includes/pageutils.php
author Dan
Thu, 17 Jan 2008 02:03:33 -0500
changeset 349 fdaf9070566c
parent 345 4ccdfeee9a11
child 351 8978cb3541ca
permissions -rw-r--r--
More progress on the installer. At this point it can install and import the language, but does not rename config files. Still much work to be done, most notably localization and creation of MySQL users and databases.
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     1
<?php
166
d53cc29308f4 Rebrand as 1.1.1; everything should now be bumped to "unstable" status
Dan
parents: 158
diff changeset
     2
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     3
/*
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     4
 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
166
d53cc29308f4 Rebrand as 1.1.1; everything should now be bumped to "unstable" status
Dan
parents: 158
diff changeset
     5
 * Version 1.1.1
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     6
 * Copyright (C) 2006-2007 Dan Fuhry
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     7
 * pageutils.php - a class that handles raw page manipulations, used mostly by AJAX requests or their old-fashioned form-based counterparts
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     8
 *
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
     9
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    10
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    11
 *
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    12
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    13
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    14
 */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    15
 
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    16
class PageUtils {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    17
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    18
  /**
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    19
   * Tell if a username is used or not.
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    20
   * @param $name the name to check for
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    21
   * @return string
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    22
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    23
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    24
  function checkusername($name)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    25
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    26
    global $db, $session, $paths, $template, $plugins; // Common objects
270
5bcdee999015 Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
parents: 260
diff changeset
    27
    $name = str_replace('_', ' ', $name);
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    28
    $q = $db->sql_query('SELECT username FROM ' . table_prefix.'users WHERE username=\'' . $db->escape(rawurldecode($name)) . '\'');
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    29
    if ( !$q )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    30
    {
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
    31
      die($db->get_error());
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    32
    }
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    33
    if ( $db->numrows() < 1)
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    34
    {
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    35
      $db->free_result(); return('good');
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    36
    }
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    37
    else
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    38
    {
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    39
      $db->free_result(); return('bad');
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    40
    }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    41
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    42
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    43
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    44
   * Get the wiki formatting source for a page
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    45
   * @param $page the full page id (Namespace:Pagename)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    46
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    47
   * @todo (DONE) Make it require a password (just for security purposes)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    48
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    49
   
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    50
  function getsource($page, $password = false)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    51
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    52
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    53
    if(!isset($paths->pages[$page]))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    54
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    55
      return '';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    56
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    57
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    58
    if(strlen($paths->pages[$page]['password']) == 40)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    59
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    60
      if(!$password || ( $password != $paths->pages[$page]['password']))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    61
      {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    62
        return 'invalid_password';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    63
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    64
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    65
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    66
    if(!$session->get_permissions('view_source')) // Dependencies handle this for us - this also checks for read privileges
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    67
      return 'access_denied';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    68
    $pid = RenderMan::strToPageID($page);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    69
    if($pid[1] == 'Special' || $pid[1] == 'Admin')
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    70
    {
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    71
      die('This type of page (' . $paths->nslist[$pid[1]] . ') cannot be edited because the page source code is not stored in the database.');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    72
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    73
    
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
    74
    $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $pid[0] . '\' AND namespace=\'' . $pid[1] . '\'');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    75
    if ( !$e )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    76
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    77
      $db->_die('The page text could not be selected.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    78
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    79
    if( $db->numrows() < 1 )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    80
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    81
      return ''; //$db->_die('There were no rows in the text table that matched the page text query.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    82
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    83
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    84
    $r = $db->fetchrow();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    85
    $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    86
    $message = $r['page_text'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    87
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    88
    return htmlspecialchars($message);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    89
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    90
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    91
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    92
   * Basically a frontend to RenderMan::getPage(), with the ability to send valid data for nonexistent pages
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    93
   * @param $page the full page id (Namespace:Pagename)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    94
   * @param $send_headers true if the theme headers should be sent (still dependent on current page settings), false otherwise
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    95
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    96
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    97
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    98
  function getpage($page, $send_headers = false, $hist_id = false)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
    99
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   100
    die('PageUtils->getpage is deprecated.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   101
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   102
    ob_start();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   103
    $pid = RenderMan::strToPageID($page);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   104
    //die('<pre>'.print_r($pid, true).'</pre>');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   105
    if(isset($paths->pages[$page]['password']) && strlen($paths->pages[$page]['password']) == 40)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   106
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   107
      password_prompt($page);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   108
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   109
    if(isset($paths->pages[$page]))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   110
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   111
      doStats($pid[0], $pid[1]);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   112
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   113
    if($paths->custom_page || $pid[1] == 'Special')
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   114
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   115
      // If we don't have access to the page, get out and quick!
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   116
      if(!$session->get_permissions('read') && $pid[0] != 'Login' && $pid[0] != 'Register')
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   117
      {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   118
        $template->tpl_strings['PAGE_NAME'] = 'Access denied';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   119
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   120
        if ( $send_headers )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   121
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   122
          $template->header();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   123
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   124
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   125
        echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   126
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   127
        if ( $send_headers )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   128
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   129
          $template->footer();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   130
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   131
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   132
        $r = ob_get_contents();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   133
        ob_end_clean();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   134
        return $r;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   135
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   136
      
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   137
      $fname = 'page_' . $pid[1] . '_' . $paths->pages[$page]['urlname_nons'];
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   138
      @call_user_func($fname);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   139
      
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   140
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   141
    else if ( $pid[1] == 'Admin' )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   142
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   143
      // If we don't have access to the page, get out and quick!
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   144
      if(!$session->get_permissions('read'))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   145
      {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   146
        $template->tpl_strings['PAGE_NAME'] = 'Access denied';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   147
        if ( $send_headers )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   148
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   149
          $template->header();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   150
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   151
        echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   152
        if ( $send_headers )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   153
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   154
          $template->footer();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   155
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   156
        $r = ob_get_contents();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   157
        ob_end_clean();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   158
        return $r;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   159
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   160
      
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   161
      $fname = 'page_' . $pid[1] . '_' . $pid[0];
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   162
      if ( !function_exists($fname) )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   163
      {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   164
        $title = 'Page backend not found';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   165
        $message = "The administration page you are looking for was properly registered using the page API, but the backend function
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   166
                    (<tt>$fname</tt>) was not found. If this is a plugin page, then this is almost certainly a bug with the plugin.";
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   167
        if ( $send_headers )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   168
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   169
          die_friendly($title, "<p>$message</p>");
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   170
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   171
        else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   172
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   173
          echo "<h2>$title</h2>\n<p>$message</p>";
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   174
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   175
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   176
      @call_user_func($fname);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   177
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   178
    else if ( !isset( $paths->pages[$page] ) )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   179
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   180
      ob_start();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   181
      $code = $plugins->setHook('page_not_found');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   182
      foreach ( $code as $cmd )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   183
      {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   184
        eval($cmd);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   185
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   186
      $text = ob_get_contents();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   187
      if ( $text != '' )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   188
      {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   189
        ob_end_clean();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   190
        return $text;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   191
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   192
      $template->header();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   193
      if($m = $paths->sysmsg('Page_not_found'))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   194
      {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   195
        eval('?>'.RenderMan::render($m));
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   196
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   197
      else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   198
      {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   199
        header('HTTP/1.1 404 Not Found');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   200
        echo '<h3>There is no page with this title yet.</h3>
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   201
               <p>You have requested a page that doesn\'t exist yet.';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   202
        if($session->get_permissions('create_page')) echo ' You can <a href="'.makeUrl($paths->page, 'do=edit', true).'" onclick="ajaxEditor(); return false;">create this page</a>, or return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   203
        else echo ' Return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.</p>';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   204
        if ( $session->get_permissions('history_rollback') )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   205
        {
322
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 320
diff changeset
   206
          $e = $db->sql_query('SELECT * FROM ' . table_prefix.'logs WHERE action=\'delete\' AND page_id=\'' . $paths->page_id . '\' AND namespace=\'' . $pid[1] . '\' ORDER BY time_id DESC;');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   207
          if ( !$e )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   208
          {
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   209
            $db->_die('The deletion log could not be selected.');
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   210
          }
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   211
          if ($db->numrows() > 0 )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   212
          {
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   213
            $r = $db->fetchrow();
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   214
            echo '<p>This page also appears to have some log entries in the database - it seems that it was deleted on ' . $r['date_string'] . '. You can probably <a href="'.makeUrl($paths->page, 'do=rollback&amp;id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">roll back</a> the deletion.</p>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   215
          }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   216
          $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   217
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   218
        echo '<p>
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   219
                HTTP Error: 404 Not Found
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   220
              </p>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   221
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   222
      $template->footer();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   223
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   224
    else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   225
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   226
      
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   227
      // If we don't have access to the page, get out and quick!
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   228
      if(!$session->get_permissions('read'))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   229
      {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   230
        $template->tpl_strings['PAGE_NAME'] = 'Access denied';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   231
        if($send_headers) $template->header();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   232
        echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   233
        if($send_headers) $template->footer();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   234
        $r = ob_get_contents();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   235
        ob_end_clean();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   236
        return $r;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   237
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   238
      
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   239
      ob_start();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   240
      $code = $plugins->setHook('page_custom_handler');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   241
      foreach ( $code as $cmd )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   242
      {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   243
        eval($cmd);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   244
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   245
      $text = ob_get_contents();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   246
      if ( $text != '' )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   247
      {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   248
        ob_end_clean();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   249
        return $text;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   250
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   251
      
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   252
      if ( $hist_id )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   253
      {
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   254
        $e = $db->sql_query('SELECT page_text,date_string,char_tag FROM ' . table_prefix.'logs WHERE page_id=\'' . $paths->pages[$page]['urlname_nons'] . '\' AND namespace=\'' . $pid[1] . '\' AND log_type=\'page\' AND action=\'edit\' AND time_id=' . $db->escape($hist_id) . '');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   255
        if($db->numrows() < 1)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   256
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   257
          $db->_die('There were no rows in the text table that matched the page text query.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   258
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   259
        $r = $db->fetchrow();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   260
        $db->free_result();
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   261
        $message = '<div class="info-box" style="margin-left: 0; margin-top: 5px;"><b>Notice:</b><br />The page you are viewing was archived on ' . $r['date_string'] . '.<br /><a href="'.makeUrl($page).'" onclick="ajaxReset(); return false;">View current version</a>  |  <a href="'.makeUrl($page, 'do=rollback&amp;id=' . $hist_id) . '" onclick="ajaxRollback(\'' . $hist_id . '\')">Restore this version</a></div><br />'.RenderMan::render($r['page_text']);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   262
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   263
        if( !$paths->pages[$page]['special'] )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   264
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   265
          if($send_headers)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   266
          {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   267
            $template->header(); 
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   268
          }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   269
          display_page_headers();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   270
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   271
        
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   272
        eval('?>' . $message);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   273
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   274
        if( !$paths->pages[$page]['special'] )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   275
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   276
          display_page_footers();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   277
          if($send_headers)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   278
          {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   279
            $template->footer();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   280
          }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   281
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   282
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   283
      } else {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   284
        if(!$paths->pages[$page]['special'])
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   285
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   286
          $message = RenderMan::getPage($paths->pages[$page]['urlname_nons'], $pid[1]);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   287
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   288
        else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   289
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   290
          $message = RenderMan::getPage($paths->pages[$page]['urlname_nons'], $pid[1], 0, false, false, false, false);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   291
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   292
        // This line is used to debug wikiformatted code
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   293
        // die('<pre>'.htmlspecialchars($message).'</pre>');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   294
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   295
        if( !$paths->pages[$page]['special'] )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   296
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   297
          if($send_headers)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   298
          {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   299
            $template->header(); 
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   300
          }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   301
          display_page_headers();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   302
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   303
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   304
        // This is it, this is what all of Enano has been working up to...
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   305
        
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   306
        eval('?>' . $message);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   307
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   308
        if( !$paths->pages[$page]['special'] )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   309
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   310
          display_page_footers();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   311
          if($send_headers)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   312
          {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   313
            $template->footer();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   314
          }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   315
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   316
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   317
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   318
    $ret = ob_get_contents();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   319
    ob_end_clean();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   320
    return $ret;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   321
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   322
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   323
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   324
   * Writes page data to the database, after verifying permissions and running the XSS filter
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   325
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   326
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   327
   * @param $message the text to save
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   328
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   329
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   330
   
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   331
  function savepage($page_id, $namespace, $message, $summary = 'No edit summary given', $minor = false)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   332
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   333
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   334
    $uid = sha1(microtime());
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   335
    $pname = $paths->nslist[$namespace] . $page_id;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   336
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   337
    if(!$session->get_permissions('edit_page'))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   338
      return 'Access to edit pages is denied.';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   339
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   340
    if(!isset($paths->pages[$pname]))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   341
    {
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   342
      $create = PageUtils::createPage($page_id, $namespace);
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   343
      if ( $create != 'good' )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   344
        return 'The page did not exist, and I was not able to create it. The reported error was: ' . $create;
21
663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents: 19
diff changeset
   345
      $paths->page_exists = true;
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   346
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   347
    
260
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   348
    // Check page protection
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   349
    
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   350
    $is_protected = false;
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   351
    $page_data =& $paths->pages[$pname];
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   352
    // Is the protection semi?
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   353
    if ( $page_data['protected'] == 2 )
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   354
    {
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   355
      $is_protected = true;
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   356
      // Page is semi-protected. Has the user been here for at least 4 days?
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   357
      // 345600 seconds = 4 days
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   358
      if ( $session->user_logged_in && ( $session->reg_time + 345600 ) <= time() )
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   359
        $is_protected = false;
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   360
    }
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   361
    // Is the protection full?
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   362
    else if ( $page_data['protected'] == 1 )
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   363
    {
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   364
      $is_protected = true;
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   365
    }
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   366
    
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   367
    // If it's protected and we DON'T have even_when_protected rights, bail out
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   368
    if ( $is_protected && !$session->get_permissions('even_when_protected') )
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   369
    {
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   370
      return 'You don\'t have the necessary permissions to edit this page.';
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   371
    }
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   372
    
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   373
    // We're skipping the wiki mode check here because by default edit_page pemissions are AUTH_WIKIMODE.
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   374
    // The exception here is the user's own userpage, which is overridden at the time of account creation.
661beb9b0fa3 Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
parents: 256
diff changeset
   375
    // At that point it's set to AUTH_ALLOW, but obviously only for the user's own userpage.
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   376
    
21
663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents: 19
diff changeset
   377
    // Strip potentially harmful tags and PHP from the message, dependent upon permissions settings
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   378
    $message = RenderMan::preprocess_text($message, false, false);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   379
    
21
663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents: 19
diff changeset
   380
    $msg = $db->escape($message);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   381
    
