463
if(!$session->get_permissions('delete_page'))
+ − 464
{
+ − 465
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>');
+ − 466
}
592
+ − 467
require_once(ENANO_ROOT.'/includes/pageutils.php');
0
+ − 468
if(isset($_POST['_adiossucker']))
+ − 469
{
28
+ − 470
$reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
+ − 471
if ( empty($reason) )
220
+ − 472
$error = $lang->get('ajax_delete_prompt_reason');
28
+ − 473
else
+ − 474
{
+ − 475
$template->header();
322
+ − 476
$result = PageUtils::deletepage($paths->page_id, $paths->namespace, $reason);
220
+ − 477
echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>';
28
+ − 478
$template->footer();
+ − 479
break;
+ − 480
}
0
+ − 481
}
+ − 482
$template->header();
+ − 483
?>
+ − 484
<form action="<?php echo makeUrl($paths->page, 'do=deletepage'); ?>" method="post">
220
+ − 485
<?php echo $lang->get('page_delete_warning_stern'); ?>
28
+ − 486
<?php if ( isset($error) ) echo "<p>$error</p>"; ?>
220
+ − 487
<p><?php echo $lang->get('page_delete_lbl_reason'); ?> <input type="text" name="reason" size="50" /></p>
+ − 488
<p><input type="submit" name="_adiossucker" value="<?php echo htmlspecialchars($lang->get('page_delete_btn_submit')); ?>" style="color: red; font-weight: bold;" /></p>
0
+ − 489
</form>
+ − 490
<?php
+ − 491
$template->footer();
+ − 492
break;
+ − 493
case 'setwikimode':
220
+ − 494
if(!$session->get_permissions('set_wiki_mode'))
+ − 495
{
+ − 496
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>');
+ − 497
}
97
+ − 498
if ( isset($_POST['finish']) )
+ − 499
{
+ − 500
$level = intval($_POST['level']);
+ − 501
if ( !in_array($level, array(0, 1, 2) ) )
+ − 502
{
+ − 503
die_friendly('Invalid request', '<p>Level not specified</p>');
+ − 504
}
322
+ − 505
$q = $db->sql_query('UPDATE '.table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $paths->namespace . '\';');
97
+ − 506
if ( !$q )
+ − 507
$db->_die();
220
+ − 508
redirect(makeUrl($paths->page), htmlspecialchars($paths->cpage['name']), $lang->get('page_wikimode_success_redirect'), 2);
97
+ − 509
}
+ − 510
else
+ − 511
{
+ − 512
$template->header();
+ − 513
if(!isset($_GET['level']) || ( isset($_GET['level']) && !preg_match('#^([0-9])$#', $_GET['level']))) die_friendly('Invalid request', '<p>Level not specified</p>');
+ − 514
$level = intval($_GET['level']);
+ − 515
if ( !in_array($level, array(0, 1, 2) ) )
+ − 516
{
+ − 517
die_friendly('Invalid request', '<p>Level not specified</p>');
+ − 518
}
+ − 519
echo '<form action="' . makeUrl($paths->page, 'do=setwikimode', true) . '" method="post">';
+ − 520
echo '<input type="hidden" name="finish" value="foo" />';
+ − 521
echo '<input type="hidden" name="level" value="' . $level . '" />';
220
+ − 522
$level_txt = ( $level == 0 ) ? 'page_wikimode_level_off' : ( ( $level == 1 ) ? 'page_wikimode_level_on' : 'page_wikimode_level_global' );
+ − 523
$blurb = ( $level == 0 || ( $level == 2 && getConfig('wiki_mode') != '1' ) ) ? 'page_wikimode_blurb_disable' : 'page_wikimode_blurb_enable';
97
+ − 524
?>
220
+ − 525
<h3><?php echo $lang->get('page_wikimode_heading'); ?></h3>
+ − 526
<p><?php echo $lang->get($level_txt) . ' ' . $lang->get($blurb); ?></p>
+ − 527
<p><?php echo $lang->get('page_wikimode_warning'); ?></p>
+ − 528
<p><input type="submit" value="<?php echo htmlspecialchars($lang->get('page_wikimode_btn_submit')); ?>" /></p>
97
+ − 529
<?php
+ − 530
echo '</form>';
+ − 531
$template->footer();
+ − 532
}
0
+ − 533
break;
+ − 534
case 'diff':
592
+ − 535
require_once(ENANO_ROOT.'/includes/pageutils.php');
+ − 536
require_once(ENANO_ROOT.'/includes/diff.php');
0
+ − 537
$template->header();
+ − 538
$id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
+ − 539
$id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
