189 header('HTTP/1.1 404 Not Found'); |
198 header('HTTP/1.1 404 Not Found'); |
190 echo '<h3>There is no page with this title yet.</h3> |
199 echo '<h3>There is no page with this title yet.</h3> |
191 <p>You have requested a page that doesn\'t exist yet.'; |
200 <p>You have requested a page that doesn\'t exist yet.'; |
192 if($session->get_permissions('create_page')) echo ' You can <a href="'.makeUrl($paths->page, 'do=edit', true).'" onclick="ajaxEditor(); return false;">create this page</a>, or return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.'; |
201 if($session->get_permissions('create_page')) echo ' You can <a href="'.makeUrl($paths->page, 'do=edit', true).'" onclick="ajaxEditor(); return false;">create this page</a>, or return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.'; |
193 else echo ' Return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.</p>'; |
202 else echo ' Return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.</p>'; |
194 if($session->get_permissions('history_rollback')) { |
203 if ( $session->get_permissions('history_rollback') ) |
195 $e = $db->sql_query('SELECT * FROM '.table_prefix.'logs WHERE action=\'delete\' AND page_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace=\''.$pid[1].'\' ORDER BY time_id DESC;'); |
204 { |
196 if(!$e) $db->_die('The deletion log could not be selected.'); |
205 $e = $db->sql_query('SELECT * FROM ' . table_prefix.'logs WHERE action=\'delete\' AND page_id=\'' . $paths->cpage['urlname_nons'] . '\' AND namespace=\'' . $pid[1] . '\' ORDER BY time_id DESC;'); |
197 if($db->numrows() > 0) { |
206 if ( !$e ) |
|
207 { |
|
208 $db->_die('The deletion log could not be selected.'); |
|
209 } |
|
210 if ($db->numrows() > 0 ) |
|
211 { |
198 $r = $db->fetchrow(); |
212 $r = $db->fetchrow(); |
199 echo '<p>This page also appears to have some log entries in the database - it seems that it was deleted on '.$r['date_string'].'. You can probably <a href="'.makeUrl($paths->page, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">roll back</a> the deletion.</p>'; |
213 echo '<p>This page also appears to have some log entries in the database - it seems that it was deleted on ' . $r['date_string'] . '. You can probably <a href="'.makeUrl($paths->page, 'do=rollback&id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">roll back</a> the deletion.</p>'; |
200 } |
214 } |
201 $db->free_result(); |
215 $db->free_result(); |
202 } |
216 } |
203 echo '<p> |
217 echo '<p> |
204 HTTP Error: 404 Not Found |
218 HTTP Error: 404 Not Found |
336 $message = RenderMan::preprocess_text($message, false, false); |
352 $message = RenderMan::preprocess_text($message, false, false); |
337 |
353 |
338 $msg = $db->escape($message); |
354 $msg = $db->escape($message); |
339 |
355 |
340 $minor = $minor ? 'true' : 'false'; |
356 $minor = $minor ? 'true' : 'false'; |
341 $q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \''.$paths->cpage['urlname_nons'].'\', \''.$paths->namespace.'\', \''.$msg.'\', \''.$uid.'\', \''.$session->username.'\', \''.$db->escape(htmlspecialchars($summary)).'\', '.$minor.');'; |
357 $q='INSERT INTO ' . table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $paths->cpage['urlname_nons'] . '\', \'' . $paths->namespace . '\', \'' . $msg . '\', \'' . $uid . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($summary)) . '\', ' . $minor . ');'; |
342 if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.'); |
358 if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.'); |
343 |
359 |
344 $q = 'UPDATE '.table_prefix.'page_text SET page_text=\''.$msg.'\',char_tag=\''.$uid.'\' WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';'; |
360 $q = 'UPDATE ' . table_prefix.'page_text SET page_text=\'' . $msg . '\',char_tag=\'' . $uid . '\' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';'; |
345 $e = $db->sql_query($q); |
361 $e = $db->sql_query($q); |
346 if(!$e) $db->_die('Enano was unable to save the page contents. Your changes have been lost <tt>:\'(</tt>.'); |
362 if(!$e) $db->_die('Enano was unable to save the page contents. Your changes have been lost <tt>:\'(</tt>.'); |
347 |
363 |
348 $paths->rebuild_page_index($page_id, $namespace); |
364 $paths->rebuild_page_index($page_id, $namespace); |
349 |
365 |
361 { |
377 { |
362 global $db, $session, $paths, $template, $plugins; // Common objects |
378 global $db, $session, $paths, $template, $plugins; // Common objects |
363 if(in_array($namespace, Array('Special', 'Admin'))) |
379 if(in_array($namespace, Array('Special', 'Admin'))) |
364 { |
380 { |
365 // echo '<b>Notice:</b> PageUtils::createPage: You can\'t create a special page in the database<br />'; |
381 // echo '<b>Notice:</b> PageUtils::createPage: You can\'t create a special page in the database<br />'; |
366 return false; // Can't create a special page |
382 return 'You can\'t create a special page in the database'; |
367 } |
383 } |
368 |
384 |
369 if(!isset($paths->nslist[$namespace])) |
385 if(!isset($paths->nslist[$namespace])) |
370 { |
386 { |
371 // echo '<b>Notice:</b> PageUtils::createPage: Couldn\'t look up the namespace<br />'; |
387 // echo '<b>Notice:</b> PageUtils::createPage: Couldn\'t look up the namespace<br />'; |
372 return false; // Couldn't look up namespace |
388 return 'Couldn\'t look up the namespace'; |
373 } |
389 } |
374 |
390 |
375 $pname = $paths->nslist[$namespace] . $page_id; |
391 $pname = $paths->nslist[$namespace] . $page_id; |
376 if(isset($paths->pages[$pname])) |
392 if(isset($paths->pages[$pname])) |
377 { |
393 { |
378 // echo '<b>Notice:</b> PageUtils::createPage: Page already exists<br />'; |
394 // echo '<b>Notice:</b> PageUtils::createPage: Page already exists<br />'; |
379 return false; // Page already exists |
395 return 'Page already exists'; |
380 } |
396 } |
381 |
397 |
382 if(!$session->get_permissions('create_page')) |
398 if(!$session->get_permissions('create_page')) |
383 { |
399 { |
384 // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create pages<br />'; |
400 // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create pages<br />'; |
385 return false; // Access denied |
401 return 'Not authorized to create pages'; |
386 } |
402 } |
387 |
403 |
388 if($session->user_level < USER_LEVEL_ADMIN && $namespace == 'System') |
404 if($session->user_level < USER_LEVEL_ADMIN && $namespace == 'System') |
389 { |
405 { |
390 // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />'; |
406 // echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />'; |
391 return false; // Not authorized to create system messages |
407 return 'Not authorized to create system messages'; |
|
408 } |
|
409 |
|
410 if ( substr($page_id, 0, 8) == 'Project:' ) |
|
411 { |
|
412 // echo '<b>Notice:</b> PageUtils::createPage: Prefix "Project:" is reserved<br />'; |
|
413 return 'The prefix "Project:" is reserved for a parser shortcut; if a page was created using this prefix, it would not be possible to link to it.'; |
392 } |
414 } |
393 |
415 |
394 $page_id = dirtify_page_id($page_id); |
416 $page_id = dirtify_page_id($page_id); |
395 |
417 |
396 if ( !$name ) |
418 if ( !$name ) |
397 $name = str_replace('_', ' ', $page_id); |
419 $name = str_replace('_', ' ', $page_id); |
398 $regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is'; |
420 $regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is'; |
399 if(!preg_match($regex, $page)) |
421 if(!preg_match($regex, $page)) |
400 { |
422 { |
401 //echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />'; |
423 //echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />'; |
402 return false; // Name contains invalid characters |
424 return 'Name contains invalid characters'; |
403 } |
425 } |
404 |
426 |
405 $page_id = sanitize_page_id( $page_id ); |
427 $page_id = sanitize_page_id( $page_id ); |
406 |
428 |
407 $prot = ( $namespace == 'System' ) ? 1 : 0; |
429 $prot = ( $namespace == 'System' ) ? 1 : 0; |
420 |
442 |
421 // die('PageUtils::createpage: Creating page with this data:<pre>' . print_r($page_data, true) . '</pre>'); |
443 // die('PageUtils::createpage: Creating page with this data:<pre>' . print_r($page_data, true) . '</pre>'); |
422 |
444 |
423 $paths->add_page($page_data); |
445 $paths->add_page($page_data); |
424 |
446 |
425 $qa = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\''.$db->escape($name).'\', \''.$db->escape($page_id).'\', \''.$namespace.'\', '. ( $visible ? '1' : '0' ) .', '.$prot.', \'' . $db->escape(serialize($ips)) . '\');'); |
447 $qa = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\'' . $db->escape($name) . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\', '. ( $visible ? '1' : '0' ) .', ' . $prot . ', \'' . $db->escape(serialize($ips)) . '\');'); |
426 $qb = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace) VALUES(\''.$db->escape($page_id).'\', \''.$namespace.'\');'); |
448 $qb = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace) VALUES(\'' . $db->escape($page_id) . '\', \'' . $namespace . '\');'); |
427 $qc = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'create\', \''.$session->username.'\', \''.$db->escape($page_id).'\', \''.$namespace.'\');'); |
449 $qc = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'create\', \'' . $session->username . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\');'); |
428 |
450 |
429 if($qa && $qb && $qc) |
451 if($qa && $qb && $qc) |
430 return true; |
452 return 'good'; |
431 else |
453 else |
432 { |
454 { |
433 echo $db->get_error(); |
455 return $db->get_error(); |
434 return false; |
|
435 } |
456 } |
436 } |
457 } |
437 |
458 |
438 /** |
459 /** |
439 * Sets the protection level on a page. |
460 * Sets the protection level on a page. |
449 |
470 |
450 $pname = $paths->nslist[$namespace] . $page_id; |
471 $pname = $paths->nslist[$namespace] . $page_id; |
451 $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false; |
472 $wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false; |