320
112debff64bd SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
parents: 317
diff changeset
   382
    $minor = $minor ? ENANO_SQL_BOOLEAN_TRUE : ENANO_SQL_BOOLEAN_FALSE;
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   383
    $q='INSERT INTO ' . table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.enano_date('d M Y h:i a').'\', \'' . $paths->page_id . '\', \'' . $paths->namespace . '\', ' . ENANO_SQL_MULTISTRING_PRFIX . '\'' . $msg . '\', \'' . $uid . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($summary)) . '\', ' . $minor . ');';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   384
    if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   385
    
320
112debff64bd SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
parents: 317
diff changeset
   386
    $q = 'UPDATE ' . table_prefix.'page_text SET page_text=' . ENANO_SQL_MULTISTRING_PRFIX . '\'' . $msg . '\',char_tag=\'' . $uid . '\' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   387
    $e = $db->sql_query($q);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   388
    if(!$e) $db->_die('Enano was unable to save the page contents. Your changes have been lost <tt>:\'(</tt>.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   389
      
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   390
    $paths->rebuild_page_index($page_id, $namespace);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   391
      
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   392
    return 'good';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   393
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   394
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   395
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   396
   * Creates a page, both in memory and in the database.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   397
   * @param string $page_id
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   398
   * @param string $namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   399
   * @return bool true on success, false on failure
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   400
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   401
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   402
  function createPage($page_id, $namespace, $name = false, $visible = 1)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   403
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   404
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   405
    if(in_array($namespace, Array('Special', 'Admin')))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   406
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   407
      // echo '<b>Notice:</b> PageUtils::createPage: You can\'t create a special page in the database<br />';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   408
      return 'You can\'t create a special page in the database';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   409
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   410
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   411
    if(!isset($paths->nslist[$namespace]))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   412
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   413
      // echo '<b>Notice:</b> PageUtils::createPage: Couldn\'t look up the namespace<br />';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   414
      return 'Couldn\'t look up the namespace';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   415
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   416
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   417
    $pname = $paths->nslist[$namespace] . $page_id;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   418
    if(isset($paths->pages[$pname]))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   419
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   420
      // echo '<b>Notice:</b> PageUtils::createPage: Page already exists<br />';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   421
      return 'Page already exists';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   422
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   423
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   424
    if(!$session->get_permissions('create_page'))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   425
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   426
      // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create pages<br />';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   427
      return 'Not authorized to create pages';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   428
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   429
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   430
    if($session->user_level < USER_LEVEL_ADMIN && $namespace == 'System')
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   431
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   432
      // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   433
      return 'Not authorized to create system messages';
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   434
    }
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   435
    
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   436
    if ( substr($page_id, 0, 8) == 'Project:' )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   437
    {
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   438
      // echo '<b>Notice:</b> PageUtils::createPage: Prefix "Project:" is reserved<br />';
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   439
      return 'The prefix "Project:" is reserved for a parser shortcut; if a page was created using this prefix, it would not be possible to link to it.';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   440
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   441
    
21
663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents: 19
diff changeset
   442
    $page_id = dirtify_page_id($page_id);
663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents: 19
diff changeset
   443
    
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   444
    if ( !$name )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   445
      $name = str_replace('_', ' ', $page_id);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   446
    $regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is';
320
112debff64bd SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
parents: 317
diff changeset
   447
    if(!preg_match($regex, $name))
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   448
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   449
      //echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   450
      return 'Name contains invalid characters';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   451
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   452
    
21
663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents: 19
diff changeset
   453
    $page_id = sanitize_page_id( $page_id );
663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents: 19
diff changeset
   454
    
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   455
    $prot = ( $namespace == 'System' ) ? 1 : 0;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   456
    
112
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
   457
    $ips = array(
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
   458
      'ip' => array(),
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
   459
      'u' => array()
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
   460
      );
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
   461
    
21
663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents: 19
diff changeset
   462
    $page_data = Array(
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   463
      'name'=>$name,
21
663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents: 19
diff changeset
   464
      'urlname'=>$page_id,
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   465
      'namespace'=>$namespace,
112
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
   466
      'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>$prot,'delvotes'=>0,'delvote_ips'=>serialize($ips),'wiki_mode'=>2,
21
663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents: 19
diff changeset
   467
    );
663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents: 19
diff changeset
   468
    
663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents: 19
diff changeset
   469
    // die('PageUtils::createpage: Creating page with this data:<pre>' . print_r($page_data, true) . '</pre>');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   470
    
21
663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents: 19
diff changeset
   471
    $paths->add_page($page_data);
663fcf528726 Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents: 19
diff changeset
   472
    
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   473
    $qa = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\'' . $db->escape($name) . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\', '. ( $visible ? '1' : '0' ) .', ' . $prot . ', \'' . $db->escape(serialize($ips)) . '\');');
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   474
    $qb = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace) VALUES(\'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   475
    $qc = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.enano_date('d M Y h:i a').'\', \'page\', \'create\', \'' . $session->username . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   476
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   477
    if($qa && $qb && $qc)
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   478
      return 'good';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   479
    else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   480
    {
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   481
      return $db->get_error();
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   482
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   483
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   484
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   485
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   486
   * Sets the protection level on a page.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   487
   * @param $page_id string the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   488
   * @param $namespace string the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   489
   * @param $level int level of protection - 0 is off, 1 is full, 2 is semi
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   490
   * @param $reason string why the page is being (un)protected
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   491
   * @return string - "good" on success, in all other cases, an error string (on query failure, calls $db->_die() )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   492
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   493
  function protect($page_id, $namespace, $level, $reason)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   494
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   495
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   496
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   497
    $pname = $paths->nslist[$namespace] . $page_id;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   498
    $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   499
    $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   500
    
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   501
    if ( !$session->get_permissions('protect') )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   502
    {
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   503
      return('Insufficient access rights');
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   504
    }
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   505
    if ( !$wiki )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   506
    {
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   507
      return('Page protection only has an effect when Wiki Mode is enabled.');
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   508
    }
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   509
    if ( !preg_match('#^([0-9]+){1}$#', (string)$level) )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   510
    {
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   511
      return('Invalid $level parameter.');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   512
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   513
    
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   514
    switch($level)
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   515
    {
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   516
      case 0:
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   517
        $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.enano_date('d M Y h:i a').'\', \'page\', \'unprot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   518
        break;
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   519
      case 1:
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   520
        $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.enano_date('d M Y h:i a').'\', \'page\', \'prot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   521
        break;
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   522
      case 2:
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   523
        $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.enano_date('d M Y h:i a').'\', \'page\', \'semiprot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   524
        break;
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   525
      default:
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   526
        return 'PageUtils::protect(): Invalid value for $level';
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   527
        break;
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   528
    }
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   529
    if(!$db->sql_query($q)) $db->_die('The log entry for the page protection could not be inserted.');
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   530
    
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   531
    $q = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=' . $level . ' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   532
    if ( !$q )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   533
    {
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   534
      $db->_die('The pages table was not updated.');
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   535
    }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   536
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   537
    return('good');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   538
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   539
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   540
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   541
   * Generates an HTML table with history information in it.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   542
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   543
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   544
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   545
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   546
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   547
  function histlist($page_id, $namespace)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   548
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   549
    global $db, $session, $paths, $template, $plugins; // Common objects
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   550
    global $lang;
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   551
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   552
    if(!$session->get_permissions('history_view'))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   553
      return 'Access denied';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   554
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   555
    ob_start();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   556
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   557
    $pname = $paths->nslist[$namespace] . $page_id;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   558
    $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   559
    $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   560
    
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   561
    $q = 'SELECT time_id,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' ORDER BY time_id DESC;';
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   562
    if(!$db->sql_query($q)) $db->_die('The history data for the page "' . $paths->cpage['name'] . '" could not be selected.');
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   563
    echo $lang->get('history_page_subtitle') . '
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   564
          <h3>' . $lang->get('history_heading_edits') . '</h3>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   565
    $numrows = $db->numrows();
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   566
    if ( $numrows < 1 )
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   567
    {
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   568
      echo $lang->get('history_no_entries');
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   569
    }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   570
    else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   571
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   572
      echo '<form action="'.makeUrlNS($namespace, $page_id, 'do=diff').'" onsubmit="ajaxHistDiff(); return false;" method="get">
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   573
            <input type="submit" value="' . $lang->get('history_btn_compare') . '" />
115
261f367623af Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
parents: 112
diff changeset
   574
            ' . ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars($paths->nslist[$namespace] . $page_id) . '" />' : '' ) . '
261f367623af Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
parents: 112
diff changeset
   575
            ' . ( $session->sid_super ? '<input type="hidden" name="auth"  value="' . $session->sid_super . '" />' : '') . '
261f367623af Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
parents: 112
diff changeset
   576
            <input type="hidden" name="do" value="diff" />
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   577
            <br /><span>&nbsp;</span>
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   578
            <div class="tblholder">
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   579
            <table border="0" width="100%" cellspacing="1" cellpadding="4">
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   580
            <tr>
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   581
              <th colspan="2">' . $lang->get('history_col_diff') . '</th>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   582
              <th>' . $lang->get('history_col_datetime') . '</th>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   583
              <th>' . $lang->get('history_col_user') . '</th>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   584
              <th>' . $lang->get('history_col_summary') . '</th>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   585
              <th>' . $lang->get('history_col_minor') . '</th>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   586
              <th colspan="3">' . $lang->get('history_col_actions') . '</th>
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   587
            </tr>'."\n"."\n";
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   588
      $cls = 'row2';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   589
      $ticker = 0;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   590
      
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   591
      while ( $r = $db->fetchrow() )
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   592
      {
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   593
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   594
        $ticker++;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   595
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   596
        if($cls == 'row2') $cls = 'row1';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   597
        else $cls = 'row2';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   598
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   599
        echo '<tr>'."\n";
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   600
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   601
        // Diff selection
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   602
        if($ticker == 1)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   603
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   604
          $s1 = '';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   605
          $s2 = 'checked="checked" ';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   606
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   607
        elseif($ticker == 2)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   608
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   609
          $s1 = 'checked="checked" ';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   610
          $s2 = '';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   611
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   612
        else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   613
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   614
          $s1 = '';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   615
          $s2 = '';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   616
        }
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   617
        if($ticker > 1)        echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s1 . 'name="diff1" type="radio" value="' . $r['time_id'] . '" id="diff1_' . $r['time_id'] . '" class="clsDiff1Radio" onclick="selectDiff1Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   618
        if($ticker < $numrows) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s2 . 'name="diff2" type="radio" value="' . $r['time_id'] . '" id="diff2_' . $r['time_id'] . '" class="clsDiff2Radio" onclick="selectDiff2Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   619
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   620
        // Date and time
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   621
        echo '<td class="' . $cls . '">' . $r['date_string'] . '</td class="' . $cls . '">'."\n";
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   622
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   623
        // User
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   624
        if ( $session->get_permissions('mod_misc') && is_valid_ip($r['author']) )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   625
        {
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   626
          $rc = ' style="cursor: pointer;" title="' . $lang->get('history_tip_rdns') . '" onclick="ajaxReverseDNS(this, \'' . $r['author'] . '\');"';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   627
        }
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   628
        else
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   629
        {
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   630
          $rc = '';
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   631
        }
285
7846d45bd250 Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
parents: 270
diff changeset
   632
        echo '<td class="' . $cls . '"' . $rc . '><a href="'.makeUrlNS('User', sanitize_page_id($r['author'])).'" ';
7846d45bd250 Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
parents: 270
diff changeset
   633
        if ( !isPage($paths->nslist['User'] . sanitize_page_id($r['author'])) )
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   634
        {
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   635
          echo 'class="wikilink-nonexistent"';
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   636
        }
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   637
        echo '>' . $r['author'] . '</a></td class="' . $cls . '">'."\n";
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   638
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   639
        // Edit summary
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   640
        if ( $r['edit_summary'] == 'Automatic backup created when logs were purged' )
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   641
        {
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   642
          $r['edit_summary'] = $lang->get('history_summary_clearlogs');
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   643
        }
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   644
        echo '<td class="' . $cls . '">' . $r['edit_summary'] . '</td>'."\n";
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   645
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   646
        // Minor edit
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   647
        echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'."\n";
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   648
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   649
        // Actions!
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   650
        echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'oldid=' . $r['time_id']) . '" onclick="ajaxHistView(\'' . $r['time_id'] . '\'); return false;">' . $lang->get('history_action_view') . '</a></td>'."\n";
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   651
        echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">' . $lang->get('history_action_contrib') . '</a></td>'."\n";
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   652
        echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&amp;id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">' . $lang->get('history_action_restore') . '</a></td>'."\n";
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   653
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   654
        echo '</tr>'."\n"."\n";
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   655
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   656
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   657
      echo '</table>
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   658
            </div>
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   659
            <br />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   660
            <input type="hidden" name="do" value="diff" />
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   661
            <input type="submit" value="' . $lang->get('history_btn_compare') . '" />
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   662
            </form>
57
b354deeaa4c4 Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
parents: 40
diff changeset
   663
            <script type="text/javascript">if ( !KILL_SWITCH ) { buildDiffList(); }</script>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   664
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   665
    $db->free_result();
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   666
    echo '<h3>' . $lang->get('history_heading_other') . '</h3>';
322
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 320
diff changeset
   667
    $q = 'SELECT time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action!=\'edit\' AND page_id=\'' . $paths->page_id . '\' AND namespace=\'' . $paths->namespace . '\' ORDER BY time_id DESC;';
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   668
    if ( !$db->sql_query($q) )
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   669
    {
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   670
      $db->_die('The history data for the page "' . htmlspecialchars($paths->cpage['name']) . '" could not be selected.');
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   671
    }
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   672
    if ( $db->numrows() < 1 )
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   673
    {
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   674
      echo $lang->get('history_no_entries');
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   675
    }
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   676
    else
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   677
    {
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   678
      