+ − 540
if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
+ − 541
if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) ||
+ − 542
!preg_match('#^([0-9]+)$#', (string)$_GET['diff2'] )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
322
+ − 543
echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2);
0
+ − 544
$template->footer();
+ − 545
break;
91
+ − 546
case 'detag':
+ − 547
if ( $session->user_level < USER_LEVEL_ADMIN )
+ − 548
{
220
+ − 549
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>');
91
+ − 550
}
+ − 551
if ( $paths->page_exists )
+ − 552
{
220
+ − 553
die_friendly($lang->get('etc_invalid_request_short'), '<p>' . $lang->get('page_detag_err_page_exists') . '</p>');
91
+ − 554
}
322
+ − 555
$q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $paths->namespace . '\';');
91
+ − 556
if ( !$q )
+ − 557
$db->_die('Detag query, index.php:'.__LINE__);
220
+ − 558
die_friendly($lang->get('page_detag_success_title'), '<p>' . $lang->get('page_detag_success_body') . '</p>');
91
+ − 559
break;
0
+ − 560
case 'aclmanager':
592
+ − 561
require_once(ENANO_ROOT.'/includes/pageutils.php');
0
+ − 562
$data = ( isset($_POST['data']) ) ? $_POST['data'] : Array('mode' => 'listgroups');
+ − 563
PageUtils::aclmanager($data);
+ − 564
break;
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 565
case 'sql_report':
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 566
$rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
322
+ − 567
$page = new PageProcessor( $paths->page_id, $paths->namespace, $rev_id );
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 568
$page->send_headers = true;
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 569
$pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : '';
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 570
$page->password = $pagepass;
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 571
$page->send(true);
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 572
ob_end_clean();
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 573
ob_start();
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 574
$db->sql_report();
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 575
break;
0
+ − 576
}
42
45ebe475ff75
I dunno how many times I'm gonna have to fix the "problem seems to be the hex conversion" bug, but this is at least the fourth try.
Dan
diff
changeset
+ − 577
867
+ − 578
// Generate an ETag
+ − 579
/*
+ − 580
// format: first 10 digits of SHA1 of page name, user id in hex, user and auth levels, page timestamp in hex
+ − 581
$etag = substr(sha1($paths->namespace . ':' . $paths->page_id), 0, 10) . '-' .
+ − 582
"u{$session->user_id}l{$session->user_level}a{$session->auth_level}-" .
+ − 583
dechex($page_timestamp);
+ − 584
+ − 585
if ( isset($_SERVER['HTTP_IF_NONE_MATCH']) )
0
+ − 586
{
867
+ − 587
if ( "\"$etag\"" == $_SERVER['HTTP_IF_NONE_MATCH'] )
+ − 588
{
+ − 589
header('HTTP/1.1 304 Not Modified');
+ − 590
exit();
+ − 591
}
+ − 592
}
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 593
867
+ − 594
header("ETag: \"$etag\"");
+ − 595
*/
564
a1c450a911a6
Updated version number metadata in system plugin files; added some comments and removed unused code from index.php and includes/graphs.php
Dan
diff
changeset
+ − 596
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 597
$db->close();
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 598
gzip_output();
42
45ebe475ff75
I dunno how many times I'm gonna have to fix the "problem seems to be the hex conversion" bug, but this is at least the fourth try.
Dan
diff
changeset
+ − 599
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 600
@ob_end_flush();
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 601
0
+ − 602
?>