452 $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false; |
473 $prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false; |
453 |
474 |
454 if(!$session->get_permissions('protect')) return('Insufficient access rights'); |
475 if ( !$session->get_permissions('protect') ) |
455 if(!$wiki) return('Page protection only has an effect when Wiki Mode is enabled.'); |
476 { |
456 if(!preg_match('#^([0-9]+){1}$#', (string)$level)) return('Invalid $level parameter.'); |
477 return('Insufficient access rights'); |
457 |
478 } |
458 if($reason!='NO_REASON') { |
479 if ( !$wiki ) |
459 switch($level) |
480 { |
460 { |
481 return('Page protection only has an effect when Wiki Mode is enabled.'); |
461 case 0: |
482 } |
462 $q = 'INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'unprot\', \''.$session->username.'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape(htmlspecialchars($reason)).'\');'; |
483 if ( !preg_match('#^([0-9]+){1}$#', (string)$level) ) |
463 break; |
484 { |
464 case 1: |
485 return('Invalid $level parameter.'); |
465 $q = 'INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'prot\', \''.$session->username.'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape(htmlspecialchars($reason)).'\');'; |
486 } |
466 break; |
487 |
467 case 2: |
488 switch($level) |
468 $q = 'INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'semiprot\', \''.$session->username.'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape(htmlspecialchars($reason)).'\');'; |
489 { |
469 break; |
490 case 0: |
470 default: |
491 $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'unprot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');'; |
471 return 'PageUtils::protect(): Invalid value for $level'; |
492 break; |
472 break; |
493 case 1: |
473 } |
494 $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'prot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');'; |
474 if(!$db->sql_query($q)) $db->_die('The log entry for the page protection could not be inserted.'); |
495 break; |
475 } |
496 case 2: |
476 |
497 $q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'semiprot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');'; |
477 $q = $db->sql_query('UPDATE '.table_prefix.'pages SET protected='.$_POST['level'].' WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\';'); |
498 break; |
478 if(!$q) $db->_die('The pages table was not updated.'); |
499 default: |
|
500 return 'PageUtils::protect(): Invalid value for $level'; |
|
501 break; |
|
502 } |
|
503 if(!$db->sql_query($q)) $db->_die('The log entry for the page protection could not be inserted.'); |
|
504 |
|
505 $q = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=' . $level . ' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';'); |
|
506 if ( !$q ) |
|
507 { |
|
508 $db->_die('The pages table was not updated.'); |
|
509 } |
479 |
510 |
480 return('good'); |
511 return('good'); |
481 } |
512 } |
482 |
513 |
483 /** |
514 /** |
550 else |
581 else |
551 { |
582 { |
552 $s1 = ''; |
583 $s1 = ''; |
553 $s2 = ''; |
584 $s2 = ''; |
554 } |
585 } |
555 if($ticker > 1) echo '<td class="'.$cls.'" style="padding: 0;"><input '.$s1.'name="diff1" type="radio" value="'.$r['time_id'].'" id="diff1_'.$r['time_id'].'" class="clsDiff1Radio" onclick="selectDiff1Button(this);" /></td>'."\n"; else echo '<td class="'.$cls.'"></td>'; |
586 if($ticker > 1) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s1 . 'name="diff1" type="radio" value="' . $r['time_id'] . '" id="diff1_' . $r['time_id'] . '" class="clsDiff1Radio" onclick="selectDiff1Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>'; |
556 if($ticker < $numrows) echo '<td class="'.$cls.'" style="padding: 0;"><input '.$s2.'name="diff2" type="radio" value="'.$r['time_id'].'" id="diff2_'.$r['time_id'].'" class="clsDiff2Radio" onclick="selectDiff2Button(this);" /></td>'."\n"; else echo '<td class="'.$cls.'"></td>'; |
587 if($ticker < $numrows) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s2 . 'name="diff2" type="radio" value="' . $r['time_id'] . '" id="diff2_' . $r['time_id'] . '" class="clsDiff2Radio" onclick="selectDiff2Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>'; |
557 |
588 |
558 // Date and time |
589 // Date and time |
559 echo '<td class="'.$cls.'">'.$r['date_string'].'</td class="'.$cls.'">'."\n"; |
590 echo '<td class="' . $cls . '">' . $r['date_string'] . '</td class="' . $cls . '">'."\n"; |
560 |
591 |
561 // User |
592 // User |
562 if($session->get_permissions('mod_misc') && preg_match('#^([0-9]*){1,3}\.([0-9]*){1,3}\.([0-9]*){1,3}\.([0-9]*){1,3}$#', $r['author'])) $rc = ' style="cursor: pointer;" title="Click cell background for reverse DNS info" onclick="ajaxReverseDNS(this, \''.$r['author'].'\');"'; |
593 if ( $session->get_permissions('mod_misc') && is_valid_ip($r['author']) ) |
563 else $rc = ''; |
594 { |
564 echo '<td class="'.$cls.'"'.$rc.'><a href="'.makeUrlNS('User', $r['author']).'" '; |
595 $rc = ' style="cursor: pointer;" title="Click cell background for reverse DNS info" onclick="ajaxReverseDNS(this, \'' . $r['author'] . '\');"'; |
565 if(!isPage($paths->nslist['User'] . $r['author'])) echo 'class="wikilink-nonexistent"'; |
596 } |
566 echo '>'.$r['author'].'</a></td class="'.$cls.'">'."\n"; |
597 else |
|
598 { |
|
599 $rc = ''; |
|
600 } |
|
601 echo '<td class="' . $cls . '"' . $rc . '><a href="'.makeUrlNS('User', $r['author']).'" '; |
|
602 if ( !isPage($paths->nslist['User'] . $r['author']) ) |
|
603 { |
|
604 echo 'class="wikilink-nonexistent"'; |
|
605 } |
|
606 echo '>' . $r['author'] . '</a></td class="' . $cls . '">'."\n"; |
567 |
607 |
568 // Edit summary |
608 // Edit summary |
569 echo '<td class="'.$cls.'">'.$r['edit_summary'].'</td>'."\n"; |
609 echo '<td class="' . $cls . '">' . $r['edit_summary'] . '</td>'."\n"; |
570 |
610 |
571 // Minor edit |
611 // Minor edit |
572 echo '<td class="'.$cls.'" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'."\n"; |
612 echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'."\n"; |
573 |
613 |
574 // Actions! |
614 // Actions! |
575 echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'oldid='.$r['time_id']).'" onclick="ajaxHistView(\''.$r['time_id'].'\'); return false;">View revision</a></td>'."\n"; |
615 echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'oldid=' . $r['time_id']) . '" onclick="ajaxHistView(\'' . $r['time_id'] . '\'); return false;">View revision</a></td>'."\n"; |
576 echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/'.$r['author']).'">View user contribs</a></td>'."\n"; |
616 echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">View user contribs</a></td>'."\n"; |
577 echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">Revert to this revision</a></td>'."\n"; |
617 echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">Revert to this revision</a></td>'."\n"; |
578 |
618 |
579 echo '</tr>'."\n"."\n"; |
619 echo '</tr>'."\n"."\n"; |
580 |
620 |
581 } |
621 } |
582 echo '</table> |
622 echo '</table> |
602 else $cls = 'row2'; |
642 else $cls = 'row2'; |
603 |
643 |
604 echo '<tr>'; |
644 echo '<tr>'; |
605 |
645 |
606 // Date and time |
646 // Date and time |
607 echo '<td class="'.$cls.'">'.$r['date_string'].'</td class="'.$cls.'">'; |
647 echo '<td class="' . $cls . '">' . $r['date_string'] . '</td class="' . $cls . '">'; |
608 |
648 |
609 // User |
649 // User |
610 echo '<td class="'.$cls.'"><a href="'.makeUrlNS('User', $r['author']).'" '; |
650 echo '<td class="' . $cls . '"><a href="'.makeUrlNS('User', $r['author']).'" '; |
611 if(!isPage($paths->nslist['User'] . $r['author'])) echo 'class="wikilink-nonexistent"'; |
651 if(!isPage($paths->nslist['User'] . $r['author'])) echo 'class="wikilink-nonexistent"'; |
612 echo '>'.$r['author'].'</a></td class="'.$cls.'">'; |
652 echo '>' . $r['author'] . '</a></td class="' . $cls . '">'; |
613 |
653 |
614 |
654 |
615 // Minor edit |
655 // Minor edit |
616 echo '<td class="'.$cls.'" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'; |
656 echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'; |
617 |
657 |
618 // Action taken |
658 // Action taken |
619 echo '<td class="'.$cls.'">'; |
659 echo '<td class="' . $cls . '">'; |
620 // Some of these are sanitized at insert-time. Others follow the newer Enano policy of stripping HTML at runtime. |
660 // Some of these are sanitized at insert-time. Others follow the newer Enano policy of stripping HTML at runtime. |
621 if ($r['action']=='prot') echo 'Protected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary']; |
661 if ($r['action']=='prot') echo 'Protected page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary']; |
622 elseif($r['action']=='unprot') echo 'Unprotected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary']; |
662 elseif($r['action']=='unprot') echo 'Unprotected page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary']; |
623 elseif($r['action']=='semiprot') echo 'Semi-protected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary']; |
663 elseif($r['action']=='semiprot') echo 'Semi-protected page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary']; |
624 elseif($r['action']=='rename') echo 'Renamed page</td><td class="'.$cls.'">Old title: '.htmlspecialchars($r['edit_summary']); |
664 elseif($r['action']=='rename') echo 'Renamed page</td><td class="' . $cls . '">Old title: '.htmlspecialchars($r['edit_summary']); |
625 elseif($r['action']=='create') echo 'Created page</td><td class="'.$cls.'">'; |
665 elseif($r['action']=='create') echo 'Created page</td><td class="' . $cls . '">'; |
626 elseif($r['action']=='delete') echo 'Deleted page</td><td class="'.$cls.'">Reason: '.$r['edit_summary']; |
666 elseif($r['action']=='delete') echo 'Deleted page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary']; |
627 elseif($r['action']=='reupload') echo 'Uploaded new file version</td><td class="'.$cls.'">Reason: '.htmlspecialchars($r['edit_summary']); |