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   679
      echo '<div class="tblholder">
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   680
              <table border="0" width="100%" cellspacing="1" cellpadding="4"><tr>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   681
                <th>' . $lang->get('history_col_datetime') . '</th>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   682
                <th>' . $lang->get('history_col_user') . '</th>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   683
                <th>' . $lang->get('history_col_minor') . '</th>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   684
                <th>' . $lang->get('history_col_action_taken') . '</th>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   685
                <th>' . $lang->get('history_col_extra') . '</th>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   686
                <th colspan="2"></th>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   687
              </tr>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   688
      $cls = 'row2';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   689
      while($r = $db->fetchrow()) {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   690
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   691
        if($cls == 'row2') $cls = 'row1';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   692
        else $cls = 'row2';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   693
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   694
        echo '<tr>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   695
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   696
        // Date and time
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   697
        echo '<td class="' . $cls . '">' . $r['date_string'] . '</td class="' . $cls . '">';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   698
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   699
        // User
285
7846d45bd250 Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
parents: 270
diff changeset
   700
        echo '<td class="' . $cls . '"><a href="'.makeUrlNS('User', sanitize_page_id($r['author'])).'" ';
7846d45bd250 Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
parents: 270
diff changeset
   701
        if(!isPage($paths->nslist['User'] . sanitize_page_id($r['author']))) echo 'class="wikilink-nonexistent"';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   702
        echo '>' . $r['author'] . '</a></td class="' . $cls . '">';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   703
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   704
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   705
        // Minor edit
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   706
        echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   707
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   708
        // Action taken
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   709
        echo '<td class="' . $cls . '">';
81
d7fc25acd3f3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
parents: 78
diff changeset
   710
        // Some of these are sanitized at insert-time. Others follow the newer Enano policy of stripping HTML at runtime.
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   711
        if    ($r['action']=='prot')     echo $lang->get('history_log_protect') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $r['edit_summary'];
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   712
        elseif($r['action']=='unprot')   echo $lang->get('history_log_unprotect') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $r['edit_summary'];
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   713
        elseif($r['action']=='semiprot') echo $lang->get('history_log_semiprotect') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $r['edit_summary'];
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   714
        elseif($r['action']=='rename')   echo $lang->get('history_log_rename') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_oldtitle') . ' '.htmlspecialchars($r['edit_summary']);
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   715
        elseif($r['action']=='create')   echo $lang->get('history_log_create') . '</td><td class="' . $cls . '">';
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   716
        elseif($r['action']=='delete')   echo $lang->get('history_log_delete') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' ' . $r['edit_summary'];
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   717
        elseif($r['action']=='reupload') echo $lang->get('history_log_uploadnew') . '</td><td class="' . $cls . '">' . $lang->get('history_extra_reason') . ' '.htmlspecialchars($r['edit_summary']);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   718
        echo '</td>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   719
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   720
        // Actions!
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   721
        echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">' . $lang->get('history_action_contrib') . '</a></td>';
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   722
        echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&amp;id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">' . $lang->get('history_action_revert') . '</a></td>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   723
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   724
        echo '</tr>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   725
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   726
      echo '</table></div>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   727
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   728
    $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   729
    $ret = ob_get_contents();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   730
    ob_end_clean();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   731
    return $ret;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   732
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   733
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   734
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   735
   * Rolls back a logged action
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   736
   * @param $id the time ID, a.k.a. the primary key in the logs table
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   737
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   738
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   739
   
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   740
  function rollback($id)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   741
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   742
    global $db, $session, $paths, $template, $plugins; // Common objects
158
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   743
    if ( !$session->get_permissions('history_rollback') )
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   744
    {
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   745
      return('You are not authorized to perform rollbacks.');
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   746
    }
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   747
    if ( !preg_match('#^([0-9]+)$#', (string)$id) )
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   748
    {
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   749
      return('The value "id" on the query string must be an integer.');
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   750
    }
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   751
    $e = $db->sql_query('SELECT log_type,action,date_string,page_id,namespace,page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id . ';');
158
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   752
    if ( !$e )
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   753
    {
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   754
      $db->_die('The rollback data could not be selected.');
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   755
    }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   756
    $rb = $db->fetchrow();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   757
    $db->free_result();
158
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   758
    
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   759
    if ( $rb['log_type'] == 'page' && $rb['action'] != 'delete' )
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   760
    {
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   761
      $pagekey = $paths->nslist[$rb['namespace']] . $rb['page_id'];
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   762
      if ( !isset($paths->pages[$pagekey]) )
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   763
      {
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   764
        return "Page doesn't exist";
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   765
      }
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   766
      $pagedata =& $paths->pages[$pagekey];
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   767
      $protected = false;
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   768
      // Special case: is the page protected? if so, check for even_when_protected permissions
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   769
      if($pagedata['protected'] == 2)
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   770
      {
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   771
        // The page is semi-protected, determine permissions
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   772
        if($session->user_logged_in && $session->reg_time + 60*60*24*4 < time()) 
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   773
        {
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   774
          $protected = false;
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   775
        }
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   776
        else
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   777
        {
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   778
          $protected = true;
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   779
        }
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   780
      }
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   781
      else
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   782
      {
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   783
        $protected = ( $pagedata['protected'] == 1 );
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   784
      }
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   785
      
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   786
      $perms = $session->fetch_page_acl($rb['page_id'], $rb['namespace']);
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   787
      
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   788
      if ( $protected && !$perms->get_permissions('even_when_protected') )
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   789
      {
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   790
        return "Because this page is protected, you need moderator rights to roll back changes.";
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   791
      }
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   792
    }
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   793
    else
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   794
    {
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   795
      $perms =& $session;
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   796
    }
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   797
    
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   798
    switch($rb['log_type'])
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   799
    {
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   800
      case "page":
158
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   801
        switch($rb['action'])
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   802
        {
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   803
          case "edit":
158
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   804
            if ( !$perms->get_permissions('edit_page') )
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   805
              return "You don't have permission to edit pages, so rolling back edits can't be allowed either.";
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   806
            $t = $db->escape($rb['page_text']);
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   807
            $e = $db->sql_query('UPDATE ' . table_prefix.'page_text SET page_text=\'' . $t . '\',char_tag=\'' . $rb['char_tag'] . '\' WHERE page_id=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
158
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   808
            if ( !$e )
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   809
            {
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   810
              return("An error occurred during the rollback operation.\nMySQL said: ".$db->get_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
158
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   811
            }
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   812
            else
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   813
            {
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   814
              return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the state it was in on ' . $rb['date_string'] . '.';
158
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   815
            }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   816
            break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   817
          case "rename":
158
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   818
            if ( !$perms->get_permissions('rename') )
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   819
              return "You don't have permission to rename pages, so rolling back renames can't be allowed either.";
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   820
            $t = $db->escape($rb['edit_summary']);
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   821
            $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET name=\'' . $t . '\' WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
158
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   822
            if ( !$e )
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   823
            {
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   824
              return "An error occurred during the rollback operation.\nMySQL said: ".$db->get_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
158
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   825
            }
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   826
            else
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   827
            {
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   828
              return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the name it had ("' . $rb['edit_summary'] . '") before ' . $rb['date_string'] . '.';
158
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   829
            }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   830
            break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   831
          case "prot":
158
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   832
            if ( !$perms->get_permissions('protect') )
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   833
              return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   834
            $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=0 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
158
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   835
            if ( !$e )
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   836
              return "An error occurred during the rollback operation.\nMySQL said: ".$db->get_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
158
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   837
            else
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   838
              return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at ' . $rb['date_string'] . '.';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   839
            break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   840
          case "semiprot":
158
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   841
            if ( !$perms->get_permissions('protect') )
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   842
              return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   843
            $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=0 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
158
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   844
            if ( !$e )
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   845
              return "An error occurred during the rollback operation.\nMySQL said: ".$db->get_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
158
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   846
            else
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   847
              return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at ' . $rb['date_string'] . '.';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   848
            break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   849
          case "unprot":
158
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   850
            if ( !$perms->get_permissions('protect') )
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   851
              return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   852
            $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=1 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
158
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   853
            if ( !$e )
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   854
              return "An error occurred during the rollback operation.\nMySQL said: ".$db->get_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
158
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   855
            else
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   856
              return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been protected according to the log created at ' . $rb['date_string'] . '.';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   857
            break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   858
          case "delete":
158
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   859
            if ( !$perms->get_permissions('history_rollback_extra') )
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   860
              return 'Administrative privileges are required for page undeletion.';
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   861
            if ( isset($paths->pages[$paths->cpage['urlname']]) )
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   862
              return 'You cannot raise a dead page that is alive.';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   863
            $name = str_replace('_', ' ', $rb['page_id']);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   864
            $e = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace) VALUES( \'' . $name . '\', \'' . $rb['page_id'] . '\',\'' . $rb['namespace'] . '\' )');if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".$db->get_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   865
            $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'logs WHERE page_id=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\' AND log_type=\'page\' AND action=\'edit\' ORDER BY time_id DESC;'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".$db->get_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   866
            $r = $db->fetchrow();
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   867
            $e = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\'' . $rb['page_id'] . '\',\'' . $rb['namespace'] . '\',\'' . $db->escape($r['page_text']) . '\',\'' . $r['char_tag'] . '\')'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".$db->get_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   868
            return 'The page "' . $name . '" has been undeleted according to the log created at ' . $rb['date_string'] . '.';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   869
            break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   870
          case "reupload":
234
d5dff8148dfe Renaming config.php and .htaccess to *.new to allow tarbombing an Enano installation with no adverse effects; first attempt, may not work right.
Dan
parents: 194
diff changeset
   871
            if ( !$session->get_permissions('history_rollback_extra') )
158
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   872
            {
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   873
              return 'Administrative privileges are required for file rollbacks.';
ebf00a7d21db SECURITY: tightened up validation for rollbacks
Dan
parents: 142
diff changeset
   874
            }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   875
            $newtime = time();
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   876
            $newdate = enano_date('d M Y h:i a');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   877
            if(!$db->sql_query('UPDATE ' . table_prefix.'logs SET time_id=' . $newtime . ',date_string=\'' . $newdate . '\' WHERE time_id=' . $id))
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   878
              return 'Error during query: '.$db->get_error();
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   879
            if(!$db->sql_query('UPDATE ' . table_prefix.'files SET time_id=' . $newtime . ' WHERE time_id=' . $id))
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   880
              return 'Error during query: '.$db->get_error();
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   881
            return 'The file has been rolled back to the version uploaded on '.enano_date('d M Y h:i a', (int)$id).'.';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   882
            break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   883
          default:
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   884
            return('Rollback of the action "' . $rb['action'] . '" is not yet supported.');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   885
            break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   886
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   887
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   888
      case "security":
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   889
      case "login":
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   890
        return('A ' . $rb['log_type'] . '-related log entry cannot be rolled back.');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   891
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   892
      default:
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   893
        return('Unknown log entry type: "' . $rb['log_type'] . '"');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   894
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   895
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   896
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   897
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   898
   * Posts a comment.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   899
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   900
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   901
   * @param $name the name of the person posting, defaults to current username/IP
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   902
   * @param $subject the subject line of the comment
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   903
   * @param $text the comment text
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   904
   * @return string javascript code
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   905
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   906
   
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   907
  function addcomment($page_id, $namespace, $name, $subject, $text, $captcha_code = false, $captcha_id = false)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   908
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   909
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   910
    $_ob = '';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   911
    if(!$session->get_permissions('post_comments'))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   912
      return 'Access denied';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   913
    if(getConfig('comments_need_login') == '2' && !$session->user_logged_in) _die('Access denied to post comments: you need to be logged in first.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   914
    if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   915
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   916
      if(!$captcha_code || !$captcha_id) _die('BUG: PageUtils::addcomment: no CAPTCHA data passed to method');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   917
      $result = $session->get_captcha($captcha_id);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   918
      if($captcha_code != $result) _die('The confirmation code you entered was incorrect.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   919
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   920
    $text = RenderMan::preprocess_text($text);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   921
    $name = $session->user_logged_in ? RenderMan::preprocess_text($session->username) : RenderMan::preprocess_text($name);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   922
    $subj = RenderMan::preprocess_text($subject);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   923
    if(getConfig('approve_comments')=='1') $appr = '0'; else $appr = '1';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   924
    $q = 'INSERT INTO ' . table_prefix.'comments(page_id,namespace,subject,comment_data,name,user_id,approved,time) VALUES(\'' . $page_id . '\',\'' . $namespace . '\',\'' . $subj . '\',\'' . $text . '\',\'' . $name . '\',' . $session->user_id . ',' . $appr . ','.time().')';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   925
    $e = $db->sql_query($q);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   926
    if(!$e) die('alert(unescape(\''.rawurlencode('Error inserting comment data: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'))');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   927
    else $_ob .= '<div class="info-box">Your comment has been posted.</div>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   928
    return PageUtils::comments($page_id, $namespace, false, Array(), $_ob);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   929
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   930
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   931
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   932
   * Generates partly-compiled HTML/Javascript code to be eval'ed by the user's browser to display comments
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   933
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   934
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   935
   * @param $action administrative action to perform, default is false
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   936
   * @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   937
   * @param $_ob text to prepend to output, used by PageUtils::addcomment
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   938
   * @return array
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   939
   * @access private
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   940
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   941
   
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   942
  function comments_raw($page_id, $namespace, $action = false, $flags = Array(), $_ob = '')
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   943
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   944
    global $db, $session, $paths, $template, $plugins; // Common objects
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   945
    global $lang;
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   946
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   947
    $pname = $paths->nslist[$namespace] . $page_id;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   948
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   949
    ob_start();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   950
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   951
    if($action && $session->get_permissions('mod_comments')) // Nip hacking attempts in the bud
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   952
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   953
      switch($action) {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   954
      case "delete":
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   955
        if(isset($flags['id']))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   956
        {
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   957
          $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id='.intval($flags['id']).' LIMIT 1;';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   958
        } else {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   959
          $n = $db->escape($flags['name']);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   960
          $s = $db->escape($flags['subj']);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   961
          $t = $db->escape($flags['text']);
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   962
          $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   963
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   964
        $e=$db->sql_query($q);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   965
        if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   966
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   967
      case "approve":
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   968
        if(isset($flags['id']))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   969
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   970
          $where = 'comment_id='.intval($flags['id']);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   971
        } else {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   972
          $n = $db->escape($flags['name']);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   973
          $s = $db->escape($flags['subj']);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   974
          $t = $db->escape($flags['text']);
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   975
          $where = 'name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\'';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   976
        }
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   977
        $q = 'SELECT approved FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ' LIMIT 1;';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   978
        $e = $db->sql_query($q);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   979
        if(!$e) die('alert(unesape(\''.rawurlencode('Error selecting approval status: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   980
        $r = $db->fetchrow();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   981
        $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   982
        $a = ( $r['approved'] ) ? '0' : '1';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   983
        $q = 'UPDATE ' . table_prefix.'comments SET approved=' . $a . ' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ';';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   984
        $e=$db->sql_query($q);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
   985
        if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   986
        if($a=='1') $v = $lang->get('comment_btn_mod_unapprove');
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
   987
        else $v = $lang->get('comment_btn_mod_approve');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
   988
        echo 'document.getElementById("mdgApproveLink'.intval($_GET['id']).'").innerHTML="' . $v . '";';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   989
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   990
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   991
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   992
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   993
    if(!defined('ENANO_TEMPLATE_LOADED'))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   994
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   995
      $template->load_theme($session->theme, $session->style);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   996
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   997
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   998
    $tpl = $template->makeParser('comment.tpl');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   999
    
