equal
deleted
inserted
replaced
60 )); |
60 )); |
61 '); |
61 '); |
62 |
62 |
63 // function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace> |
63 // function names are IMPORTANT!!! The name pattern is: page_<namespace ID>_<page URLname, without namespace> |
64 |
64 |
65 function page_Special_CreatePage() { |
65 function page_Special_CreatePage() |
|
66 { |
66 global $db, $session, $paths, $template, $plugins; // Common objects |
67 global $db, $session, $paths, $template, $plugins; // Common objects |
67 if ( isset($_POST['do']) ) |
68 if ( isset($_POST['do']) ) |
68 { |
69 { |
69 $p = $_POST['pagename']; |
70 $p = $_POST['pagename']; |
70 $k = array_keys($paths->nslist); |
71 $k = array_keys($paths->nslist); |
86 $db->close(); |
87 $db->close(); |
87 |
88 |
88 exit; |
89 exit; |
89 } |
90 } |
90 $name = $db->escape(str_replace('_', ' ', $p)); |
91 $name = $db->escape(str_replace('_', ' ', $p)); |
91 $urlname = $db->escape(str_replace(' ', '_', $p)); |
92 $urlname = str_replace(' ', '_', $p); |
92 $namespace = $_POST['namespace']; |
93 $namespace = $_POST['namespace']; |
93 if ( $namespace == 'Special' || ( $namespace == 'System' && $session->user_level < USER_LEVEL_ADMIN ) || $namespace == 'Admin') |
94 if ( $namespace == 'Special' || ( $namespace == 'System' && $session->user_level < USER_LEVEL_ADMIN ) || $namespace == 'Admin') |
94 { |
95 { |
95 $template->header(); |
96 $template->header(); |
96 |
97 |
116 $k = array_keys( $paths->nslist ); |
117 $k = array_keys( $paths->nslist ); |
117 if(!in_array($_POST['namespace'], $k)) |
118 if(!in_array($_POST['namespace'], $k)) |
118 { |
119 { |
119 $db->_die('An SQL injection attempt was caught at '.dirname(__FILE__).':'.__LINE__.'.'); |
120 $db->_die('An SQL injection attempt was caught at '.dirname(__FILE__).':'.__LINE__.'.'); |
120 } |
121 } |
|
122 |
|
123 $urlname = sanitize_page_id($urlname); |
|
124 $urlname = $db->escape($urlname); |
121 |
125 |
122 $perms = $session->fetch_page_acl($urlname, $namespace); |
126 $perms = $session->fetch_page_acl($urlname, $namespace); |
123 if ( !$perms->get_permissions('create_page') ) |
127 if ( !$perms->get_permissions('create_page') ) |
124 die_friendly('Error creating page', '<p>An access control rule is preventing you from creating pages.</p>'); |
128 die_friendly('Error creating page', '<p>An access control rule is preventing you from creating pages.</p>'); |
125 |
129 |
138 if ( !$q ) |
142 if ( !$q ) |
139 { |
143 { |
140 $db->_die('The page text entry could not be inserted.'); |
144 $db->_die('The page text entry could not be inserted.'); |
141 } |
145 } |
142 |
146 |
143 header('Location: '.makeUrl($paths->nslist[$_POST['namespace']].$p)); |
147 header('Location: '.makeUrlNS($_POST['namespace'], sanitize_page_id($p))); |
144 exit; |
148 exit; |
145 } |
149 } |
146 $template->header(); |
150 $template->header(); |
147 if ( !$session->get_permissions('create_page') ) |
151 if ( !$session->get_permissions('create_page') ) |
148 { |
152 { |