667 elseif($r['action']=='reupload') echo 'Uploaded new file version</td><td class="' . $cls . '">Reason: '.htmlspecialchars($r['edit_summary']); |
628 echo '</td>'; |
668 echo '</td>'; |
629 |
669 |
630 // Actions! |
670 // Actions! |
631 echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/'.$r['author']).'">View user contribs</a></td>'; |
671 echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">View user contribs</a></td>'; |
632 echo '<td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">Revert action</a></td>'; |
672 echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">Revert action</a></td>'; |
633 |
673 |
634 //echo '(<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">rollback</a>) <i>'.$r['date_string'].'</i> '.$r['author'].' (<a href="'.makeUrl($paths->nslist['User'].$r['author']).'">Userpage</a>, <a href="'.makeUrl($paths->nslist['Special'].'Contributions/'.$r['author']).'">Contrib</a>): '; |
674 //echo '(<a href="#" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">rollback</a>) <i>' . $r['date_string'] . '</i> ' . $r['author'] . ' (<a href="'.makeUrl($paths->nslist['User'].$r['author']).'">Userpage</a>, <a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">Contrib</a>): '; |
635 |
675 |
636 if($r['minor_edit']) echo '<b> - minor edit</b>'; |
676 if($r['minor_edit']) echo '<b> - minor edit</b>'; |
637 echo '<br />'; |
677 echo '<br />'; |
638 |
678 |
639 echo '</tr>'; |
679 echo '</tr>'; |
717 { |
757 { |
718 case "edit": |
758 case "edit": |
719 if ( !$perms->get_permissions('edit_page') ) |
759 if ( !$perms->get_permissions('edit_page') ) |
720 return "You don't have permission to edit pages, so rolling back edits can't be allowed either."; |
760 return "You don't have permission to edit pages, so rolling back edits can't be allowed either."; |
721 $t = $db->escape($rb['page_text']); |
761 $t = $db->escape($rb['page_text']); |
722 $e = $db->sql_query('UPDATE '.table_prefix.'page_text SET page_text=\''.$t.'\',char_tag=\''.$rb['char_tag'].'\' WHERE page_id=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\''); |
762 $e = $db->sql_query('UPDATE ' . table_prefix.'page_text SET page_text=\'' . $t . '\',char_tag=\'' . $rb['char_tag'] . '\' WHERE page_id=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\''); |
723 if ( !$e ) |
763 if ( !$e ) |
724 { |
764 { |
725 return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace()); |
765 return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace()); |
726 } |
766 } |
727 else |
767 else |
728 { |
768 { |
729 return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the state it was in on '.$rb['date_string'].'.'; |
769 return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the state it was in on ' . $rb['date_string'] . '.'; |
730 } |
770 } |
731 break; |
771 break; |
732 case "rename": |
772 case "rename": |
733 if ( !$perms->get_permissions('rename') ) |
773 if ( !$perms->get_permissions('rename') ) |
734 return "You don't have permission to rename pages, so rolling back renames can't be allowed either."; |
774 return "You don't have permission to rename pages, so rolling back renames can't be allowed either."; |
735 $t = $db->escape($rb['edit_summary']); |
775 $t = $db->escape($rb['edit_summary']); |
736 $e = $db->sql_query('UPDATE '.table_prefix.'pages SET name=\''.$t.'\' WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\''); |
776 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET name=\'' . $t . '\' WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\''); |
737 if ( !$e ) |
777 if ( !$e ) |
738 { |
778 { |
739 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace(); |
779 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace(); |
740 } |
780 } |
741 else |
781 else |
742 { |
782 { |
743 return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the name it had ("'.$rb['edit_summary'].'") before '.$rb['date_string'].'.'; |
783 return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the name it had ("' . $rb['edit_summary'] . '") before ' . $rb['date_string'] . '.'; |
744 } |
784 } |
745 break; |
785 break; |
746 case "prot": |
786 case "prot": |
747 if ( !$perms->get_permissions('protect') ) |
787 if ( !$perms->get_permissions('protect') ) |
748 return "You don't have permission to protect pages, so rolling back protection can't be allowed either."; |
788 return "You don't have permission to protect pages, so rolling back protection can't be allowed either."; |
749 $e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=0 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\''); |
789 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=0 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\''); |
750 if ( !$e ) |
790 if ( !$e ) |
751 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace(); |
791 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace(); |
752 else |
792 else |
753 return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at '.$rb['date_string'].'.'; |
793 return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at ' . $rb['date_string'] . '.'; |
754 break; |
794 break; |
755 case "semiprot": |
795 case "semiprot": |
756 if ( !$perms->get_permissions('protect') ) |
796 if ( !$perms->get_permissions('protect') ) |
757 return "You don't have permission to protect pages, so rolling back protection can't be allowed either."; |
797 return "You don't have permission to protect pages, so rolling back protection can't be allowed either."; |
758 $e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=0 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\''); |
798 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=0 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\''); |
759 if ( !$e ) |
799 if ( !$e ) |
760 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace(); |
800 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace(); |
761 else |
801 else |
762 return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at '.$rb['date_string'].'.'; |
802 return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at ' . $rb['date_string'] . '.'; |
763 break; |
803 break; |
764 case "unprot": |
804 case "unprot": |
765 if ( !$perms->get_permissions('protect') ) |
805 if ( !$perms->get_permissions('protect') ) |
766 return "You don't have permission to protect pages, so rolling back protection can't be allowed either."; |
806 return "You don't have permission to protect pages, so rolling back protection can't be allowed either."; |
767 $e = $db->sql_query('UPDATE '.table_prefix.'pages SET protected=1 WHERE urlname=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\''); |
807 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=1 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\''); |
768 if ( !$e ) |
808 if ( !$e ) |
769 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace(); |
809 return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace(); |
770 else |
810 else |
771 return 'The page "'.$paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been protected according to the log created at '.$rb['date_string'].'.'; |
811 return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been protected according to the log created at ' . $rb['date_string'] . '.'; |
772 break; |
812 break; |
773 case "delete": |
813 case "delete": |
774 if ( !$perms->get_permissions('history_rollback_extra') ) |
814 if ( !$perms->get_permissions('history_rollback_extra') ) |
775 return 'Administrative privileges are required for page undeletion.'; |
815 return 'Administrative privileges are required for page undeletion.'; |
776 if ( isset($paths->pages[$paths->cpage['urlname']]) ) |
816 if ( isset($paths->pages[$paths->cpage['urlname']]) ) |
777 return 'You cannot raise a dead page that is alive.'; |
817 return 'You cannot raise a dead page that is alive.'; |
778 $name = str_replace('_', ' ', $rb['page_id']); |
818 $name = str_replace('_', ' ', $rb['page_id']); |
779 $e = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace) VALUES( \''.$name.'\', \''.$rb['page_id'].'\',\''.$rb['namespace'].'\' )');if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace()); |
819 $e = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace) VALUES( \'' . $name . '\', \'' . $rb['page_id'] . '\',\'' . $rb['namespace'] . '\' )');if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace()); |
780 $e = $db->sql_query('SELECT page_text,char_tag FROM '.table_prefix.'logs WHERE page_id=\''.$rb['page_id'].'\' AND namespace=\''.$rb['namespace'].'\' AND log_type=\'page\' AND action=\'edit\' ORDER BY time_id DESC;'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace()); |
820 $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'logs WHERE page_id=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\' AND log_type=\'page\' AND action=\'edit\' ORDER BY time_id DESC;'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace()); |
781 $r = $db->fetchrow(); |
821 $r = $db->fetchrow(); |
782 $e = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\''.$rb['page_id'].'\',\''.$rb['namespace'].'\',\''.$db->escape($r['page_text']).'\',\''.$r['char_tag'].'\')'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace()); |
822 $e = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\'' . $rb['page_id'] . '\',\'' . $rb['namespace'] . '\',\'' . $db->escape($r['page_text']) . '\',\'' . $r['char_tag'] . '\')'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace()); |
783 return 'The page "'.$name.'" has been undeleted according to the log created at '.$rb['date_string'].'.'; |
823 return 'The page "' . $name . '" has been undeleted according to the log created at ' . $rb['date_string'] . '.'; |
784 break; |
824 break; |
785 case "reupload": |
825 case "reupload": |
786 if ( !$session->get_permissions('history_rollbacks_extra') ) |
826 if ( !$session->get_permissions('history_rollbacks_extra') ) |
787 { |
827 { |
788 return 'Administrative privileges are required for file rollbacks.'; |
828 return 'Administrative privileges are required for file rollbacks.'; |