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1000
    $e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=0;');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1001
    if(!$e) $db->_die('The comment text data could not be selected.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1002
    $num_unapp = $db->numrows();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1003
    $db->free_result();
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1004
    $e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=1;');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1005
    if(!$e) $db->_die('The comment text data could not be selected.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1006
    $num_app = $db->numrows();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1007
    $db->free_result();
328
dc838fd61a06 Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
parents: 326
diff changeset
  1008
    $lq = $db->sql_query('SELECT c.comment_id,c.subject,c.name,c.comment_data,c.approved,c.time,c.user_id,u.user_level,u.signature,u.user_has_avatar,u.avatar_type
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1009
                  FROM ' . table_prefix.'comments AS c
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1010
                  LEFT JOIN ' . table_prefix.'users AS u
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1011
                    ON c.user_id=u.user_id
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1012
                  WHERE page_id=\'' . $page_id . '\'
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1013
                  AND namespace=\'' . $namespace . '\' ORDER BY c.time ASC;');
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1014
    if(!$lq) _die('The comment text data could not be selected. '.$db->get_error());
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1015
    $_ob .= '<h3>' . $lang->get('comment_heading') . '</h3>';
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1016
    
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1017
    $n = ( $session->get_permissions('mod_comments')) ? $db->numrows() : $num_app;
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1018
    
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1019
    $subst = array(
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1020
        'num_comments' => $n,
226
0e6478521004 Fixed the one FIXME in PageUtils regarding static HTML comment system's greeting line; fixed parsing of external links in template->tplWikiFormat
Dan
parents: 219
diff changeset
  1021
        'page_type' => $template->namespace_string
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1022
      );
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1023
    
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1024
    $_ob .= '<p>';
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1025
    $_ob .= ( $n == 0 ) ? $lang->get('comment_msg_count_zero', $subst) : ( $n == 1 ? $lang->get('comment_msg_count_one', $subst) : $lang->get('comment_msg_count_plural', $subst) );
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1026
    
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1027
    if ( $session->get_permissions('mod_comments') && $num_unapp > 0 )
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1028
    {
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1029
      $_ob .= ' <span style="color: #D84308">' . $lang->get('comment_msg_count_unapp_mod', array( 'num_unapp' => $num_unapp )) . '</span>';
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1030
    }
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1031
    else if ( !$session->get_permissions('mod_comments') && $num_unapp > 0 )
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1032
    {
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1033
      $ls = ( $num_unapp == 1 ) ? 'comment_msg_count_unapp_one' : 'comment_msg_count_unapp_plural';
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1034
      $_ob .= ' <span>' . $lang->get($ls, array( 'num_unapp' => $num_unapp )) . '</span>';
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1035
    }
78
4df25dfdde63 Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
parents: 73
diff changeset
  1036
    $_ob .= '</p>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1037
    $list = 'list = { ';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1038
    // _die(htmlspecialchars($ttext));
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1039
    $i = -1;
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1040
    while ( $row = $db->fetchrow($lq) )
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1041
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1042
      $i++;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1043
      $strings = Array();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1044
      $bool = Array();
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1045
      if ( $session->get_permissions('mod_comments') || $row['approved'] )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1046
      {
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1047
        $list .= $i . ' : { \'comment\' : unescape(\''.rawurlencode($row['comment_data']).'\'), \'name\' : unescape(\''.rawurlencode($row['name']).'\'), \'subject\' : unescape(\''.rawurlencode($row['subject']).'\'), }, ';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1048
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1049
        // Comment ID (used in the Javascript apps)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1050
        $strings['ID'] = (string)$i;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1051
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1052
        // Determine the name, and whether to link to the user page or not
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1053
        $name = '';
304
e2cb5f1432c8 Merging in the newly stable Coblynau
Dan
parents: 271 285
diff changeset
  1054
        if($row['user_id'] > 1) $name .= '<a href="'.makeUrlNS('User', sanitize_page_id(' ', '_', $row['name'])).'">';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1055
        $name .= $row['name'];
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1056
        if($row['user_id'] > 1) $name .= '</a>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1057
        $strings['NAME'] = $name; unset($name);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1058
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1059
        // Subject
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1060
        $s = $row['subject'];
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1061
        if(!$row['approved']) $s .= ' <span style="color: #D84308">' . $lang->get('comment_msg_note_unapp') . '</span>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1062
        $strings['SUBJECT'] = $s;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1063
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1064
        // Date and time
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1065
        $strings['DATETIME'] = enano_date('F d, Y h:i a', $row['time']);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1066
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1067
        // User level
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1068
        switch($row['user_level'])
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1069
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1070
          default:
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1071
          case USER_LEVEL_GUEST:
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1072
            $l = $lang->get('user_type_guest');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1073
            break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1074
          case USER_LEVEL_MEMBER:
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1075
          case USER_LEVEL_CHPREF:
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1076
            $l = $lang->get('user_type_member');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1077
            break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1078
          case USER_LEVEL_MOD:
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1079
            $l = $lang->get('user_type_mod');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1080
            break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1081
          case USER_LEVEL_ADMIN:
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1082
            $l = $lang->get('user_type_admin');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1083
            break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1084
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1085
        $strings['USER_LEVEL'] = $l; unset($l);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1086
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1087
        // The actual comment data
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1088
        $strings['DATA'] = RenderMan::render($row['comment_data']);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1089
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1090
        if($session->get_permissions('edit_comments'))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1091
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1092
          // Edit link
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1093
          $strings['EDIT_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&amp;sub=editcomment&amp;id=' . $row['comment_id']) . '" id="editbtn_' . $i . '">' . $lang->get('comment_btn_edit') . '</a>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1094
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1095
          // Delete link
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1096
          $strings['DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&amp;sub=deletecomment&amp;id=' . $row['comment_id']) . '">' . $lang->get('comment_btn_delete') . '</a>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1097
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1098
        else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1099
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1100
          // Edit link
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1101
          $strings['EDIT_LINK'] = '';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1102
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1103
          // Delete link
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1104
          $strings['DELETE_LINK'] = '';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1105
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1106
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1107
        // Send PM link
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1108
        $strings['SEND_PM_LINK'] = ( $session->user_logged_in && $row['user_id'] > 1 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/To/' . $row['name']) . '">' . $lang->get('comment_btn_send_privmsg') . '</a><br />' : '';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1109
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1110
        // Add Buddy link
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1111
        $strings['ADD_BUDDY_LINK'] = ( $session->user_logged_in && $row['user_id'] > 1 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add/' . $row['name']) . '">' . $lang->get('comment_btn_add_buddy') . '</a>' : '';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1112
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1113
        // Mod links
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1114
        $applink = '';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1115
        $applink .= '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&amp;sub=admin&amp;action=approve&amp;id=' . $row['comment_id']) . '" id="mdgApproveLink' . $i . '">';
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1116
        if($row['approved']) $applink .= $lang->get('comment_btn_mod_unapprove');
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1117
        else $applink .= $lang->get('comment_btn_mod_approve');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1118
        $applink .= '</a>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1119
        $strings['MOD_APPROVE_LINK'] = $applink; unset($applink);
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1120
        $strings['MOD_DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&amp;sub=admin&amp;action=delete&amp;id=' . $row['comment_id']) . '">' . $lang->get('comment_btn_mod_delete') . '</a>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1121
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1122
        // Signature
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1123
        $strings['SIGNATURE'] = '';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1124
        if($row['signature'] != '') $strings['SIGNATURE'] = RenderMan::render($row['signature']);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1125
        
328
dc838fd61a06 Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
parents: 326
diff changeset
  1126
        // Avatar
dc838fd61a06 Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
parents: 326
diff changeset
  1127
        if ( $row['user_has_avatar'] == 1 )
dc838fd61a06 Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
parents: 326
diff changeset
  1128
        {
dc838fd61a06 Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
parents: 326
diff changeset
  1129
          $bool['user_has_avatar'] = true;
dc838fd61a06 Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
parents: 326
diff changeset
  1130
          $strings['AVATAR_ALT'] = $lang->get('usercp_avatar_image_alt', array('username' => $row['name']));
dc838fd61a06 Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
parents: 326
diff changeset
  1131
          $strings['AVATAR_URL'] = make_avatar_url(intval($row['user_id']), $row['avatar_type']);
dc838fd61a06 Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
parents: 326
diff changeset
  1132
          $strings['USERPAGE_LINK'] = makeUrlNS('User', $row['name']);
dc838fd61a06 Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
parents: 326
diff changeset
  1133
        }
dc838fd61a06 Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
parents: 326
diff changeset
  1134
        
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1135
        $bool['auth_mod'] = ($session->get_permissions('mod_comments')) ? true : false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1136
        $bool['can_edit'] = ( ( $session->user_logged_in && $row['name'] == $session->username && $session->get_permissions('edit_comments') ) || $session->get_permissions('mod_comments') ) ? true : false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1137
        $bool['signature'] = ( $strings['SIGNATURE'] == '' ) ? false : true;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1138
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1139
        // Done processing and compiling, now let's cook it into HTML
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1140
        $tpl->assign_vars($strings);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1141
        $tpl->assign_bool($bool);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1142
        $_ob .= $tpl->run();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1143
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1144
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1145
    if(getConfig('comments_need_login') != '2' || $session->user_logged_in)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1146
    {
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1147
      if($session->get_permissions('post_comments'))
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1148
      {
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1149
        $_ob .= '<h3>' . $lang->get('comment_postform_title') . '</h3>';
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1150
        $_ob .= $lang->get('comment_postform_blurb');
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1151
        if(getConfig('approve_comments')=='1') $_ob .= ' ' . $lang->get('comment_postform_blurb_unapp');
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1152
        if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1153
        {
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1154
          $_ob .= ' ' . $lang->get('comment_postform_blurb_captcha');
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1155
        }
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1156
        $sn = $session->user_logged_in ? $session->username . '<input name="name" id="mdgScreenName" type="hidden" value="' . $session->username . '" />' : '<input name="name" id="mdgScreenName" type="text" size="35" />';
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1157
        $_ob .= '  <a href="#" id="mdgCommentFormLink" style="display: none;" onclick="document.getElementById(\'mdgCommentForm\').style.display=\'block\';this.style.display=\'none\';return false;">' . $lang->get('comment_postform_blurb_link') . '</a>
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1158
        <div id="mdgCommentForm">
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1159
        <form action="'.makeUrlNS($namespace, $page_id, 'do=comments&amp;sub=postcomment').'" method="post" style="margin-left: 1em">
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1160
        <table border="0">
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1161
        <tr><td>' . $lang->get('comment_postform_field_name') . '</td><td>' . $sn . '</td></tr>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1162
        <tr><td>' . $lang->get('comment_postform_field_subject') . '</td><td><input name="subj" id="mdgSubject" type="text" size="35" /></td></tr>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1163
        if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1164
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1165
          $session->kill_captcha();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1166
          $captcha = $session->make_captcha();
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1167
          $_ob .= '<tr><td>' . $lang->get('comment_postform_field_captcha_title') . '<br /><small>' . $lang->get('comment_postform_field_captcha_blurb') . '</small></td><td><img src="'.makeUrlNS('Special', 'Captcha/' . $captcha) . '" alt="Visual confirmation" style="cursor: pointer;" onclick="this.src = \''.makeUrlNS("Special", "Captcha/".$captcha).'/\'+Math.floor(Math.random() * 100000);" /><input name="captcha_id" id="mdgCaptchaID" type="hidden" value="' . $captcha . '" /><br />' . $lang->get('comment_postform_field_captcha_label') . ' <input name="captcha_input" id="mdgCaptchaInput" type="text" size="10" /><br /><small><script type="text/javascript">document.write("' . $lang->get('comment_postform_field_captcha_cantread_js') . '");</script><noscript>' . $lang->get('comment_postform_field_captcha_cantread_nojs') . '</noscript></small></td></tr>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1168
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1169
        $_ob .= '
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1170
        <tr><td valign="top">' . $lang->get('comment_postform_field_comment') . '</td><td><textarea name="text" id="mdgCommentArea" rows="10" cols="40"></textarea></td></tr>
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1171
        <tr><td colspan="2" style="text-align: center;"><input type="submit" value="' . $lang->get('comment_postform_btn_submit') . '" /></td></tr>
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1172
        </table>
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1173
        </form>
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1174
        </div>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1175
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1176
    } else {
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1177
      $_ob .= '<h3>Got something to say?</h3><p>You need to be logged in to post comments. <a href="'.makeUrlNS('Special', 'Login/' . $pname . '%2523comments').'">Log in</a></p>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1178
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1179
    $list .= '};';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1180
    echo 'document.getElementById(\'ajaxEditContainer\').innerHTML = unescape(\''. rawurlencode($_ob) .'\');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1181
    ' . $list;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1182
    echo 'Fat.fade_all(); document.getElementById(\'mdgCommentForm\').style.display = \'none\'; document.getElementById(\'mdgCommentFormLink\').style.display="inline";';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1183
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1184
    $ret = ob_get_contents();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1185
    ob_end_clean();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1186
    return Array($ret, $_ob);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1187
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1188
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1189
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1190
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1191
   * Generates ready-to-execute Javascript code to be eval'ed by the user's browser to display comments
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1192
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1193
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1194
   * @param $action administrative action to perform, default is false
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1195
   * @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1196
   * @param $_ob text to prepend to output, used by PageUtils::addcomment
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1197
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1198
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1199
   
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1200
  function comments($page_id, $namespace, $action = false, $id = -1, $_ob = '')
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1201
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1202
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1203
    $r = PageUtils::comments_raw($page_id, $namespace, $action, $id, $_ob);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1204
    return $r[0];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1205
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1206
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1207
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1208
   * Generates HTML code for comments - used in browser compatibility mode
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1209
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1210
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1211
   * @param $action administrative action to perform, default is false
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1212
   * @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1213
   * @param $_ob text to prepend to output, used by PageUtils::addcomment
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1214
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1215
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1216
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1217
  function comments_html($page_id, $namespace, $action = false, $id = -1, $_ob = '')
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1218
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1219
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1220
    $r = PageUtils::comments_raw($page_id, $namespace, $action, $id, $_ob);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1221
    return $r[1];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1222
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1223
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1224
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1225
   * Updates comment data.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1226
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1227
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1228
   * @param $subject new subject
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1229
   * @param $text new text
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1230
   * @param $old_subject the old subject, unprocessed and identical to the value in the DB
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1231
   * @param $old_text the old text, unprocessed and identical to the value in the DB
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1232
   * @param $id the javascript list ID, used internally by the client-side app
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1233
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1234
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1235
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1236
  function savecomment($page_id, $namespace, $subject, $text, $old_subject, $old_text, $id = -1)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1237
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1238
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1239
    if(!$session->get_permissions('edit_comments'))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1240
      return 'result="BAD";error="Access denied"';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1241
    // Avoid SQL injection
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1242
    $old_text    = $db->escape($old_text);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1243
    $old_subject = $db->escape($old_subject);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1244
    // Safety check - username/login
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1245
    if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1246
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1247
      if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1248
      $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1249
      $s = $db->sql_query($q);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1250
      if(!$s) _die('SQL error during safety check: '.$db->get_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1251
      $r = $db->fetchrow($s);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1252
      $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1253
      if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1254
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1255
    $s = RenderMan::preprocess_text($subject);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1256
    $t = RenderMan::preprocess_text($text);
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1257
    $sql  = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1258
    $result = $db->sql_query($sql);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1259
    if($result)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1260
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1261
      return 'result="GOOD";
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1262
                      list[' . $id . '][\'subject\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $s))))).'\');
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1263
                      list[' . $id . '][\'comment\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t))))).'\'); id = ' . $id . ';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1264
      s = unescape(\''.rawurlencode($s).'\');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1265
      t = unescape(\''.str_replace('%5Cn', '<br \\/>', rawurlencode(RenderMan::render(str_replace('{{EnAnO:Newline}}', "\n", stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t)))))).'\');';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1266
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1267
    else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1268
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1269
      return 'result="BAD"; error=unescape("'.rawurlencode('Enano encountered a problem whilst saving the comment.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1270
      Performed SQL:
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1271
      ' . $sql . '
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1272
    