789 } |
829 } |
790 $newtime = time(); |
830 $newtime = time(); |
791 $newdate = date('d M Y h:i a'); |
831 $newdate = date('d M Y h:i a'); |
792 if(!$db->sql_query('UPDATE '.table_prefix.'logs SET time_id='.$newtime.',date_string=\''.$newdate.'\' WHERE time_id='.$id)) |
832 if(!$db->sql_query('UPDATE ' . table_prefix.'logs SET time_id=' . $newtime . ',date_string=\'' . $newdate . '\' WHERE time_id=' . $id)) |
793 return 'Error during query: '.mysql_error(); |
833 return 'Error during query: '.mysql_error(); |
794 if(!$db->sql_query('UPDATE '.table_prefix.'files SET time_id='.$newtime.' WHERE time_id='.$id)) |
834 if(!$db->sql_query('UPDATE ' . table_prefix.'files SET time_id=' . $newtime . ' WHERE time_id=' . $id)) |
795 return 'Error during query: '.mysql_error(); |
835 return 'Error during query: '.mysql_error(); |
796 return 'The file has been rolled back to the version uploaded on '.date('d M Y h:i a', (int)$id).'.'; |
836 return 'The file has been rolled back to the version uploaded on '.date('d M Y h:i a', (int)$id).'.'; |
797 break; |
837 break; |
798 default: |
838 default: |
799 return('Rollback of the action "'.$rb['action'].'" is not yet supported.'); |
839 return('Rollback of the action "' . $rb['action'] . '" is not yet supported.'); |
800 break; |
840 break; |
801 } |
841 } |
802 break; |
842 break; |
803 case "security": |
843 case "security": |
804 case "login": |
844 case "login": |
805 return('A '.$rb['log_type'].'-related log entry cannot be rolled back.'); |
845 return('A ' . $rb['log_type'] . '-related log entry cannot be rolled back.'); |
806 break; |
846 break; |
807 default: |
847 default: |
808 return('Unknown log entry type: "'.$rb['log_type'].'"'); |
848 return('Unknown log entry type: "' . $rb['log_type'] . '"'); |
809 } |
849 } |
810 } |
850 } |
811 |
851 |
812 /** |
852 /** |
813 * Posts a comment. |
853 * Posts a comment. |
834 } |
874 } |
835 $text = RenderMan::preprocess_text($text); |
875 $text = RenderMan::preprocess_text($text); |
836 $name = $session->user_logged_in ? RenderMan::preprocess_text($session->username) : RenderMan::preprocess_text($name); |
876 $name = $session->user_logged_in ? RenderMan::preprocess_text($session->username) : RenderMan::preprocess_text($name); |
837 $subj = RenderMan::preprocess_text($subject); |
877 $subj = RenderMan::preprocess_text($subject); |
838 if(getConfig('approve_comments')=='1') $appr = '0'; else $appr = '1'; |
878 if(getConfig('approve_comments')=='1') $appr = '0'; else $appr = '1'; |
839 $q = 'INSERT INTO '.table_prefix.'comments(page_id,namespace,subject,comment_data,name,user_id,approved,time) VALUES(\''.$page_id.'\',\''.$namespace.'\',\''.$subj.'\',\''.$text.'\',\''.$name.'\','.$session->user_id.','.$appr.','.time().')'; |
879 $q = 'INSERT INTO ' . table_prefix.'comments(page_id,namespace,subject,comment_data,name,user_id,approved,time) VALUES(\'' . $page_id . '\',\'' . $namespace . '\',\'' . $subj . '\',\'' . $text . '\',\'' . $name . '\',' . $session->user_id . ',' . $appr . ','.time().')'; |
840 $e = $db->sql_query($q); |
880 $e = $db->sql_query($q); |
841 if(!$e) die('alert(unescape(\''.rawurlencode('Error inserting comment data: '.mysql_error().'\n\nQuery:\n'.$q).'\'))'); |
881 if(!$e) die('alert(unescape(\''.rawurlencode('Error inserting comment data: '.mysql_error().'\n\nQuery:\n' . $q) . '\'))'); |
842 else $_ob .= '<div class="info-box">Your comment has been posted.</div>'; |
882 else $_ob .= '<div class="info-box">Your comment has been posted.</div>'; |
843 return PageUtils::comments($page_id, $namespace, false, Array(), $_ob); |
883 return PageUtils::comments($page_id, $namespace, false, Array(), $_ob); |
844 } |
884 } |
845 |
885 |
846 /** |
886 /** |
866 { |
906 { |
867 switch($action) { |
907 switch($action) { |
868 case "delete": |
908 case "delete": |
869 if(isset($flags['id'])) |
909 if(isset($flags['id'])) |
870 { |
910 { |
871 $q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND comment_id='.intval($flags['id']).' LIMIT 1;'; |
911 $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id='.intval($flags['id']).' LIMIT 1;'; |
872 } else { |
912 } else { |
873 $n = $db->escape($flags['name']); |
913 $n = $db->escape($flags['name']); |
874 $s = $db->escape($flags['subj']); |
914 $s = $db->escape($flags['subj']); |
875 $t = $db->escape($flags['text']); |
915 $t = $db->escape($flags['text']); |
876 $q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND name=\''.$n.'\' AND subject=\''.$s.'\' AND comment_data=\''.$t.'\' LIMIT 1;'; |
916 $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;'; |
877 } |
917 } |
878 $e=$db->sql_query($q); |
918 $e=$db->sql_query($q); |
879 if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));'); |
919 if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));'); |
880 break; |
920 break; |
881 case "approve": |
921 case "approve": |
882 if(isset($flags['id'])) |
922 if(isset($flags['id'])) |
883 { |
923 { |
884 $where = 'comment_id='.intval($flags['id']); |
924 $where = 'comment_id='.intval($flags['id']); |
885 } else { |
925 } else { |
886 $n = $db->escape($flags['name']); |
926 $n = $db->escape($flags['name']); |
887 $s = $db->escape($flags['subj']); |
927 $s = $db->escape($flags['subj']); |
888 $t = $db->escape($flags['text']); |
928 $t = $db->escape($flags['text']); |
889 $where = 'name=\''.$n.'\' AND subject=\''.$s.'\' AND comment_data=\''.$t.'\''; |
929 $where = 'name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\''; |
890 } |
930 } |
891 $q = 'SELECT approved FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND '.$where.' LIMIT 1;'; |
931 $q = 'SELECT approved FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ' LIMIT 1;'; |
892 $e = $db->sql_query($q); |
932 $e = $db->sql_query($q); |
893 if(!$e) die('alert(unesape(\''.rawurlencode('Error selecting approval status: '.mysql_error().'\n\nQuery:\n'.$q).'\'));'); |
933 if(!$e) die('alert(unesape(\''.rawurlencode('Error selecting approval status: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));'); |
894 $r = $db->fetchrow(); |
934 $r = $db->fetchrow(); |
895 $db->free_result(); |
935 $db->free_result(); |
896 $a = ( $r['approved'] ) ? '0' : '1'; |
936 $a = ( $r['approved'] ) ? '0' : '1'; |
897 $q = 'UPDATE '.table_prefix.'comments SET approved='.$a.' WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND '.$where.';'; |
937 $q = 'UPDATE ' . table_prefix.'comments SET approved=' . $a . ' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ';'; |
898 $e=$db->sql_query($q); |
938 $e=$db->sql_query($q); |
899 if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));'); |
939 if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));'); |
900 if($a=='1') $v = 'Unapprove'; |
940 if($a=='1') $v = 'Unapprove'; |
901 else $v = 'Approve'; |
941 else $v = 'Approve'; |
902 echo 'document.getElementById("mdgApproveLink'.$_GET['id'].'").innerHTML="'.$v.'";'; |
942 echo 'document.getElementById("mdgApproveLink'.intval($_GET['id']).'").innerHTML="' . $v . '";'; |
903 break; |
943 break; |
904 } |
944 } |
905 } |
945 } |
906 |
946 |
907 if(!defined('ENANO_TEMPLATE_LOADED')) |
947 if(!defined('ENANO_TEMPLATE_LOADED')) |
909 $template->load_theme($session->theme, $session->style); |
949 $template->load_theme($session->theme, $session->style); |
910 } |
950 } |
911 |
951 |
912 $tpl = $template->makeParser('comment.tpl'); |
952 $tpl = $template->makeParser('comment.tpl'); |
913 |
953 |
914 $e = $db->sql_query('SELECT * FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND approved=0;'); |
954 $e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=0;'); |
915 if(!$e) $db->_die('The comment text data could not be selected.'); |
955 if(!$e) $db->_die('The comment text data could not be selected.'); |
916 $num_unapp = $db->numrows(); |
956 $num_unapp = $db->numrows(); |
917 $db->free_result(); |
957 $db->free_result(); |
918 $e = $db->sql_query('SELECT * FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND approved=1;'); |
958 $e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=1;'); |
919 if(!$e) $db->_die('The comment text data could not be selected.'); |
959 if(!$e) $db->_die('The comment text data could not be selected.'); |
920 $num_app = $db->numrows(); |
960 $num_app = $db->numrows(); |
921 $db->free_result(); |
961 $db->free_result(); |
922 $lq = $db->sql_query('SELECT c.comment_id,c.subject,c.name,c.comment_data,c.approved,c.time,c.user_id,u.user_level,u.signature |
962 $lq = $db->sql_query('SELECT c.comment_id,c.subject,c.name,c.comment_data,c.approved,c.time,c.user_id,u.user_level,u.signature |
923 FROM '.table_prefix.'comments AS c |
963 FROM ' . table_prefix.'comments AS c |
924 LEFT JOIN '.table_prefix.'users AS u |
964 LEFT JOIN ' . table_prefix.'users AS u |
925 ON c.user_id=u.user_id |
965 ON c.user_id=u.user_id |
926 WHERE page_id=\''.$page_id.'\' |
966 WHERE page_id=\'' . $page_id . '\' |
927 AND namespace=\''.$namespace.'\' ORDER BY c.time ASC;'); |
967 AND namespace=\'' . $namespace . '\' ORDER BY c.time ASC;'); |
928 if(!$lq) _die('The comment text data could not be selected. '.mysql_error()); |
968 if(!$lq) _die('The comment text data could not be selected. '.mysql_error()); |
929 $_ob .= '<h3>Article Comments</h3>'; |
969 $_ob .= '<h3>Article Comments</h3>'; |
930 $n = ( $session->get_permissions('mod_comments')) ? $db->numrows() : $num_app; |
970 $n = ( $session->get_permissions('mod_comments')) ? $db->numrows() : $num_app; |
931 if($n==1) $s = 'is '.$n.' comment'; else $s = 'are '.$n.' comments'; |
971 if($n==1) $s = 'is ' . $n . ' comment'; else $s = 'are ' . $n . ' comments'; |
932 if($n < 1) |
972 if($n < 1) |
933 { |
973 { |
934 $_ob .= '<p>There are currently no comments on this '.strtolower($namespace).''; |
974 $_ob .= '<p>There are currently no comments on this '.strtolower($namespace).''; |
935 if($namespace != 'Article') $_ob .= ' page'; |
975 if($namespace != 'Article') $_ob .= ' page'; |
936 $_ob .= '.</p>'; |
976 $_ob .= '.</p>'; |
937 } else $_ob .= '<p>There '.$s.' on this article.'; |
977 } else $_ob .= '<p>There ' . $s . ' on this article.'; |
938 if($session->get_permissions('mod_comments') && $num_unapp > 0) $_ob .= ' <span style="color: #D84308">'.$num_unapp.' of those are unapproved.</span>'; |
978 if($session->get_permissions('mod_comments') && $num_unapp > 0) $_ob .= ' <span style="color: #D84308">' . $num_unapp . ' of those are unapproved.</span>'; |
939 elseif(!$session->get_permissions('mod_comments') && $num_unapp > 0) { $u = ($num_unapp == 1) ? "is $num_unapp comment" : "are $num_unapp comments"; $_ob .= ' However, there ' . $u . ' awating approval.'; } |
979 elseif(!$session->get_permissions('mod_comments') && $num_unapp > 0) { $u = ($num_unapp == 1) ? "is $num_unapp comment" : "are $num_unapp comments"; $_ob .= ' However, there ' . $u . ' awating approval.'; } |
940 $_ob .= '</p>'; |
980 $_ob .= '</p>'; |
941 $list = 'list = { '; |
981 $list = 'list = { '; |
942 // _die(htmlspecialchars($ttext)); |
982 // _die(htmlspecialchars($ttext)); |
943 $i = -1; |
983 $i = -1; |
944 while($row = $db->fetchrow($lq)) |
984 while($row = $db->fetchrow($lq)) |
945 { |
985 { |
946 $i++; |
986 $i++; |
947 $strings = Array(); |
987 $strings = Array(); |
948 $bool = Array(); |
988 $bool = Array(); |
949 if($session->get_permissions('mod_comments') || $row['approved']) { |
989 if ( $session->get_permissions('mod_comments') || $row['approved'] ) |
|
990 { |
950 $list .= $i . ' : { \'comment\' : unescape(\''.rawurlencode($row['comment_data']).'\'), \'name\' : unescape(\''.rawurlencode($row['name']).'\'), \'subject\' : unescape(\''.rawurlencode($row['subject']).'\'), }, '; |
991 $list .= $i . ' : { \'comment\' : unescape(\''.rawurlencode($row['comment_data']).'\'), \'name\' : unescape(\''.rawurlencode($row['name']).'\'), \'subject\' : unescape(\''.rawurlencode($row['subject']).'\'), }, '; |
951 |
992 |
952 // Comment ID (used in the Javascript apps) |
993 // Comment ID (used in the Javascript apps) |
953 $strings['ID'] = (string)$i; |
994 $strings['ID'] = (string)$i; |
954 |
995 |
1005 // Delete link |
1046 // Delete link |
1006 $strings['DELETE_LINK'] = ''; |
1047 $strings['DELETE_LINK'] = ''; |
1007 } |
1048 } |
1008 |
1049 |
1009 // Send PM link |
1050 // Send PM link |
1010 $strings['SEND_PM_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/To/'.$row['name']).'">Send private message</a><br />' : ''; |
1051 $strings['SEND_PM_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/To/' . $row['name']) . '">Send private message</a><br />' : ''; |
1011 |
1052 |
1012 // Add Buddy link |
1053 // Add Buddy link |
1013 $strings['ADD_BUDDY_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add/'.$row['name']).'">Add to buddy list</a>' : ''; |
1054 $strings['ADD_BUDDY_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add/' . $row['name']) . '">Add to buddy list</a>' : ''; |
1014 |
1055 |
1015 // Mod links |
1056 // Mod links |
1016 $applink = ''; |
1057 $applink = ''; |
1017 $applink .= '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=approve&id='.$row['comment_id']).'" id="mdgApproveLink'.$i.'">'; |
1058 $applink .= '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=approve&id=' . $row['comment_id']) . '" id="mdgApproveLink' . $i . '">'; |
1018 if($row['approved']) $applink .= 'Unapprove'; |
1059 if($row['approved']) $applink .= 'Unapprove'; |
1019 else $applink .= 'Approve'; |
1060 else $applink .= 'Approve'; |
1020 $applink .= '</a>'; |
1061 $applink .= '</a>'; |
1021 $strings['MOD_APPROVE_LINK'] = $applink; unset($applink); |
1062 $strings['MOD_APPROVE_LINK'] = $applink; unset($applink); |
1022 $strings['MOD_DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=delete&id='.$row['comment_id']).'">Delete</a>'; |
1063 $strings['MOD_DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=delete&id=' . $row['comment_id']) . '">Delete</a>'; |
1023 |
1064 |
1024 // Signature |
1065 // Signature |
1025 $strings['SIGNATURE'] = ''; |
1066 $strings['SIGNATURE'] = ''; |
1026 if($row['signature'] != '') $strings['SIGNATURE'] = RenderMan::render($row['signature']); |
1067 if($row['signature'] != '') $strings['SIGNATURE'] = RenderMan::render($row['signature']); |
1027 |
1068 |
1044 else |
1085 else |
1045 { |
1086 { |
1046 $_ob .= '<h3>Got something to say?</h3>If you have comments or suggestions on this article, you can shout it out here.'; |
1087 $_ob .= '<h3>Got something to say?</h3>If you have comments or suggestions on this article, you can shout it out here.'; |
1047 if(getConfig('approve_comments')=='1') $_ob .= ' Before your comment will be visible to the public, a moderator will have to approve it.'; |
1088 if(getConfig('approve_comments')=='1') $_ob .= ' Before your comment will be visible to the public, a moderator will have to approve it.'; |
1048 if(getConfig('comments_need_login') == '1' && !$session->user_logged_in) $_ob .= ' Because you are not logged in, you will need to enter a visual confirmation before your comment will be posted.'; |
1089 if(getConfig('comments_need_login') == '1' && !$session->user_logged_in) $_ob .= ' Because you are not logged in, you will need to enter a visual confirmation before your comment will be posted.'; |
1049 $sn = $session->user_logged_in ? $session->username . '<input name="name" id="mdgScreenName" type="hidden" value="'.$session->username.'" />' : '<input name="name" id="mdgScreenName" type="text" size="35" />'; |
1090 $sn = $session->user_logged_in ? $session->username . '<input name="name" id="mdgScreenName" type="hidden" value="' . $session->username . '" />' : '<input name="name" id="mdgScreenName" type="text" size="35" />'; |
1050 $_ob .= ' <a href="#" id="mdgCommentFormLink" style="display: none;" onclick="document.getElementById(\'mdgCommentForm\').style.display=\'block\';this.style.display=\'none\';return false;">Leave a comment...</a> |
1091 $_ob .= ' <a href="#" id="mdgCommentFormLink" style="display: none;" onclick="document.getElementById(\'mdgCommentForm\').style.display=\'block\';this.style.display=\'none\';return false;">Leave a comment...</a> |
1051 <div id="mdgCommentForm"> |
1092 <div id="mdgCommentForm"> |
1052 <h3>Comment form</h3> |
1093 <h3>Comment form</h3> |
1053 <form action="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=postcomment').'" method="post" style="margin-left: 1em"> |
1094 <form action="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=postcomment').'" method="post" style="margin-left: 1em"> |
1054 <table border="0"> |
1095 <table border="0"> |
1055 <tr><td>Your name or screen name:</td><td>'.$sn.'</td></tr> |
1096 <tr><td>Your name or screen name:</td><td>' . $sn . '</td></tr> |
1056 <tr><td>Comment subject:</td><td><input name="subj" id="mdgSubject" type="text" size="35" /></td></tr>'; |
1097 <tr><td>Comment subject:</td><td><input name="subj" id="mdgSubject" type="text" size="35" /></td></tr>'; |
1057 if(getConfig('comments_need_login') == '1' && !$session->user_logged_in) |
1098 if(getConfig('comments_need_login') == '1' && !$session->user_logged_in) |
1058 { |
1099 { |
1059 $session->kill_captcha(); |
1100 $session->kill_captcha(); |
1060 $captcha = $session->make_captcha(); |
1101 $captcha = $session->make_captcha(); |
1061 $_ob .= '<tr><td>Visual confirmation:<br /><small>Please enter the code you see on the right.</small></td><td><img src="'.makeUrlNS('Special', 'Captcha/'.$captcha).'" alt="Visual confirmation" style="cursor: pointer;" onclick="this.src = \''.makeUrlNS("Special", "Captcha/".$captcha).'/\'+Math.floor(Math.random() * 100000);" /><input name="captcha_id" id="mdgCaptchaID" type="hidden" value="'.$captcha.'" /><br />Code: <input name="captcha_input" id="mdgCaptchaInput" type="text" size="10" /><br /><small><script type="text/javascript">document.write("If you can\'t read the code, click on the image to generate a new one.");</script><noscript>If you can\'t read the code, please refresh this page to generate a new one.</noscript></small></td></tr>'; |
1102 $_ob .= '<tr><td>Visual confirmation:<br /><small>Please enter the code you see on the right.</small></td><td><img src="'.makeUrlNS('Special', 'Captcha/' . $captcha) . '" alt="Visual confirmation" style="cursor: pointer;" onclick="this.src = \''.makeUrlNS("Special", "Captcha/".$captcha).'/\'+Math.floor(Math.random() * 100000);" /><input name="captcha_id" id="mdgCaptchaID" type="hidden" value="' . $captcha . '" /><br />Code: <input name="captcha_input" id="mdgCaptchaInput" type="text" size="10" /><br /><small><script type="text/javascript">document.write("If you can\'t read the code, click on the image to generate a new one.");</script><noscript>If you can\'t read the code, please refresh this page to generate a new one.</noscript></small></td></tr>'; |
1062 } |
1103 } |
1063 $_ob .= ' |
1104 $_ob .= ' |
1064 <tr><td valign="top">Comment text:<br />(most HTML will be stripped)</td><td><textarea name="text" id="mdgCommentArea" rows="10" cols="40"></textarea></td></tr> |
1105 <tr><td valign="top">Comment text:<br />(most HTML will be stripped)</td><td><textarea name="text" id="mdgCommentArea" rows="10" cols="40"></textarea></td></tr> |
1065 <tr><td colspan="2" style="text-align: center;"><input type="submit" value="Submit Comment" /></td></tr> |
1106 <tr><td colspan="2" style="text-align: center;"><input type="submit" value="Submit Comment" /></td></tr> |
1066 </table> |
1107 </table> |
1067 </form> |
1108 </form> |
1068 </div>'; |
1109 </div>'; |
1069 } |
1110 } |
1070 } else { |
1111 } else { |
1071 $_ob .= '<h3>Got something to say?</h3><p>You need to be logged in to post comments. <a href="'.makeUrlNS('Special', 'Login/'.$pname.'%2523comments').'">Log in</a></p>'; |
1112 $_ob .= '<h3>Got something to say?</h3><p>You need to be logged in to post comments. <a href="'.makeUrlNS('Special', 'Login/' . $pname . '%2523comments').'">Log in</a></p>'; |
1072 } |
1113 } |
1073 $list .= '};'; |
1114 $list .= '};'; |