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1273
      Error returned by MySQL: '.$db->get_error()).'");';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1274
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1275
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1276
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1277
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1278
   * Updates comment data using the comment_id column instead of the old, messy way
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1279
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1280
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1281
   * @param $subject new subject
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1282
   * @param $text new text
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1283
   * @param $id the comment ID (primary key in enano_comments table)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1284
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1285
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1286
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1287
  function savecomment_neater($page_id, $namespace, $subject, $text, $id)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1288
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1289
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1290
    if(!is_int($id)) die('PageUtils::savecomment: $id is not an integer, aborting for safety');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1291
    if(!$session->get_permissions('edit_comments'))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1292
      return 'Access denied';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1293
    // Safety check - username/login
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1294
    if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1295
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1296
      if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1297
      $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1298
      $s = $db->sql_query($q);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1299
      if(!$s) _die('SQL error during safety check: '.$db->get_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1300
      $r = $db->fetchrow($s);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1301
      if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1302
      $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1303
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1304
    $s = RenderMan::preprocess_text($subject);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1305
    $t = RenderMan::preprocess_text($text);
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1306
    $sql  = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1307
    $result = $db->sql_query($sql);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1308
    if($result)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1309
    return 'good';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1310
    else return 'Enano encountered a problem whilst saving the comment.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1311
    Performed SQL:
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1312
    ' . $sql . '
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1313
    
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1314
    Error returned by MySQL: '.$db->get_error();
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1315
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1316
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1317
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1318
   * Deletes a comment.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1319
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1320
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1321
   * @param $name the name the user posted under
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1322
   * @param $subj the subject of the comment to be deleted
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1323
   * @param $text the text of the comment to be deleted
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1324
   * @param $id the javascript list ID, used internally by the client-side app
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1325
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1326
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1327
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1328
  function deletecomment($page_id, $namespace, $name, $subj, $text, $id)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1329
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1330
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1331
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1332
    if(!$session->get_permissions('edit_comments'))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1333
      return 'alert("Access to delete/edit comments is denied");';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1334
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1335
    if(!preg_match('#^([0-9]+)$#', (string)$id)) die('$_GET[id] is improperly formed.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1336
    $n = $db->escape($name);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1337
    $s = $db->escape($subj);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1338
    $t = $db->escape($text);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1339
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1340
    // Safety check - username/login
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1341
    if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1342
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1343
      if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1344
      $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $t . '\' AND subject=\'' . $s . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1345
      $s = $db->sql_query($q);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1346
      if(!$s) _die('SQL error during safety check: '.$db->get_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1347
      $r = $db->fetchrow($s);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1348
      if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1349
      $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1350
    }
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1351
    $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1352
    $e=$db->sql_query($q);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1353
    if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1354
    return('good');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1355
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1356
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1357
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1358
   * Deletes a comment in a cleaner fashion.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1359
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1360
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1361
   * @param $id the comment ID (primary key)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1362
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1363
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1364
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1365
  function deletecomment_neater($page_id, $namespace, $id)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1366
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1367
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1368
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1369
    if(!preg_match('#^([0-9]+)$#', (string)$id)) die('$_GET[id] is improperly formed.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1370
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1371
    if(!$session->get_permissions('edit_comments'))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1372
      return 'alert("Access to delete/edit comments is denied");';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1373
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1374
    // Safety check - username/login
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1375
    if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1376
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1377
      if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1378
      $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1379
      $s = $db->sql_query($q);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1380
      if(!$s) _die('SQL error during safety check: '.$db->get_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1381
      $r = $db->fetchrow($s);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1382
      if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1383
      $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1384
    }
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1385
    $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id=' . $id . ' LIMIT 1;';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1386
    $e=$db->sql_query($q);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1387
    if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.$db->get_error().'\n\nQuery:\n' . $q) . '\'));');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1388
    return('good');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1389
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1390
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1391
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1392
   * Renames a page.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1393
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1394
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1395
   * @param $name the new name for the page
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1396
   * @return string error string or success message
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1397
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1398
   
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1399
  function rename($page_id, $namespace, $name)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1400
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1401
    global $db, $session, $paths, $template, $plugins; // Common objects
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1402
    global $lang;
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1403
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1404
    $pname = $paths->nslist[$namespace] . $page_id;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1405
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1406
    $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1407
    $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1408
    
15
ad5986a53197 Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents: 1
diff changeset
  1409
    if( empty($name)) 
ad5986a53197 Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents: 1
diff changeset
  1410
    {
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1411
      return($lang->get('ajax_rename_too_short'));
15
ad5986a53197 Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents: 1
diff changeset
  1412
    }
ad5986a53197 Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents: 1
diff changeset
  1413
    if( ( $session->get_permissions('rename') && ( ( $prot && $session->get_permissions('even_when_protected') ) || !$prot ) ) && ( $paths->namespace != 'Special' && $paths->namespace != 'Admin' ))
ad5986a53197 Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents: 1
diff changeset
  1414
    {
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1415
      $e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.enano_date('d M Y h:i a').'\', \'page\', \'rename\', \'' . $db->escape($paths->page_id) . '\', \'' . $paths->namespace . '\', \'' . $db->escape($session->username) . '\', \'' . $db->escape($paths->cpage['name']) . '\')');
15
ad5986a53197 Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents: 1
diff changeset
  1416
      if ( !$e )
ad5986a53197 Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents: 1
diff changeset
  1417
      {
ad5986a53197 Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents: 1
diff changeset
  1418
        $db->_die('The page title could not be updated.');
ad5986a53197 Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents: 1
diff changeset
  1419
      }
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1420
      $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET name=\'' . $db->escape($name) . '\' WHERE urlname=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';');
15
ad5986a53197 Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents: 1
diff changeset
  1421
      if ( !$e )
ad5986a53197 Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents: 1
diff changeset
  1422
      {
ad5986a53197 Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents: 1
diff changeset
  1423
        $db->_die('The page title could not be updated.');
ad5986a53197 Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents: 1
diff changeset
  1424
      }
ad5986a53197 Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents: 1
diff changeset
  1425
      else
ad5986a53197 Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents: 1
diff changeset
  1426
      {
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1427
        $subst = array(
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1428
          'page_name_old' => $paths->pages[$pname]['name'],
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1429
          'page_name_new' => $name
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1430
          );
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1431
        return $lang->get('ajax_rename_success', $subst);
15
ad5986a53197 Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents: 1
diff changeset
  1432
      }
ad5986a53197 Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents: 1
diff changeset
  1433
    }
ad5986a53197 Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents: 1
diff changeset
  1434
    else
ad5986a53197 Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents: 1
diff changeset
  1435
    {
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1436
      return($lang->get('etc_access_denied'));
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1437
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1438
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1439
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1440
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1441
   * Flushes (clears) the action logs for a given page
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1442
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1443
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1444
   * @return string error/success string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1445
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1446
   
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1447
  function flushlogs($page_id, $namespace)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1448
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1449
    global $db, $session, $paths, $template, $plugins; // Common objects
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1450
    global $lang;
240
f0149a27df5f Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
parents: 238
diff changeset
  1451
    if ( !is_object($lang) && defined('IN_ENANO_INSTALL') )
f0149a27df5f Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
parents: 238
diff changeset
  1452
    {
f0149a27df5f Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
parents: 238
diff changeset
  1453
      // This is a special exception for the Enano installer, which doesn't init languages yet.
f0149a27df5f Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
parents: 238
diff changeset
  1454
      $lang = new Language('eng');
f0149a27df5f Localized default sidebar; installer should work now including the lang import; l10n in installer to follow
Dan
parents: 238
diff changeset
  1455
    }
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1456
    if(!$session->get_permissions('clear_logs'))
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1457
    {
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1458
      return $lang->get('etc_access_denied');
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1459
    }
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1460
    $e = $db->sql_query('DELETE FROM ' . table_prefix.'logs WHERE page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1461
    if(!$e) $db->_die('The log entries could not be deleted.');
32
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 29
diff changeset
  1462
    
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 29
diff changeset
  1463
    // If the page exists, make a backup of it in case it gets spammed/vandalized
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 29
diff changeset
  1464
    // If not, the admin's probably deleting a trash page
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 29
diff changeset
  1465
    if ( isset($paths->pages[ $paths->nslist[$namespace] . $page_id ]) )
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 29
diff changeset
  1466
    {
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1467
      $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
32
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 29
diff changeset
  1468
      if(!$e) $db->_die('The current page text could not be selected; as a result, creating the backup of the page failed. Please make a backup copy of the page by clicking Edit this page and then clicking Save Changes.');
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 29
diff changeset
  1469
      $row = $db->fetchrow();
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 29
diff changeset
  1470
      $db->free_result();
320
112debff64bd SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
parents: 317
diff changeset
  1471
      $minor_edit = ( ENANO_DBLAYER == 'MYSQL' ) ? 'false' : '0';
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1472
      $q='INSERT INTO ' . table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.enano_date('d M Y h:i a').'\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape($row['page_text']) . '\', \'' . $row['char_tag'] . '\', \'' . $session->username . '\', \''."Automatic backup created when logs were purged".'\', '.$minor_edit.');';
32
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 29
diff changeset
  1473
      if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
4d87aad3c4c0 Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents: 29
diff changeset
  1474
    }
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1475
    return $lang->get('ajax_clearlogs_success');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1476
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1477
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1478
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1479
   * Deletes a page.
28
dd2edcdc6c03 Deleting pages now requires a reason
Dan
parents: 21
diff changeset
  1480
   * @param string $page_id the condemned page ID
dd2edcdc6c03 Deleting pages now requires a reason
Dan
parents: 21
diff changeset
  1481
   * @param string $namespace the condemned namespace
dd2edcdc6c03 Deleting pages now requires a reason
Dan
parents: 21
diff changeset
  1482
   * @param string The reason for deleting the page in question
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1483
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1484
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1485
   
28
dd2edcdc6c03 Deleting pages now requires a reason
Dan
parents: 21
diff changeset
  1486
  function deletepage($page_id, $namespace, $reason)
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1487
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1488
    global $db, $session, $paths, $template, $plugins; // Common objects
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1489
    global $lang;
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1490
    $perms = $session->fetch_page_acl($page_id, $namespace);
28
dd2edcdc6c03 Deleting pages now requires a reason
Dan
parents: 21
diff changeset
  1491
    $x = trim($reason);
dd2edcdc6c03 Deleting pages now requires a reason
Dan
parents: 21
diff changeset
  1492
    if ( empty($x) )
dd2edcdc6c03 Deleting pages now requires a reason
Dan
parents: 21
diff changeset
  1493
    {
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1494
      return $lang->get('ajax_delete_need_reason');
28
dd2edcdc6c03 Deleting pages now requires a reason
Dan
parents: 21
diff changeset
  1495
    }
dd2edcdc6c03 Deleting pages now requires a reason
Dan
parents: 21
diff changeset
  1496
    if(!$perms->get_permissions('delete_page')) return('Administrative privileges are required to delete pages, you loser.');
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1497
    $e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.enano_date('d M Y h:i a').'\', \'page\', \'delete\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\')');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1498
    if(!$e) $db->_die('The page log entry could not be inserted.');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1499
    $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1500
    if(!$e) $db->_die('The page categorization entries could not be deleted.');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1501
    $e = $db->sql_query('DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1502
    if(!$e) $db->_die('The page comments could not be deleted.');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1503
    $e = $db->sql_query('DELETE FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1504
    if(!$e) $db->_die('The page text entry could not be deleted.');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1505
    $e = $db->sql_query('DELETE FROM ' . table_prefix.'pages WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1506
    if(!$e) $db->_die('The page entry could not be deleted.');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1507
    $e = $db->sql_query('DELETE FROM ' . table_prefix.'files WHERE page_id=\'' . $page_id . '\'');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1508
    if(!$e) $db->_die('The file entry could not be deleted.');
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1509
    return $lang->get('ajax_delete_success');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1510
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1511
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1512
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1513
   * Increments the deletion votes for a page by 1, and adds the current username/IP to the list of users that have voted for the page to prevent dual-voting
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1514
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1515
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1516
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1517
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1518
   
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1519
  function delvote($page_id, $namespace)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1520
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1521
    global $db, $session, $paths, $template, $plugins; // Common objects
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1522
    global $lang;
112
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1523
    if ( !$session->get_permissions('vote_delete') )
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1524
    {
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1525
      return $lang->get('etc_access_denied');
112
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1526
    }
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1527
    
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1528
    if ( $namespace == 'Admin' || $namespace == 'Special' || $namespace == 'System' )
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1529
    {
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1530
      return 'Special pages and system messages can\'t be voted for deletion.';
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1531
    }
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1532
    
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1533
    $pname = $paths->nslist[$namespace] . sanitize_page_id($page_id);
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1534
    
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1535
    if ( !isset($paths->pages[$pname]) )
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1536
    {
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1537
      return 'The page does not exist.';
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1538
    }
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1539
    
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1540
    $cv  =& $paths->pages[$pname]['delvotes'];
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1541
    $ips =  $paths->pages[$pname]['delvote_ips'];
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1542
    
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1543
    if ( empty($ips) )
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1544
    {
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1545
      $ips = array(
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1546
        'ip' => array(),
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1547
        'u' => array()
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1548
        );
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1549
    }
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1550
    else
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1551
    {
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1552
      $ips = @unserialize($ips);
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1553
      if ( !$ips )
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1554
      {
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1555
        $ips = array(
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1556
        'ip' => array(),
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1557
        'u' => array()
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1558
        );
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1559
      }
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1560
    }
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1561
    
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1562
    if ( in_array($session->username, $ips['u']) || in_array($_SERVER['REMOTE_ADDR'], $ips['ip']) )
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1563
    {
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1564
      return $lang->get('ajax_delvote_already_voted');
112
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1565
    }
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1566
    
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1567
    $ips['u'][] = $session->username;
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1568
    $ips['ip'][] = $_SERVER['REMOTE_ADDR'];
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1569
    $ips = $db->escape( serialize($ips) );
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1570
    
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1571
    $cv++;
112
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1572
    
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1573
    $q = 'UPDATE ' . table_prefix.'pages SET delvotes=' . $cv . ',delvote_ips=\'' . $ips . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1574
    $w = $db->sql_query($q);
112
008b1c42be72 Rewrote all code related to delvote_ips column to use serialize()
Dan
parents: 103
diff changeset
  1575
    