1074 echo 'document.getElementById(\'ajaxEditContainer\').innerHTML = unescape(\''. rawurlencode($_ob) .'\'); |
1115 echo 'document.getElementById(\'ajaxEditContainer\').innerHTML = unescape(\''. rawurlencode($_ob) .'\'); |
1075 ' . $list; |
1116 ' . $list; |
1076 echo 'Fat.fade_all(); document.getElementById(\'mdgCommentForm\').style.display = \'none\'; document.getElementById(\'mdgCommentFormLink\').style.display="inline";'; |
1117 echo 'Fat.fade_all(); document.getElementById(\'mdgCommentForm\').style.display = \'none\'; document.getElementById(\'mdgCommentFormLink\').style.display="inline";'; |
1137 $old_subject = $db->escape($old_subject); |
1178 $old_subject = $db->escape($old_subject); |
1138 // Safety check - username/login |
1179 // Safety check - username/login |
1139 if(!$session->get_permissions('mod_comments')) // allow mods to edit comments |
1180 if(!$session->get_permissions('mod_comments')) // allow mods to edit comments |
1140 { |
1181 { |
1141 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.'); |
1182 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.'); |
1142 $q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_data=\''.$old_text.'\' AND subject=\''.$old_subject.'\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;'; |
1183 $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;'; |
1143 $s = $db->sql_query($q); |
1184 $s = $db->sql_query($q); |
1144 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>'); |
1185 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>'); |
1145 $r = $db->fetchrow($s); |
1186 $r = $db->fetchrow($s); |
1146 $db->free_result(); |
1187 $db->free_result(); |
1147 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.'); |
1188 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.'); |
1148 } |
1189 } |
1149 $s = RenderMan::preprocess_text($subject); |
1190 $s = RenderMan::preprocess_text($subject); |
1150 $t = RenderMan::preprocess_text($text); |
1191 $t = RenderMan::preprocess_text($text); |
1151 $sql = 'UPDATE '.table_prefix.'comments SET subject=\''.$s.'\',comment_data=\''.$t.'\' WHERE comment_data=\''.$old_text.'\' AND subject=\''.$old_subject.'\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\''; |
1192 $sql = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\''; |
1152 $result = $db->sql_query($sql); |
1193 $result = $db->sql_query($sql); |
1153 if($result) |
1194 if($result) |
1154 { |
1195 { |
1155 return 'result="GOOD"; |
1196 return 'result="GOOD"; |
1156 list['.$id.'][\'subject\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $s))))).'\'); |
1197 list[' . $id . '][\'subject\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $s))))).'\'); |
1157 list['.$id.'][\'comment\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t))))).'\'); id = '.$id.'; |
1198 list[' . $id . '][\'comment\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t))))).'\'); id = ' . $id . '; |
1158 s = unescape(\''.rawurlencode($s).'\'); |
1199 s = unescape(\''.rawurlencode($s).'\'); |
1159 t = unescape(\''.str_replace('%5Cn', '<br \\/>', rawurlencode(RenderMan::render(str_replace('{{EnAnO:Newline}}', "\n", stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t)))))).'\');'; |
1200 t = unescape(\''.str_replace('%5Cn', '<br \\/>', rawurlencode(RenderMan::render(str_replace('{{EnAnO:Newline}}', "\n", stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t)))))).'\');'; |
1160 } |
1201 } |
1161 else |
1202 else |
1162 { |
1203 { |
1163 return 'result="BAD"; error=unescape("'.rawurlencode('Enano encountered a problem whilst saving the comment. |
1204 return 'result="BAD"; error=unescape("'.rawurlencode('Enano encountered a problem whilst saving the comment. |
1164 Performed SQL: |
1205 Performed SQL: |
1165 '.$sql.' |
1206 ' . $sql . ' |
1166 |
1207 |
1167 Error returned by MySQL: '.mysql_error()).'");'; |
1208 Error returned by MySQL: '.mysql_error()).'");'; |
1168 } |
1209 } |
1169 } |
1210 } |
1170 |
1211 |
1186 return 'Access denied'; |
1227 return 'Access denied'; |
1187 // Safety check - username/login |
1228 // Safety check - username/login |
1188 if(!$session->get_permissions('mod_comments')) // allow mods to edit comments |
1229 if(!$session->get_permissions('mod_comments')) // allow mods to edit comments |
1189 { |
1230 { |
1190 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.'); |
1231 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.'); |
1191 $q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_id='.$id.' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;'; |
1232 $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;'; |
1192 $s = $db->sql_query($q); |
1233 $s = $db->sql_query($q); |
1193 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>'); |
1234 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>'); |
1194 $r = $db->fetchrow($s); |
1235 $r = $db->fetchrow($s); |
1195 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.'); |
1236 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.'); |
1196 $db->free_result(); |
1237 $db->free_result(); |
1197 } |
1238 } |
1198 $s = RenderMan::preprocess_text($subject); |
1239 $s = RenderMan::preprocess_text($subject); |
1199 $t = RenderMan::preprocess_text($text); |
1240 $t = RenderMan::preprocess_text($text); |
1200 $sql = 'UPDATE '.table_prefix.'comments SET subject=\''.$s.'\',comment_data=\''.$t.'\' WHERE comment_id='.$id.' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\''; |
1241 $sql = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\''; |
1201 $result = $db->sql_query($sql); |
1242 $result = $db->sql_query($sql); |
1202 if($result) |
1243 if($result) |
1203 return 'good'; |
1244 return 'good'; |
1204 else return 'Enano encountered a problem whilst saving the comment. |
1245 else return 'Enano encountered a problem whilst saving the comment. |
1205 Performed SQL: |
1246 Performed SQL: |
1206 '.$sql.' |
1247 ' . $sql . ' |
1207 |
1248 |
1208 Error returned by MySQL: '.mysql_error(); |
1249 Error returned by MySQL: '.mysql_error(); |
1209 } |
1250 } |
1210 |
1251 |
1211 /** |
1252 /** |
1233 |
1274 |
1234 // Safety check - username/login |
1275 // Safety check - username/login |
1235 if(!$session->get_permissions('mod_comments')) // allows mods to delete comments |
1276 if(!$session->get_permissions('mod_comments')) // allows mods to delete comments |
1236 { |
1277 { |
1237 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.'); |
1278 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.'); |
1238 $q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_data=\''.$t.'\' AND subject=\''.$s.'\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;'; |
1279 $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $t . '\' AND subject=\'' . $s . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;'; |
1239 $s = $db->sql_query($q); |
1280 $s = $db->sql_query($q); |
1240 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>'); |
1281 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>'); |
1241 $r = $db->fetchrow($s); |
1282 $r = $db->fetchrow($s); |
1242 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.'); |
1283 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.'); |
1243 $db->free_result(); |
1284 $db->free_result(); |
1244 } |
1285 } |
1245 $q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND name=\''.$n.'\' AND subject=\''.$s.'\' AND comment_data=\''.$t.'\' LIMIT 1;'; |
1286 $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;'; |
1246 $e=$db->sql_query($q); |
1287 $e=$db->sql_query($q); |
1247 if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));'); |
1288 if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));'); |
1248 return('good'); |
1289 return('good'); |
1249 } |
1290 } |
1250 |
1291 |
1251 /** |
1292 /** |
1252 * Deletes a comment in a cleaner fashion. |
1293 * Deletes a comment in a cleaner fashion. |
1267 |
1308 |
1268 // Safety check - username/login |
1309 // Safety check - username/login |
1269 if(!$session->get_permissions('mod_comments')) // allows mods to delete comments |
1310 if(!$session->get_permissions('mod_comments')) // allows mods to delete comments |
1270 { |
1311 { |
1271 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.'); |
1312 if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.'); |
1272 $q = 'SELECT c.name FROM '.table_prefix.'comments c, '.table_prefix.'users u WHERE comment_id='.$id.' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND u.user_id=c.user_id;'; |
1313 $q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;'; |
1273 $s = $db->sql_query($q); |
1314 $s = $db->sql_query($q); |
1274 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>'); |
1315 if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>'); |
1275 $r = $db->fetchrow($s); |
1316 $r = $db->fetchrow($s); |
1276 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.'); |
1317 if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.'); |
1277 $db->free_result(); |
1318 $db->free_result(); |
1278 } |
1319 } |
1279 $q = 'DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\' AND comment_id='.$id.' LIMIT 1;'; |
1320 $q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id=' . $id . ' LIMIT 1;'; |
1280 $e=$db->sql_query($q); |
1321 $e=$db->sql_query($q); |
1281 if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n'.$q).'\'));'); |
1322 if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));'); |
1282 return('good'); |
1323 return('good'); |
1283 } |
1324 } |
1284 |
1325 |
1285 /** |
1326 /** |
1286 * Renames a page. |
1327 * Renames a page. |
1303 { |
1344 { |
1304 die('Name is too short'); |
1345 die('Name is too short'); |
1305 } |
1346 } |
1306 if( ( $session->get_permissions('rename') && ( ( $prot && $session->get_permissions('even_when_protected') ) || !$prot ) ) && ( $paths->namespace != 'Special' && $paths->namespace != 'Admin' )) |
1347 if( ( $session->get_permissions('rename') && ( ( $prot && $session->get_permissions('even_when_protected') ) || !$prot ) ) && ( $paths->namespace != 'Special' && $paths->namespace != 'Admin' )) |
1307 { |
1348 { |
1308 $e = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'rename\', \''.$db->escape($paths->cpage['urlname_nons']).'\', \''.$paths->namespace.'\', \''.$db->escape($session->username).'\', \''.$db->escape($paths->cpage['name']).'\')'); |
1349 $e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'rename\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $paths->namespace . '\', \'' . $db->escape($session->username) . '\', \'' . $db->escape($paths->cpage['name']) . '\')'); |
1309 if ( !$e ) |
1350 if ( !$e ) |
1310 { |
1351 { |
1311 $db->_die('The page title could not be updated.'); |
1352 $db->_die('The page title could not be updated.'); |
1312 } |
1353 } |
1313 $e = $db->sql_query('UPDATE '.table_prefix.'pages SET name=\''.$db->escape($name).'\' WHERE urlname=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\';'); |
1354 $e = $db->sql_query('UPDATE ' . table_prefix.'pages SET name=\'' . $db->escape($name) . '\' WHERE urlname=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';'); |
1314 if ( !$e ) |
1355 if ( !$e ) |
1315 { |
1356 { |
1316 $db->_die('The page title could not be updated.'); |
1357 $db->_die('The page title could not be updated.'); |
1317 } |
1358 } |
1318 else |
1359 else |
1319 { |
1360 { |
1320 return('The page "'.$paths->pages[$pname]['name'].'" has been renamed to "'.$name.'". You are encouraged to leave a comment explaining your action.' . "\n\n" . 'You will see the change take effect the next time you reload this page.'); |
1361 return('The page "' . $paths->pages[$pname]['name'] . '" has been renamed to "' . $name . '". You are encouraged to leave a comment explaining your action.' . "\n\n" . 'You will see the change take effect the next time you reload this page.'); |
1321 } |
1362 } |
1322 } |
1363 } |
1323 else |
1364 else |
1324 { |
1365 { |
1325 return('Access is denied.'); |
1366 return('Access is denied.'); |
1335 |
1376 |
1336 function flushlogs($page_id, $namespace) |
1377 function flushlogs($page_id, $namespace) |
1337 { |
1378 { |
1338 global $db, $session, $paths, $template, $plugins; // Common objects |
1379 global $db, $session, $paths, $template, $plugins; // Common objects |
1339 if(!$session->get_permissions('clear_logs')) die('Administrative privileges are required to flush logs, you loser.'); |
1380 if(!$session->get_permissions('clear_logs')) die('Administrative privileges are required to flush logs, you loser.'); |
1340 $e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE page_id=\''.$db->escape($page_id).'\' AND namespace=\''.$db->escape($namespace).'\';'); |
1381 $e = $db->sql_query('DELETE FROM ' . table_prefix.'logs WHERE page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';'); |
1341 if(!$e) $db->_die('The log entries could not be deleted.'); |
1382 if(!$e) $db->_die('The log entries could not be deleted.'); |
1342 |
1383 |
1343 // If the page exists, make a backup of it in case it gets spammed/vandalized |
1384 // If the page exists, make a backup of it in case it gets spammed/vandalized |
1344 // If not, the admin's probably deleting a trash page |
1385 // If not, the admin's probably deleting a trash page |
1345 if ( isset($paths->pages[ $paths->nslist[$namespace] . $page_id ]) ) |
1386 if ( isset($paths->pages[ $paths->nslist[$namespace] . $page_id ]) ) |
1346 { |
1387 { |
1347 $e = $db->sql_query('SELECT page_text,char_tag FROM '.table_prefix.'page_text WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';'); |
1388 $e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';'); |
1348 if(!$e) $db->_die('The current page text could not be selected; as a result, creating the backup of the page failed. Please make a backup copy of the page by clicking Edit this page and then clicking Save Changes.'); |
1389 if(!$e) $db->_die('The current page text could not be selected; as a result, creating the backup of the page failed. Please make a backup copy of the page by clicking Edit this page and then clicking Save Changes.'); |
1349 $row = $db->fetchrow(); |
1390 $row = $db->fetchrow(); |
1350 $db->free_result(); |
1391 $db->free_result(); |
1351 $q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \''.$page_id.'\', \''.$namespace.'\', \''.$db->escape($row['page_text']).'\', \''.$row['char_tag'].'\', \''.$session->username.'\', \''."Automatic backup created when logs were purged".'\', '.'false'.');'; |
1392 $q='INSERT INTO ' . table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape($row['page_text']) . '\', \'' . $row['char_tag'] . '\', \'' . $session->username . '\', \''."Automatic backup created when logs were purged".'\', '.'false'.');'; |
1352 if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.'); |
1393 if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.'); |
1353 } |
1394 } |
1354 return('The logs for this page have been cleared. A backup of this page has been added to the logs table so that this page can be restored in case of vandalism or spam later.'); |
1395 return('The logs for this page have been cleared. A backup of this page has been added to the logs table so that this page can be restored in case of vandalism or spam later.'); |
1355 } |
1396 } |
1356 |
1397 |
1370 if ( empty($x) ) |
1411 if ( empty($x) ) |
1371 { |
1412 { |
1372 return 'Invalid reason for deletion passed'; |
1413 return 'Invalid reason for deletion passed'; |
1373 } |
1414 } |
1374 if(!$perms->get_permissions('delete_page')) return('Administrative privileges are required to delete pages, you loser.'); |
1415 if(!$perms->get_permissions('delete_page')) return('Administrative privileges are required to delete pages, you loser.'); |
1375 $e = $db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'delete\', \''.$page_id.'\', \''.$namespace.'\', \''.$session->username.'\', \'' . $db->escape(htmlspecialchars($reason)) . '\')'); |
1416 $e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'delete\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\')'); |
1376 if(!$e) $db->_die('The page log entry could not be inserted.'); |
1417 if(!$e) $db->_die('The page log entry could not be inserted.'); |
1377 $e = $db->sql_query('DELETE FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\''); |
1418 $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\''); |
1378 if(!$e) $db->_die('The page categorization entries could not be deleted.'); |
1419 if(!$e) $db->_die('The page categorization entries could not be deleted.'); |
1379 $e = $db->sql_query('DELETE FROM '.table_prefix.'comments WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\''); |
1420 $e = $db->sql_query('DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\''); |
1380 if(!$e) $db->_die('The page comments could not be deleted.'); |
1421 if(!$e) $db->_die('The page comments could not be deleted.'); |
1381 $e = $db->sql_query('DELETE FROM '.table_prefix.'page_text WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\''); |
1422 $e = $db->sql_query('DELETE FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\''); |
1382 if(!$e) $db->_die('The page text entry could not be deleted.'); |
1423 if(!$e) $db->_die('The page text entry could not be deleted.'); |
1383 $e = $db->sql_query('DELETE FROM '.table_prefix.'pages WHERE urlname=\''.$page_id.'\' AND namespace=\''.$namespace.'\''); |
1424 $e = $db->sql_query('DELETE FROM ' . table_prefix.'pages WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\''); |
1384 if(!$e) $db->_die('The page entry could not be deleted.'); |
1425 if(!$e) $db->_die('The page entry could not be deleted.'); |
1385 $e = $db->sql_query('DELETE FROM '.table_prefix.'files WHERE page_id=\''.$page_id.'\''); |
1426 $e = $db->sql_query('DELETE FROM ' . table_prefix.'files WHERE page_id=\'' . $page_id . '\''); |
1386 if(!$e) $db->_die('The file entry could not be deleted.'); |
1427 if(!$e) $db->_die('The file entry could not be deleted.'); |
1387 return('This page has been deleted. Note that there is still a log of edits and actions in the database, and anyone with admin rights can raise this page from the dead unless the log is cleared. If the deleted file is an image, there may still be cached thumbnails of it in the cache/ directory, which is inaccessible to users.'); |
1428 return('This page has been deleted. Note that there is still a log of edits and actions in the database, and anyone with admin rights can raise this page from the dead unless the log is cleared. If the deleted file is an image, there may still be cached thumbnails of it in the cache/ directory, which is inaccessible to users.'); |
1388 } |
1429 } |
1389 |
1430 |
1390 /** |
1431 /** |
1635 ( !$page_perms->get_permissions('even_when_protected') && $page_data['protected'] == '1' ) ) |
1679 ( !$page_perms->get_permissions('even_when_protected') && $page_data['protected'] == '1' ) ) |
1636 $auth = false; |
1680 $auth = false; |
1637 if(!$auth) |
1681 if(!$auth) |
1638 { |
1682 { |
1639 // Find out if the page is currently in the category |
1683 // Find out if the page is currently in the category |
1640 $q = $db->sql_query('SELECT * FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';'); |
1684 $q = $db->sql_query('SELECT * FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';'); |
1641 if(!$q) |
1685 if(!$q) |
1642 return 'MySQL error: '.$db->get_error(); |
1686 return 'MySQL error: ' . $db->get_error(); |
1643 if($db->numrows() > 0) |
1687 if($db->numrows() > 0) |
1644 { |
1688 { |
1645 $auth = true; |
1689 $auth = true; |
1646 $which_cats[$cat_all[$i]['urlname_nons']] = true; // Force the category to stay in its current state |
1690 $which_cats[$cat_all[$i]['urlname_nons']] = true; // Force the category to stay in its current state |
1647 } |
1691 } |
1648 $db->free_result(); |
1692 $db->free_result(); |
1649 } |
1693 } |
1650 if(isset($which_cats[$cat_all[$i]['urlname_nons']]) && $which_cats[$cat_all[$i]['urlname_nons']] == true /* for clarity ;-) */ && $auth ) $rowlist[] = '(\''.$page_id.'\', \''.$namespace.'\', \''.$cat_all[$i]['urlname_nons'].'\')'; |