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1576
    return $lang->get('ajax_delvote_success');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1577
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1578
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1579
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1580
   * Resets the number of votes against a page to 0.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1581
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1582
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1583
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1584
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1585
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1586
  function resetdelvotes($page_id, $namespace)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1587
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1588
    global $db, $session, $paths, $template, $plugins; // Common objects
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1589
    global $lang;
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1590
    if(!$session->get_permissions('vote_reset'))
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1591
    {
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1592
      return $lang->get('etc_access_denied');
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1593
    }
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1594
    $q = 'UPDATE ' . table_prefix.'pages SET delvotes=0,delvote_ips=\'' . $db->escape(serialize(array('ip'=>array(),'u'=>array()))) . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1595
    $e = $db->sql_query($q);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1596
    if(!$e) $db->_die('The number of delete votes was not reset.');
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1597
    else
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1598
    {
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1599
      return $lang->get('ajax_delvote_reset_success');
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1600
    }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1601
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1602
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1603
  /**
29
e5484a9e0818 Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents: 28
diff changeset
  1604
   * Gets a list of styles for a given theme name. As of Banshee, this returns JSON.
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1605
   * @param $id the name of the directory for the theme
29
e5484a9e0818 Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents: 28
diff changeset
  1606
   * @return string JSON string with an array containing a list of themes
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1607
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1608
   
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1609
  function getstyles()
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1610
  {
29
e5484a9e0818 Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents: 28
diff changeset
  1611
    
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1612
    if ( !preg_match('/^([a-z0-9_-]+)$/', $_GET['id']) )
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 328
diff changeset
  1613
      return enano_json_encode(false);
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1614
    
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1615
    $dir = './themes/' . $_GET['id'] . '/css/';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1616
    $list = Array();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1617
    // Open a known directory, and proceed to read its contents
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1618
    if (is_dir($dir)) {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1619
      if ($dh = opendir($dir)) {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1620
        while (($file = readdir($dh)) !== false) {
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1621
          if ( preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css' ) // _printable.css should be included with every theme
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1622
          {                                                                         // it should be a copy of the original style, but
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1623
                                                                                    // mostly black and white
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1624
                                                                                    // Note to self: document this
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1625
            $list[] = substr($file, 0, strlen($file)-4);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1626
          }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1627
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1628
        closedir($dh);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1629
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1630
    }
29
e5484a9e0818 Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents: 28
diff changeset
  1631
    else
e5484a9e0818 Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents: 28
diff changeset
  1632
    {
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 328
diff changeset
  1633
      return(enano_json_encode(Array('mode' => 'error', 'error' => $dir.' is not a dir')));
29
e5484a9e0818 Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents: 28
diff changeset
  1634
    }
e5484a9e0818 Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents: 28
diff changeset
  1635
    
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 328
diff changeset
  1636
    return enano_json_encode($list);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1637
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1638
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1639
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1640
   * Assembles a Javascript app with category information
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1641
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1642
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1643
   * @return string Javascript code
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1644
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1645
   
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1646
  function catedit($page_id, $namespace)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1647
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1648
    $d = PageUtils::catedit_raw($page_id, $namespace);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1649
    return $d[0] . ' /* BEGIN CONTENT */ document.getElementById("ajaxEditContainer").innerHTML = unescape(\''.rawurlencode($d[1]).'\');';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1650
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1651
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1652
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1653
   * Does the actual HTML/javascript generation for cat editing, but returns an array
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1654
   * @access private
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1655
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1656
   
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1657
  function catedit_raw($page_id, $namespace)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1658
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1659
    global $db, $session, $paths, $template, $plugins; // Common objects
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1660
    global $lang;
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1661
    
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1662
    ob_start();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1663
    $_ob = '';
322
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 320
diff changeset
  1664
    $e = $db->sql_query('SELECT category_id FROM ' . table_prefix.'categories WHERE page_id=\'' . $paths->page_id . '\' AND namespace=\'' . $paths->namespace . '\'');
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1665
    if(!$e) jsdie('Error selecting category information for current page: '.$db->get_error());
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1666
    $cat_current = Array();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1667
    while($r = $db->fetchrow())
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1668
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1669
      $cat_current[] = $r;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1670
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1671
    $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1672
    $cat_all = Array();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1673
    for($i=0;$i<sizeof($paths->pages)/2;$i++)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1674
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1675
      if($paths->pages[$i]['namespace']=='Category') $cat_all[] = $paths->pages[$i];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1676
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1677
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1678
    // Make $cat_all an associative array, like $paths->pages
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1679
    $sz = sizeof($cat_all);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1680
    for($i=0;$i<$sz;$i++)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1681
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1682
      $cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1683
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1684
    // Now, the "zipper" function - join the list of categories with the list of cats that this page is a part of
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1685
    $cat_info = $cat_all;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1686
    for($i=0;$i<sizeof($cat_current);$i++)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1687
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1688
      $un = $cat_current[$i]['category_id'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1689
      $cat_info[$un]['member'] = true;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1690
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1691
    // Now copy the information we just set into the numerically named keys
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1692
    for($i=0;$i<sizeof($cat_info)/2;$i++)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1693
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1694
      $un = $cat_info[$i]['urlname_nons'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1695
      $cat_info[$i] = $cat_info[$un];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1696
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1697
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1698
    echo 'catlist = new Array();'; // Initialize the client-side category list
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1699
    $_ob .= '<h3>' . $lang->get('catedit_title') . '</h3>
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1700
             <form name="mdgCatForm" action="'.makeUrlNS($namespace, $page_id, 'do=catedit').'" method="post">';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1701
    if ( sizeof($cat_info) < 1 )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1702
    {
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1703
      $_ob .= '<p>' . $lang->get('catedit_no_categories') . '</p>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1704
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1705
    for ( $i = 0; $i < sizeof($cat_info) / 2; $i++ )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1706
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1707
      // Protection code added 1/3/07
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1708
      // Updated 3/4/07
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1709
      $is_prot = false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1710
      $perms = $session->fetch_page_acl($cat_info[$i]['urlname_nons'], 'Category');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1711
      if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1712
         ( $cat_info[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1713
         $is_prot = true;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1714
      $prot = ( $is_prot ) ? ' disabled="disabled" ' : '';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1715
      $prottext = ( $is_prot ) ? ' <img alt="(protected)" width="16" height="16" src="'.scriptPath.'/images/lock16.png" />' : '';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1716
      echo 'catlist[' . $i . '] = \'' . $cat_info[$i]['urlname_nons'] . '\';';
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1717
      $_ob .= '<span class="catCheck"><input ' . $prot . ' name="' . $cat_info[$i]['urlname_nons'] . '" id="mdgCat_' . $cat_info[$i]['urlname_nons'] . '" type="checkbox"';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1718
      if(isset($cat_info[$i]['member'])) $_ob .= ' checked="checked"';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1719
      $_ob .= '/>  <label for="mdgCat_' . $cat_info[$i]['urlname_nons'] . '">' . $cat_info[$i]['name'].$prottext.'</label></span><br />';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1720
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1721
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1722
    $disabled = ( sizeof($cat_info) < 1 ) ? 'disabled="disabled"' : '';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1723
      
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1724
    $_ob .= '<div style="border-top: 1px solid #CCC; padding-top: 5px; margin-top: 10px;"><input name="__enanoSaveButton" ' . $disabled . ' style="font-weight: bold;" type="submit" onclick="ajaxCatSave(); return false;" value="' . $lang->get('etc_save_changes') . '" /> <input name="__enanoCatCancel" type="submit" onclick="ajaxReset(); return false;" value="' . $lang->get('etc_cancel') . '" /></div></form>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1725
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1726
    $cont = ob_get_contents();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1727
    ob_end_clean();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1728
    return Array($cont, $_ob);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1729
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1730
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1731
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1732
   * Saves category information
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1733
   * WARNING: If $which_cats is empty, all the category information for the selected page will be nuked!
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1734
   * @param $page_id string the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1735
   * @param $namespace string the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1736
   * @param $which_cats array associative array of categories to put the page in
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1737
   * @return string "GOOD" on success, error string on failure
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1738
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1739
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1740
  function catsave($page_id, $namespace, $which_cats)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1741
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1742
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1743
    if(!$session->get_permissions('edit_cat')) return('Insufficient privileges to change category information');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1744
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1745
    $page_perms = $session->fetch_page_acl($page_id, $namespace);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1746
    $page_data =& $paths->pages[$paths->nslist[$namespace].$page_id];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1747
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1748
    $cat_all = Array();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1749
    for($i=0;$i<sizeof($paths->pages)/2;$i++)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1750
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1751
      if($paths->pages[$i]['namespace']=='Category') $cat_all[] = $paths->pages[$i];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1752
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1753
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1754
    // Make $cat_all an associative array, like $paths->pages
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1755
    $sz = sizeof($cat_all);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1756
    for($i=0;$i<$sz;$i++)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1757
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1758
      $cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1759
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1760
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1761
    $rowlist = Array();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1762
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1763
    for($i=0;$i<sizeof($cat_all)/2;$i++)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1764
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1765
      $auth = true;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1766
      $perms = $session->fetch_page_acl($cat_all[$i]['urlname_nons'], 'Category');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1767
      if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1768
         ( $cat_all[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) ||
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1769
         ( !$page_perms->get_permissions('even_when_protected') && $page_data['protected'] == '1' ) )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1770
         $auth = false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1771
      if(!$auth)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1772
      {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1773
        // Find out if the page is currently in the category
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1774
        $q = $db->sql_query('SELECT * FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1775
        if(!$q)
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1776
          return 'MySQL error: ' . $db->get_error();
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1777
        if($db->numrows() > 0)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1778
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1779
          $auth = true;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1780
          $which_cats[$cat_all[$i]['urlname_nons']] = true; // Force the category to stay in its current state
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1781
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1782
        $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1783
      }
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1784
      if(isset($which_cats[$cat_all[$i]['urlname_nons']]) && $which_cats[$cat_all[$i]['urlname_nons']] == true /* for clarity ;-) */ && $auth ) $rowlist[] = '(\'' . $page_id . '\', \'' . $namespace . '\', \'' . $cat_all[$i]['urlname_nons'] . '\')';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1785
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1786
    if(sizeof($rowlist) > 0)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1787
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1788
      $val = implode(',', $rowlist);
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1789
      $q = 'INSERT INTO ' . table_prefix.'categories(page_id,namespace,category_id) VALUES' . $val . ';';
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1790
      $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1791
      if(!$e) $db->_die('The old category data could not be deleted.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1792
      $e = $db->sql_query($q);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1793
      if(!$e) $db->_die('The new category data could not be inserted.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1794
      return('GOOD');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1795
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1796
    else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1797
    {
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1798
      $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1799
      if(!$e) $db->_die('The old category data could not be deleted.');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1800
      return('GOOD');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1801
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1802
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1803
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1804
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1805
   * Sets the wiki mode level for a page.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1806
   * @param $page_id string the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1807
   * @param $namespace string the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1808
   * @param $level int 0 for off, 1 for on, 2 for use global setting
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1809
   * @return string "GOOD" on success, error string on failure
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1810
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1811
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1812
  function setwikimode($page_id, $namespace, $level)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1813
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1814
    global $db, $session, $paths, $template, $plugins; // Common objects
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1815
    if(!$session->get_permissions('set_wiki_mode')) return('Insufficient access rights');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1816
    if ( !isset($level) || ( isset($level) && !preg_match('#^([0-2]){1}$#', (string)$level) ) )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1817
    {
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1818
      return('Invalid mode string');
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1819
    }
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1820
    $q = $db->sql_query('UPDATE ' . table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1821
    if ( !$q )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1822
    {
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1823
      return('Error during update query: '.$db->get_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1824
    }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1825
    return('GOOD');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1826
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1827
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1828
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1829
   * Sets the access password for a page.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1830
   * @param $page_id string the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1831
   * @param $namespace string the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1832
   * @param $pass string the SHA1 hash of the password - if the password doesn't match the regex ^([0-9a-f]*){40,40}$ it will be sha1'ed
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1833
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1834
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1835
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1836
  function setpass($page_id, $namespace, $pass)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1837
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1838
    global $db, $session, $paths, $template, $plugins; // Common objects
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1839
    global $lang;
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1840
    // Determine permissions
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1841
    if($paths->pages[$paths->nslist[$namespace].$page_id]['password'] != '')
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1842
      $a = $session->get_permissions('password_reset');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1843
    else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1844
      $a = $session->get_permissions('password_set');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1845
    if(!$a)
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1846
      return $lang->get('etc_access_denied');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1847
    if(!isset($pass)) return('Password was not set on URL');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1848
    $p = $pass;
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1849
    if ( !preg_match('#([0-9a-f]){40,40}#', $p) )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1850
    {
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1851
      $p = sha1($p);
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1852
    }
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1853
    if ( $p == 'da39a3ee5e6b4b0d3255bfef95601890afd80709' )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1854
      // sha1('') = da39a3ee5e6b4b0d3255bfef95601890afd80709
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1855
      $p = '';
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1856
    $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET password=\'' . $p . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1857
    if ( !$e )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1858
    {
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1859
      die('PageUtils::setpass(): Error during update query: '.$db->get_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1860
    }
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1861
    // Is the new password blank?
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1862
    if ( $p == '' )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1863
    {
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1864
      return $lang->get('ajax_password_disable_success');
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1865
    }
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1866
    else
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1867
    {
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1868
      return $lang->get('ajax_password_success');
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1869
    }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1870
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1871
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1872
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1873
   * Generates some preview HTML
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1874
   * @param $text string the wikitext to use
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1875
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1876
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1877
   
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1878
  function genPreview($text)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1879
  {
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1880
    global $lang;
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
  1881
    $ret = '<div class="info-box">' . $lang->get('editor_preview_blurb') . '</div><div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: 250px; overflow: auto; margin: 10px 0;">';
102
d807dcd7aed7 [comments] fixed edit button (source wasn't getting filled)
Dan
parents: 81
diff changeset
  1882
    $text = RenderMan::render(RenderMan::preprocess_text($text, false, false));
d807dcd7aed7 [comments] fixed edit button (source wasn't getting filled)
Dan
parents: 81
diff changeset
  1883
    ob_start();
d807dcd7aed7 [comments] fixed edit button (source wasn't getting filled)
Dan
parents: 81
diff changeset
  1884
    eval('?>' . $text);
d807dcd7aed7 [comments] fixed edit button (source wasn't getting filled)
Dan
parents: 81
diff changeset
  1885
    $text = ob_get_contents();
d807dcd7aed7 [comments] fixed edit button (source wasn't getting filled)
Dan
parents: 81
diff changeset
  1886
    ob_end_clean();
d807dcd7aed7 [comments] fixed edit button (source wasn't getting filled)
Dan
parents: 81
diff changeset
  1887
    $ret .= $text;
d807dcd7aed7 [comments] fixed edit button (source wasn't getting filled)
Dan
parents: 81
diff changeset
  1888
    $ret .= '</div>';
d807dcd7aed7 [comments] fixed edit button (source wasn't getting filled)
Dan
parents: 81
diff changeset
  1889
    return $ret;
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1890
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1891
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1892
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1893
   * Makes a scrollable box
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1894
   * @param string $text the inner HTML
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1895
   * @param int $height Optional - the maximum height. Defaults to 250.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1896
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1897
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1898
   
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1899
  function scrollBox($text, $height = 250)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1900
  {
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1901
    return '<div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: '.(string)intval($height).'px; overflow: auto; margin: 1em 0 1em 1em;">' . $text . '</div>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1902
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1903
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1904
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1905
   * Generates a diff summary between two page revisions.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1906
   * @param $page_id the page ID
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1907
   * @param $namespace the namespace
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1908
   * @param $id1 the time ID of the first revision
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1909
   * @param $id2 the time ID of the second revision
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1910
   * @return string XHTML-formatted diff
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1911
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1912
   
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1913
  function pagediff($page_id, $namespace, $id1, $id2)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1914
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1915
    global $db, $session, $paths, $template, $plugins; // Common objects
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1916
    global $lang;
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1917
    if(!$session->get_permissions('history_view'))
214
a6ed8b6cdbe1 All on-page AJAX applets should be localized now
Dan
parents: 213
diff changeset
  1918
      return $lang->get('etc_access_denied');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1919
    if(!preg_match('#^([0-9]+)$#', (string)$id1) ||
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1920
       !preg_match('#^([0-9]+)$#', (string)$id2  )) return 'SQL injection attempt';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1921
    // OK we made it through security
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1922
    // Safest way to make sure we don't end up with the revisions in wrong columns is to make 2 queries
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1923
    if(!$q1 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id1 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: '.$db->get_error();
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1924
    if(!$q2 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id2 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: '.$db->get_error();
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1925
    $row1 = $db->fetchrow($q1);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1926
    $db->free_result($q1);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1927
    $row2 = $db->fetchrow($q2);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1928
    $db->free_result($q2);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1929
    if(sizeof($row1) < 1 || sizeof($row2) < 2) return 'Couldn\'t find any rows that matched the query. The time ID probably doesn\'t exist in the logs table.';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1930
    $text1 = $row1['page_text'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1931
    $text2 = $row2['page_text'];
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1932
    $time1 = enano_date('F d, Y h:i a', $id1);
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  1933
    $time2 = enano_date('F d, Y h:i a', $id2);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1934
    $_ob = "
213
1316404e4ea8 Localized history page and static HTML comment interface
Dan
parents: 204
diff changeset
  1935
    <p>" . $lang->get('history_lbl_comparingrevisions') . " {$time1} &rarr; {$time2}</p>
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1936
    ";
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1937
    // Free some memory
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1938
    unset($row1, $row2, $q1, $q2);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1939
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1940
    $_ob .= RenderMan::diff($text1, $text2);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1941
    return $_ob;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1942
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1943
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1944
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1945
   * Gets ACL information about the selected page for target type X and target ID Y.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1946
   * @param array $parms What to select. This is an array purely for JSON compatibility. It should be an associative array with keys target_type and target_id.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1947
   * @return array
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1948
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1949
   
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1950
  function acl_editor($parms = Array())
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1951
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1952
    global $db, $session, $paths, $template, $plugins; // Common objects
218
e878bcf0227e Javascripted ACL editor interface localized
Dan
parents: 214
diff changeset
  1953
    global $lang;
e878bcf0227e Javascripted ACL editor interface localized
Dan
parents: 214
diff changeset
  1954
    
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1955
    if(!$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN)
40
723bb7acf914 Fixed a lot of bugs with Safari and Konqueror; improved Opera compatibility
Dan
parents: 39
diff changeset
  1956
    {
723bb7acf914 Fixed a lot of bugs with Safari and Konqueror; improved Opera compatibility
Dan
parents: 39
diff changeset
  1957
      return Array(
723bb7acf914 Fixed a lot of bugs with Safari and Konqueror; improved Opera compatibility
Dan
parents: 39
diff changeset
  1958
        'mode' => 'error',
218
e878bcf0227e Javascripted ACL editor interface localized
Dan
parents: 214
diff changeset
  1959
        'error' => $lang->get('acl_err_access_denied')
40
723bb7acf914 Fixed a lot of bugs with Safari and Konqueror; improved Opera compatibility
Dan
parents: 39
diff changeset
  1960
        );
723bb7acf914 Fixed a lot of bugs with Safari and Konqueror; improved Opera compatibility
Dan
parents: 39
diff changeset
  1961
    }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1962
    $parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1963
    $parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1964
    $page_id =& $parms['page_id'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1965
    $namespace =& $parms['namespace'];
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1966
    $page_where_clause      = ( empty($page_id) || empty($namespace) ) ? 'AND a.page_id IS NULL AND a.namespace IS NULL' : 'AND a.page_id=\'' . $db->escape($page_id) . '\' AND a.namespace=\'' . $db->escape($namespace) . '\'';
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1967
    $page_where_clause_lite = ( empty($page_id) || empty($namespace) ) ? 'AND page_id IS NULL AND namespace IS NULL' : 'AND page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\'';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1968
    //die(print_r($page_id,true));
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1969
    $template->load_theme();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1970
    // $perms_obj = $session->fetch_page_acl($page_id, $namespace);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1971
    $perms_obj =& $session;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1972
    $return = Array();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1973
    if ( !file_exists(ENANO_ROOT . '/themes/' . $session->theme . '/acledit.tpl') )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1974
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1975
      return Array(
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1976
        'mode' => 'error',
218
e878bcf0227e Javascripted ACL editor interface localized
Dan
parents: 214
diff changeset
  1977
        'error' => $lang->get('acl_err_missing_template'),
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1978
      );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1979
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1980
    $return['template'] = $template->extract_vars('acledit.tpl');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1981
    $return['page_id'] = $page_id;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1982
    $return['namespace'] = $namespace;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1983
    if(isset($parms['mode']))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1984
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1985
      switch($parms['mode'])
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1986
      {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1987
        case 'listgroups':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1988
          $return['groups'] = Array();
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1989
          $q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups ORDER BY group_name ASC;');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1990
          while($row = $db->fetchrow())
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1991
          {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1992
            $return['groups'][] = Array(
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1993
              'id' => $row['group_id'],
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1994
              'name' => $row['group_name'],
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1995
              );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1996
          }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  1997
          $db->free_result();
73
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  1998
          $return['page_groups'] = Array();
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  1999
          $q = $db->sql_query('SELECT pg_id,pg_name FROM ' . table_prefix.'page_groups ORDER BY pg_name ASC;');
73
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  2000
          if ( !$q )
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  2001
            return Array(
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  2002
              'mode' => 'error',
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  2003
              'error' => $db->get_error()
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  2004
              );
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  2005
          while ( $row = $db->fetchrow() )
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  2006
          {
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  2007
            $return['page_groups'][] = Array(
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  2008
                'id' => $row['pg_id'],
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  2009
                'name' => $row['pg_name']
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  2010
              );
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  2011
          }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2012
          break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2013
        case 'seltarget':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2014
          $return['mode'] = 'seltarget';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2015
          $return['acl_types'] = $perms_obj->acl_types;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2016
          $return['acl_deps'] = $perms_obj->acl_deps;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2017
          $return['acl_descs'] = $perms_obj->acl_descs;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2018
          $return['target_type'] = $parms['target_type'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2019
          $return['target_id'] = $parms['target_id'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2020
          switch($parms['target_type'])
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2021
          {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2022
            case ACL_TYPE_USER:
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  2023
              $q = $db->sql_query('SELECT a.rules,u.user_id FROM ' . table_prefix.'users AS u
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  2024
                  LEFT JOIN ' . table_prefix.'acl AS a
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2025
                    ON a.target_id=u.user_id
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2026
                  WHERE a.target_type='.ACL_TYPE_USER.'
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  2027
                    AND u.username=\'' . $db->escape($parms['target_id']) . '\'
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  2028
                    ' . $page_where_clause . ';');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2029
              if(!$q)
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2030
                return(Array('mode'=>'error','error'=>$db->get_error()));
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2031
              if($db->numrows() < 1)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2032
              {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2033
                $return['type'] = 'new';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  2034
                $q = $db->sql_query('SELECT user_id FROM ' . table_prefix.'users WHERE username=\'' . $db->escape($parms['target_id']) . '\';');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2035
                if(!$q)
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2036
                  return(Array('mode'=>'error','error'=>$db->get_error()));
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2037
                if($db->numrows() < 1)
218
e878bcf0227e Javascripted ACL editor interface localized
Dan
parents: 214
diff changeset
  2038
                  return Array('mode'=>'error','error'=>$lang->get('acl_err_user_not_found'));
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2039
                $row = $db->fetchrow();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2040
                $return['target_name'] = $return['target_id'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2041
                $return['target_id'] = intval($row['user_id']);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2042
                $return['current_perms'] = array();
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2043
              }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2044
              else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2045
              {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2046
                $return['type'] = 'edit';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2047
                $row = $db->fetchrow();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2048
                $return['target_name'] = $return['target_id'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2049
                $return['target_id'] = intval($row['user_id']);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2050
                $return['current_perms'] = $session->string_to_perm($row['rules']);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2051
              }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2052
              $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2053
              // Eliminate types that don't apply to this namespace
73
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  2054
              if ( $namespace && $namespace != '__PageGroup' )
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2055
              {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2056
                foreach ( $return['current_perms'] AS $i => $perm )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2057
                {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2058
                  if ( ( $page_id != null && $namespace != null ) && ( !in_array ( $namespace, $session->acl_scope[$i] ) && !in_array('All', $session->acl_scope[$i]) ) )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2059
                  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2060
                    // echo "// SCOPE CONTROL: eliminating: $i\n";
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2061
                    unset($return['current_perms'][$i]);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2062
                    unset($return['acl_types'][$i]);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2063
                    unset($return['acl_descs'][$i]);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2064
                    unset($return['acl_deps'][$i]);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2065
                  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2066
                }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2067
              }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2068
              break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2069
            case ACL_TYPE_GROUP:
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  2070
              $q = $db->sql_query('SELECT a.rules,g.group_name,g.group_id FROM ' . table_prefix.'groups AS g
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  2071
                  LEFT JOIN ' . table_prefix.'acl AS a
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2072
                    ON a.target_id=g.group_id
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2073
                  WHERE a.target_type='.ACL_TYPE_GROUP.'
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2074
                    AND g.group_id=\''.intval($parms['target_id']).'\'
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  2075
                    ' . $page_where_clause . ';');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2076
              if(!$q)
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2077
                return(Array('mode'=>'error','error'=>$db->get_error()));
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2078
              if($db->numrows() < 1)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2079
              {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2080
                $return['type'] = 'new';
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  2081
                $q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups WHERE group_id=\''.intval($parms['target_id']).'\';');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2082
                if(!$q)
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2083
                  return(Array('mode'=>'error','error'=>$db->get_error()));
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2084
                if($db->numrows() < 1)
218
e878bcf0227e Javascripted ACL editor interface localized
Dan
parents: 214
diff changeset
  2085
                  return Array('mode'=>'error','error'=>$lang->get('acl_err_bad_group_id'));
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2086
                $row = $db->fetchrow();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2087
                $return['target_name'] = $row['group_name'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2088
                $return['target_id'] = intval($row['group_id']);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2089
                $return['current_perms'] = array();
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2090
              }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2091
              else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2092
              {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2093
                $return['type'] = 'edit';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2094
                $row = $db->fetchrow();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2095
                $return['target_name'] = $row['group_name'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2096
                $return['target_id'] = intval($row['group_id']);
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2097
                $return['current_perms'] = $session->string_to_perm($row['rules']);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2098
              }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2099
              $db->free_result();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2100
              // Eliminate types that don't apply to this namespace
73
0a74676a2f2f Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents: 57
diff changeset
  2101
              if ( $namespace && $namespace != '__PageGroup' )
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2102
              {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2103
                foreach ( $return['current_perms'] AS $i => $perm )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2104
                {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2105
                  if ( ( $page_id != false && $namespace != false ) && ( !in_array ( $namespace, $session->acl_scope[$i] ) && !in_array('All', $session->acl_scope[$i]) ) )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2106
                  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2107
                    // echo "// SCOPE CONTROL: eliminating: $i\n"; //; ".print_r($namespace,true).":".print_r($page_id,true)."\n";
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2108
                    unset($return['current_perms'][$i]);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2109
                    unset($return['acl_types'][$i]);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2110
                    unset($return['acl_descs'][$i]);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2111
                    unset($return['acl_deps'][$i]);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2112
                  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2113
                }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2114
              }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2115
              //return Array('mode'=>'debug','text'=>print_r($return, true));
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2116
              break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2117
            default:
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2118
              return Array('mode'=>'error','error','Invalid ACL type ID');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2119
              break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2120
          }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2121
          return $return;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2122
          break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2123
        case 'save_new':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2124
        case 'save_edit':
19
5d003b6c9e89 Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents: 16
diff changeset
  2125
          if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89 Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents: 16
diff changeset
  2126
          {
218
e878bcf0227e Javascripted ACL editor interface localized
Dan
parents: 214
diff changeset
  2127
            return Array('mode'=>'error','error'=>$lang->get('acl_err_demo'));
19
5d003b6c9e89 Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents: 16
diff changeset
  2128
          }
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  2129
          $q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  2130
            ' . $page_where_clause_lite . ';');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2131
          if(!$q)
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2132
            return Array('mode'=>'error','error'=>$db->get_error());
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2133
          if ( sizeof ( $parms['perms'] ) < 1 )
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2134
          {
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2135
            // As of 1.1.x, this returns success because the rule length is zero if the user selected "inherit" in all columns
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2136
            return Array(
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2137
              'mode' => 'success',
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2138
              'target_type' => $parms['target_type'],
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2139
              'target_id' => $parms['target_id'],
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2140
              'target_name' => $parms['target_name'],
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2141
              'page_id' => $page_id,
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2142
              'namespace' => $namespace,
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2143
            );
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2144
          }
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2145
          $rules = $session->perm_to_string($parms['perms']);
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  2146
          $q = ($page_id && $namespace) ? 'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, page_id, namespace, rules )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  2147
                                             VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($page_id) . '\', \'' . $db->escape($namespace) . '\', \'' . $db->escape($rules) . '\' )' :
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  2148
                                          'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, rules )
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  2149
                                             VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($rules) . '\' )';
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2150
          if(!$db->sql_query($q)) return Array('mode'=>'error','error'=>$db->get_error());
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2151
          return Array(
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2152
              'mode' => 'success',
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2153
              'target_type' => $parms['target_type'],
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2154
              'target_id' => $parms['target_id'],
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2155
              'target_name' => $parms['target_name'],
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2156
              'page_id' => $page_id,
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2157
              'namespace' => $namespace,
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2158
            );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2159
          break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2160
        case 'delete':
19
5d003b6c9e89 Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents: 16
diff changeset
  2161
          if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89 Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents: 16
diff changeset
  2162
          {
218
e878bcf0227e Javascripted ACL editor interface localized
Dan
parents: 214
diff changeset
  2163
            return Array('mode'=>'error','error'=>$lang->get('acl_err_demo'));
19
5d003b6c9e89 Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents: 16
diff changeset
  2164
          }
194
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  2165
          $q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
bf0fdec102e9 SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
parents: 158
diff changeset
  2166
            ' . $page_where_clause_lite . ';');
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2167
          if(!$q)
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2168
            return Array('mode'=>'error','error'=>$db->get_error());
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2169
          return Array(
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2170
              'mode' => 'delete',
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2171
              'target_type' => $parms['target_type'],
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2172
              'target_id' => $parms['target_id'],
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2173
              'target_name' => $parms['target_name'],
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2174
              'page_id' => $page_id,
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2175
              'namespace' => $namespace,
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2176
            );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2177
          break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2178
        default:
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2179
          return Array('mode'=>'error','error'=>'Hacking attempt');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2180
          break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2181
      }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2182
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2183
    return $return;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2184
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2185
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2186
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2187
   * Same as PageUtils::acl_editor(), but the parms are a JSON string instead of an array. This also returns a JSON string.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2188
   * @param string $parms Same as PageUtils::acl_editor/$parms, but should be a valid JSON string.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2189
   * @return string
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2190
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2191
   