1694 if(isset($which_cats[$cat_all[$i]['urlname_nons']]) && $which_cats[$cat_all[$i]['urlname_nons']] == true /* for clarity ;-) */ && $auth ) $rowlist[] = '(\'' . $page_id . '\', \'' . $namespace . '\', \'' . $cat_all[$i]['urlname_nons'] . '\')'; |
1651 } |
1695 } |
1652 if(sizeof($rowlist) > 0) |
1696 if(sizeof($rowlist) > 0) |
1653 { |
1697 { |
1654 $val = implode(',', $rowlist); |
1698 $val = implode(',', $rowlist); |
1655 $q = 'INSERT INTO '.table_prefix.'categories(page_id,namespace,category_id) VALUES' . $val . ';'; |
1699 $q = 'INSERT INTO ' . table_prefix.'categories(page_id,namespace,category_id) VALUES' . $val . ';'; |
1656 $e = $db->sql_query('DELETE FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';'); |
1700 $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';'); |
1657 if(!$e) $db->_die('The old category data could not be deleted.'); |
1701 if(!$e) $db->_die('The old category data could not be deleted.'); |
1658 $e = $db->sql_query($q); |
1702 $e = $db->sql_query($q); |
1659 if(!$e) $db->_die('The new category data could not be inserted.'); |
1703 if(!$e) $db->_die('The new category data could not be inserted.'); |
1660 return('GOOD'); |
1704 return('GOOD'); |
1661 } |
1705 } |
1662 else |
1706 else |
1663 { |
1707 { |
1664 $e = $db->sql_query('DELETE FROM '.table_prefix.'categories WHERE page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';'); |
1708 $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';'); |
1665 if(!$e) $db->_die('The old category data could not be deleted.'); |
1709 if(!$e) $db->_die('The old category data could not be deleted.'); |
1666 return('GOOD'); |
1710 return('GOOD'); |
1667 } |
1711 } |
1668 } |
1712 } |
1669 |
1713 |
1760 return 'Access denied'; |
1822 return 'Access denied'; |
1761 if(!preg_match('#^([0-9]+)$#', (string)$id1) || |
1823 if(!preg_match('#^([0-9]+)$#', (string)$id1) || |
1762 !preg_match('#^([0-9]+)$#', (string)$id2 )) return 'SQL injection attempt'; |
1824 !preg_match('#^([0-9]+)$#', (string)$id2 )) return 'SQL injection attempt'; |
1763 // OK we made it through security |
1825 // OK we made it through security |
1764 // Safest way to make sure we don't end up with the revisions in wrong columns is to make 2 queries |
1826 // Safest way to make sure we don't end up with the revisions in wrong columns is to make 2 queries |
1765 if(!$q1 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM '.table_prefix.'logs WHERE time_id='.$id1.' AND log_type=\'page\' AND action=\'edit\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';')) return 'MySQL error: '.mysql_error(); |
1827 if(!$q1 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id1 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: '.mysql_error(); |
1766 if(!$q2 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM '.table_prefix.'logs WHERE time_id='.$id2.' AND log_type=\'page\' AND action=\'edit\' AND page_id=\''.$page_id.'\' AND namespace=\''.$namespace.'\';')) return 'MySQL error: '.mysql_error(); |
1828 if(!$q2 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id2 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: '.mysql_error(); |
1767 $row1 = $db->fetchrow($q1); |
1829 $row1 = $db->fetchrow($q1); |
1768 $db->free_result($q1); |
1830 $db->free_result($q1); |
1769 $row2 = $db->fetchrow($q2); |
1831 $row2 = $db->fetchrow($q2); |
1770 $db->free_result($q2); |
1832 $db->free_result($q2); |
1771 if(sizeof($row1) < 1 || sizeof($row2) < 2) return 'Couldn\'t find any rows that matched the query. The time ID probably doesn\'t exist in the logs table.'; |
1833 if(sizeof($row1) < 1 || sizeof($row2) < 2) return 'Couldn\'t find any rows that matched the query. The time ID probably doesn\'t exist in the logs table.'; |
1860 $return['target_type'] = $parms['target_type']; |
1922 $return['target_type'] = $parms['target_type']; |
1861 $return['target_id'] = $parms['target_id']; |
1923 $return['target_id'] = $parms['target_id']; |
1862 switch($parms['target_type']) |
1924 switch($parms['target_type']) |
1863 { |
1925 { |
1864 case ACL_TYPE_USER: |
1926 case ACL_TYPE_USER: |
1865 $q = $db->sql_query('SELECT a.rules,u.user_id FROM '.table_prefix.'users AS u |
1927 $q = $db->sql_query('SELECT a.rules,u.user_id FROM ' . table_prefix.'users AS u |
1866 LEFT JOIN '.table_prefix.'acl AS a |
1928 LEFT JOIN ' . table_prefix.'acl AS a |
1867 ON a.target_id=u.user_id |
1929 ON a.target_id=u.user_id |
1868 WHERE a.target_type='.ACL_TYPE_USER.' |
1930 WHERE a.target_type='.ACL_TYPE_USER.' |
1869 AND u.username=\''.$db->escape($parms['target_id']).'\' |
1931 AND u.username=\'' . $db->escape($parms['target_id']) . '\' |
1870 '.$page_where_clause.';'); |
1932 ' . $page_where_clause . ';'); |
1871 if(!$q) |
1933 if(!$q) |
1872 return(Array('mode'=>'error','error'=>mysql_error())); |
1934 return(Array('mode'=>'error','error'=>mysql_error())); |
1873 if($db->numrows() < 1) |
1935 if($db->numrows() < 1) |
1874 { |
1936 { |
1875 $return['type'] = 'new'; |
1937 $return['type'] = 'new'; |
1876 $q = $db->sql_query('SELECT user_id FROM '.table_prefix.'users WHERE username=\''.$db->escape($parms['target_id']).'\';'); |
1938 $q = $db->sql_query('SELECT user_id FROM ' . table_prefix.'users WHERE username=\'' . $db->escape($parms['target_id']) . '\';'); |
1877 if(!$q) |
1939 if(!$q) |
1878 return(Array('mode'=>'error','error'=>mysql_error())); |
1940 return(Array('mode'=>'error','error'=>mysql_error())); |
1879 if($db->numrows() < 1) |
1941 if($db->numrows() < 1) |
1880 return Array('mode'=>'error','error'=>'The username you entered was not found.'); |
1942 return Array('mode'=>'error','error'=>'The username you entered was not found.'); |
1881 $row = $db->fetchrow(); |
1943 $row = $db->fetchrow(); |
1907 } |
1969 } |
1908 } |
1970 } |
1909 } |
1971 } |
1910 break; |
1972 break; |
1911 case ACL_TYPE_GROUP: |
1973 case ACL_TYPE_GROUP: |
1912 $q = $db->sql_query('SELECT a.rules,g.group_name,g.group_id FROM '.table_prefix.'groups AS g |
1974 $q = $db->sql_query('SELECT a.rules,g.group_name,g.group_id FROM ' . table_prefix.'groups AS g |
1913 LEFT JOIN '.table_prefix.'acl AS a |
1975 LEFT JOIN ' . table_prefix.'acl AS a |
1914 ON a.target_id=g.group_id |
1976 ON a.target_id=g.group_id |
1915 WHERE a.target_type='.ACL_TYPE_GROUP.' |
1977 WHERE a.target_type='.ACL_TYPE_GROUP.' |
1916 AND g.group_id=\''.intval($parms['target_id']).'\' |
1978 AND g.group_id=\''.intval($parms['target_id']).'\' |
1917 '.$page_where_clause.';'); |
1979 ' . $page_where_clause . ';'); |
1918 if(!$q) |
1980 if(!$q) |
1919 return(Array('mode'=>'error','error'=>mysql_error())); |
1981 return(Array('mode'=>'error','error'=>mysql_error())); |
1920 if($db->numrows() < 1) |
1982 if($db->numrows() < 1) |
1921 { |
1983 { |
1922 $return['type'] = 'new'; |
1984 $return['type'] = 'new'; |
1923 $q = $db->sql_query('SELECT group_id,group_name FROM '.table_prefix.'groups WHERE group_id=\''.intval($parms['target_id']).'\';'); |
1985 $q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups WHERE group_id=\''.intval($parms['target_id']).'\';'); |
1924 if(!$q) |
1986 if(!$q) |
1925 return(Array('mode'=>'error','error'=>mysql_error())); |
1987 return(Array('mode'=>'error','error'=>mysql_error())); |
1926 if($db->numrows() < 1) |
1988 if($db->numrows() < 1) |
1927 return Array('mode'=>'error','error'=>'The group ID you submitted is not valid.'); |
1989 return Array('mode'=>'error','error'=>'The group ID you submitted is not valid.'); |
1928 $row = $db->fetchrow(); |
1990 $row = $db->fetchrow(); |
1966 case 'save_edit': |
2028 case 'save_edit': |
1967 if ( defined('ENANO_DEMO_MODE') ) |
2029 if ( defined('ENANO_DEMO_MODE') ) |
1968 { |
2030 { |
1969 return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.'); |
2031 return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.'); |
1970 } |
2032 } |
1971 $q = $db->sql_query('DELETE FROM '.table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).' |
2033 $q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).' |
1972 '.$page_where_clause_lite.';'); |
2034 ' . $page_where_clause_lite . ';'); |
1973 if(!$q) |
2035 if(!$q) |
1974 return Array('mode'=>'error','error'=>mysql_error()); |
2036 return Array('mode'=>'error','error'=>mysql_error()); |
1975 $rules = $session->perm_to_string($parms['perms']); |
2037 $rules = $session->perm_to_string($parms['perms']); |
1976 if ( sizeof ( $rules ) < 1 ) |
2038 if ( sizeof ( $rules ) < 1 ) |
1977 { |
2039 { |
1978 return array( |
2040 return array( |
1979 'mode' => 'error', |
2041 'mode' => 'error', |
1980 'error' => 'Supplied rule list has a length of zero' |
2042 'error' => 'Supplied rule list has a length of zero' |
1981 ); |
2043 ); |
1982 } |
2044 } |
1983 $q = ($page_id && $namespace) ? 'INSERT INTO '.table_prefix.'acl ( target_type, target_id, page_id, namespace, rules ) |
2045 $q = ($page_id && $namespace) ? 'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, page_id, namespace, rules ) |
1984 VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \''.$db->escape($page_id).'\', \''.$db->escape($namespace).'\', \''.$db->escape($rules).'\' )' : |
2046 VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($page_id) . '\', \'' . $db->escape($namespace) . '\', \'' . $db->escape($rules) . '\' )' : |
1985 'INSERT INTO '.table_prefix.'acl ( target_type, target_id, rules ) |
2047 'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, rules ) |
1986 VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \''.$db->escape($rules).'\' )'; |
2048 VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($rules) . '\' )'; |
1987 if(!$db->sql_query($q)) return Array('mode'=>'error','error'=>mysql_error()); |
2049 if(!$db->sql_query($q)) return Array('mode'=>'error','error'=>mysql_error()); |
1988 return Array( |
2050 return Array( |
1989 'mode' => 'success', |
2051 'mode' => 'success', |
1990 'target_type' => $parms['target_type'], |
2052 'target_type' => $parms['target_type'], |
1991 'target_id' => $parms['target_id'], |
2053 'target_id' => $parms['target_id'], |