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2192
  function acl_json($parms = '{ }')
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2193
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2194
    global $db, $session, $paths, $template, $plugins; // Common objects
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 328
diff changeset
  2195
    $parms = enano_json_decode($parms);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2196
    $ret = PageUtils::acl_editor($parms);
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 328
diff changeset
  2197
    $ret = enano_json_encode($ret);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2198
    return $ret;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2199
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2200
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2201
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2202
   * A non-Javascript frontend for the ACL API.
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2203
   * @param array The request data, if any, this should be in the format required by PageUtils::acl_editor()
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2204
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2205
   
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2206
  function aclmanager($parms)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2207
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2208
    global $db, $session, $paths, $template, $plugins; // Common objects
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2209
    global $lang;
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2210
    ob_start();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2211
    // Convenience
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2212
    $formstart = '<form 
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2213
                    action="' . makeUrl($paths->page, 'do=aclmanager', true) . '"
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2214
                    method="post" enctype="multipart/form-data"
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2215
                    onsubmit="if(!submitAuthorized) return false;"
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2216
                    >';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2217
    $formend   = '</form>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2218
    $parms    = PageUtils::acl_preprocess($parms);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2219
    $response = PageUtils::acl_editor($parms);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2220
    $response = PageUtils::acl_postprocess($response);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2221
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2222
    //die('<pre>' . htmlspecialchars(print_r($response, true)) . '</pre>');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2223
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2224
    switch($response['mode'])
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2225
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2226
      case 'debug':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2227
        echo '<pre>' . htmlspecialchars($response['text']) . '</pre>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2228
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2229
      case 'stage1':
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2230
        echo '<h3>' . $lang->get('acl_lbl_welcome_title') . '</h3>
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2231
              <p>' . $lang->get('acl_lbl_welcome_body') . '</p>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2232
        echo $formstart;
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2233
        echo '<p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_GROUP . '" checked="checked" /> ' . $lang->get('acl_radio_usergroup') . '</label></p>
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2234
              <p><select name="data[target_id_grp]">';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2235
        foreach ( $response['groups'] as $group )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2236
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2237
          echo '<option value="' . $group['id'] . '">' . $group['name'] . '</option>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2238
        }
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2239
        
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2240
        // page group selector
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2241
        $groupsel = '';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2242
        if ( count($response['page_groups']) > 0 )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2243
        {
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2244
          $groupsel = '<p><label><input type="radio" name="data[scope]" value="page_group" /> ' . $lang->get('acl_radio_scope_pagegroup') . '</label></p>
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2245
                       <p><select name="data[pg_id]">';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2246
          foreach ( $response['page_groups'] as $grp )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2247
          {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2248
            $groupsel .= '<option value="' . $grp['id'] . '">' . htmlspecialchars($grp['name']) . '</option>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2249
          }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2250
          $groupsel .= '</select></p>';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2251
        }
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2252
        
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2253
        echo '</select></p>
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2254
              <p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_USER . '" /> ' . $lang->get('acl_radio_user') . '</label></p>
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2255
              <p>' . $template->username_field('data[target_id_user]') . '</p>
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2256
              <p>' . $lang->get('acl_lbl_scope') . '</p>
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2257
              <p><label><input name="data[scope]" value="only_this" type="radio" checked="checked" /> ' . $lang->get('acl_radio_scope_thispage') . '</p>
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2258
              ' . $groupsel . '
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2259
              <p><label><input name="data[scope]" value="entire_site" type="radio" /> ' . $lang->get('acl_radio_scope_wholesite') . '</p>
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2260
              <div style="margin: 0 auto 0 0; text-align: right;">
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2261
                <input name="data[mode]" value="seltarget" type="hidden" />
322
5f1cd51bf1be Many changes. Installer with PostgreSQL is broken badly and will be for some time.
Dan
parents: 320
diff changeset
  2262
                <input type="hidden" name="data[page_id]" value="' . $paths->page_id . '" />
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2263
                <input type="hidden" name="data[namespace]" value="' . $paths->namespace . '" />
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2264
                <input type="submit" value="' . htmlspecialchars($lang->get('etc_wizard_next')) . '" />
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2265
              </div>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2266
        echo $formend;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2267
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2268
      case 'success':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2269
        echo '<div class="info-box">
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2270
                <b>' . $lang->get('acl_lbl_save_success_title') . '</b><br />
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2271
                ' . $lang->get('acl_lbl_save_success_body', array( 'target_name' => $response['target_name'] )) . '<br />
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2272
                ' . $formstart . '
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2273
                <input type="hidden" name="data[mode]" value="seltarget" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2274
                <input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2275
                <input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2276
                <input type="hidden" name="data[target_id_grp]"  value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2277
                <input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2278
                <input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2279
                <input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2280
                <input type="submit" value="' . $lang->get('acl_btn_returnto_editor') . '" /> <input type="submit" name="data[act_go_stage1]" value="' . $lang->get('acl_btn_returnto_userscope') . '" />
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2281
                ' . $formend . '
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2282
              </div>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2283
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2284
      case 'delete':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2285
        echo '<div class="info-box">
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2286
                <b>' . $lang->get('acl_lbl_delete_success_title') . '</b><br />
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2287
                ' . $lang->get('acl_lbl_delete_success_body', array('target_name' => $response['target_name'])) . '<br />
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2288
                ' . $formstart . '
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2289
                <input type="hidden" name="data[mode]" value="seltarget" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2290
                <input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2291
                <input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2292
                <input type="hidden" name="data[target_id_grp]"  value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2293
                <input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2294
                <input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2295
                <input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2296
                <input type="submit" value="' . $lang->get('acl_btn_returnto_editor') . '" /> <input type="submit" name="data[act_go_stage1]" value="' . $lang->get('acl_btn_returnto_userscope') . '" />
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2297
                ' . $formend . '
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2298
              </div>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2299
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2300
      case 'seltarget':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2301
        if ( $response['type'] == 'edit' )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2302
        {
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2303
          echo '<h3>' . $lang->get('acl_lbl_editwin_title_edit') . '</h3>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2304
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2305
        else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2306
        {
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2307
          echo '<h3>' . $lang->get('acl_lbl_editwin_title_create') . '</h3>';
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2308
        }
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2309
        $type  = ( $response['target_type'] == ACL_TYPE_GROUP ) ? $lang->get('acl_target_type_group') : $lang->get('acl_target_type_user');
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2310
        $scope = ( $response['page_id'] ) ? ( $response['namespace'] == '__PageGroup' ? $lang->get('acl_scope_type_pagegroup') : $lang->get('acl_scope_type_thispage') ) : $lang->get('acl_scope_type_wholesite');
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2311
        $subs = array(
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2312
            'target_type' => $type,
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2313
            'target' => $response['target_name'],
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2314
            'scope_type' => $scope
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2315
          );
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2316
        echo $lang->get('acl_lbl_editwin_body', $subs);
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2317
        echo $formstart;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2318
        $parser = $template->makeParserText( $response['template']['acl_field_begin'] );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2319
        echo $parser->run();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2320
        $parser = $template->makeParserText( $response['template']['acl_field_item'] );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2321
        $cls = 'row2';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2322
        foreach ( $response['acl_types'] as $acl_type => $value )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2323
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2324
          $vars = Array(
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2325
              'FIELD_INHERIT_CHECKED' => '',
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2326
              'FIELD_DENY_CHECKED' => '',
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2327
              'FIELD_DISALLOW_CHECKED' => '',
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2328
              'FIELD_WIKIMODE_CHECKED' => '',
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2329
              'FIELD_ALLOW_CHECKED' => '',
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2330
            );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2331
          $cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2332
          $vars['ROW_CLASS'] = $cls;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2333
          
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2334
          switch ( $response['current_perms'][$acl_type] )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2335
          {
345
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2336
            case 'i':
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2337
            default:
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2338
              $vars['FIELD_INHERIT_CHECKED'] = 'checked="checked"';
4ccdfeee9a11 WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
parents: 335
diff changeset
  2339
              break;
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2340
            case AUTH_ALLOW:
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2341
              $vars['FIELD_ALLOW_CHECKED'] = 'checked="checked"';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2342
              break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2343
            case AUTH_WIKIMODE:
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2344
              $vars['FIELD_WIKIMODE_CHECKED'] = 'checked="checked"';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2345
              break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2346
            case AUTH_DISALLOW:
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2347
              $vars['FIELD_DISALLOW_CHECKED'] = 'checked="checked"';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2348
              break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2349
             case AUTH_DENY:
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2350
              $vars['FIELD_DENY_CHECKED'] = 'checked="checked"';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2351
              break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2352
          }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2353
          $vars['FIELD_NAME'] = 'data[perms][' . $acl_type . ']';
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2354
          if ( preg_match('/^([a-z0-9_]+)$/', $response['acl_descs'][$acl_type]) )
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2355
          {
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2356
            $vars['FIELD_DESC'] = $lang->get($response['acl_descs'][$acl_type]);
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2357
          }
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2358
          else
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2359
          {
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2360
            $vars['FIELD_DESC'] = $response['acl_descs'][$acl_type];
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2361
          }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2362
          $parser->assign_vars($vars);
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2363
          echo $parser->run();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2364
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2365
        $parser = $template->makeParserText( $response['template']['acl_field_end'] );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2366
        echo $parser->run();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2367
        echo '<div style="margin: 10px auto 0 0; text-align: right;">
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2368
                <input name="data[mode]" value="save_' . $response['type'] . '" type="hidden" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2369
                <input type="hidden" name="data[page_id]" value="'   . (( $response['page_id']   ) ? $response['page_id']   : 'false') . '" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2370
                <input type="hidden" name="data[namespace]" value="' . (( $response['namespace'] ) ? $response['namespace'] : 'false') . '" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2371
                <input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2372
                <input type="hidden" name="data[target_id]" value="' . $response['target_id'] . '" />
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2373
                <input type="hidden" name="data[target_name]" value="' . $response['target_name'] . '" />
219
b1530b6a06d2 Failsafe ACL editor interface localized
Dan
parents: 218
diff changeset
  2374
                ' . ( ( $response['type'] == 'edit' ) ? '<input type="submit" value="' . $lang->get('etc_save_changes') . '" />&nbsp;&nbsp;<input type="submit" name="data[act_delete_rule]" value="' . $lang->get('acl_btn_deleterule') . '" style="color: #AA0000;" onclick="return confirm(\'' . addslashes($lang->get('acl_msg_deleterule_confirm')) . '\');" />' : '<input type="submit" value="' . $lang->get('acl_btn_createrule') . '" />' ) . '
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2375
              </div>';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2376
        echo $formend;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2377
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2378
      case 'error':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2379
        ob_end_clean();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2380
        die_friendly('Error occurred', '<p>Error returned by permissions API:</p><pre>' . htmlspecialchars($response['error']) . '</pre>');
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2381
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2382
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2383
    $ret = ob_get_contents();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2384
    ob_end_clean();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2385
    echo
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2386
      $template->getHeader() .
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2387
      $ret .
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2388
      $template->getFooter();
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2389
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2390
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2391
  /**
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2392
   * Preprocessor to turn the form-submitted data from the ACL editor into something the backend can handle
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2393
   * @param array The posted data
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2394
   * @return array
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2395
   * @access private
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2396
   */
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2397
   
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2398
  function acl_preprocess($parms)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2399
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2400
    if ( !isset($parms['mode']) )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2401
      // Nothing to do
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2402
      return $parms;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2403
    switch ( $parms['mode'] )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2404
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2405
      case 'seltarget':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2406
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2407
        // Who's affected?
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2408
        $parms['target_type'] = intval( $parms['target_type'] );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2409
        $parms['target_id'] = ( $parms['target_type'] == ACL_TYPE_GROUP ) ? $parms['target_id_grp'] : $parms['target_id_user'];
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2410
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2411
      case 'save_edit':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2412
      case 'save_new':
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2413
        if ( isset($parms['act_delete_rule']) )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2414
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2415
          $parms['mode'] = 'delete';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2416
        }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2417
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2418
        // Scope (just this page or entire site?)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2419
        if ( $parms['scope'] == 'entire_site' || ( $parms['page_id'] == 'false' && $parms['namespace'] == 'false' ) )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2420
        {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2421
          $parms['page_id']   = false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2422
          $parms['namespace'] = false;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2423
        }
103
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2424
        else if ( $parms['scope'] == 'page_group' )
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2425
        {
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2426
          $parms['page_id'] = $parms['pg_id'];
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2427
          $parms['namespace'] = '__PageGroup';
a8891e108c95 Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
parents: 102
diff changeset
  2428
        }
1
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2429
        
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2430
        break;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2431
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2432
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2433
    if ( isset($parms['act_go_stage1']) )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2434
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2435
      $parms = array(
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2436
          'mode' => 'listgroups'
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2437
        );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2438
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2439
    
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2440
    return $parms;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2441
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2442
  
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2443
  function acl_postprocess($response)
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2444
  {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2445
    if(!isset($response['mode']))
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2446
    {
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2447
      if ( isset($response['groups']) )
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2448
        $response['mode'] = 'stage1';
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2449
      else
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2450
        $response = Array(
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2451
            'mode' => 'error',
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2452
            'error' => 'Invalid action passed by API backend.',
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2453
          );
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2454
    }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2455
    return $response;
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2456
  }
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2457
   
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2458
}
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2459
fe660c52c48f Adding /includes
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
  2460
?>