diff -r faef5e62e1e0 -r 90225c988124 index.php --- a/index.php Tue Aug 25 01:43:11 2009 -0400 +++ b/index.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. @@ -15,690 +14,690 @@ * @subpackage Frontend */ - define('ENANO_INTERFACE_INDEX', ''); - - // start up Enano - require('includes/common.php'); - - // decide on HTML compacting - $aggressive_optimize_html = !defined('ENANO_DEBUG') && !isset($_GET['nocompress']); - - // Set up gzip encoding before any output is sent - global $do_gzip; - // FIXME: make this configurable - $do_gzip = !defined('ENANO_DEBUG'); - - error_reporting(E_ALL); - - if($aggressive_optimize_html || $do_gzip) - { +define('ENANO_INTERFACE_INDEX', ''); + +// start up Enano +require('includes/common.php'); + +// decide on HTML compacting +$aggressive_optimize_html = !defined('ENANO_DEBUG') && !isset($_GET['nocompress']); + +// Set up gzip encoding before any output is sent +global $do_gzip; +// FIXME: make this configurable +$do_gzip = !defined('ENANO_DEBUG'); + +error_reporting(E_ALL); + +if($aggressive_optimize_html || $do_gzip) +{ + ob_start(); +} + +global $db, $session, $paths, $template, $plugins; // Common objects +$page_timestamp = time(); + +if ( !isset($_GET['do']) ) +{ + $_GET['do'] = 'view'; +} +switch($_GET['do']) +{ + default: + $code = $plugins->setHook('page_action'); ob_start(); - } - - global $db, $session, $paths, $template, $plugins; // Common objects - $page_timestamp = time(); - - if ( !isset($_GET['do']) ) - { - $_GET['do'] = 'view'; - } - switch($_GET['do']) - { - default: - $code = $plugins->setHook('page_action'); - ob_start(); - foreach ( $code as $cmd ) - { - eval($cmd); - } - if ( $contents = ob_get_contents() ) - { - ob_end_clean(); - echo $contents; - } - else - { - die_friendly('Invalid action', '

The action "'.htmlspecialchars($_GET['do']).'" is not defined. Return to viewing this page\'s text.

'); - } - break; - case 'view': - // echo PageUtils::getpage($paths->page, true, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false )); - $rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 ); - $page = new PageProcessor( $paths->page_id, $paths->namespace, $rev_id ); - // Feed this PageProcessor to the template processor. This prevents $template from starting another - // PageProcessor when we already have one going. - $template->set_page($page); - $page->send_headers = true; - $page->allow_redir = ( !isset($_GET['redirect']) || (isset($_GET['redirect']) && $_GET['redirect'] !== 'no') ); - $pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : ''; - $page->password = $pagepass; - $page->send(true); - $page_timestamp = $page->revision_time; - break; - case 'comments': - $output->header(); - require_once(ENANO_ROOT.'/includes/pageutils.php'); - $sub = ( isset ($_GET['sub']) ) ? $_GET['sub'] : false; - switch($sub) - { - case 'admin': - default: - $act = ( isset ($_GET['action']) ) ? $_GET['action'] : false; - $id = ( isset ($_GET['id']) ) ? intval($_GET['id']) : -1; - echo PageUtils::comments_html($paths->page_id, $paths->namespace, $act, Array('id'=>$id)); - break; - case 'postcomment': - if(empty($_POST['name']) || - empty($_POST['subj']) || - empty($_POST['text']) - ) { echo 'Invalid request'; break; } - $cid = ( isset($_POST['captcha_id']) ) ? $_POST['captcha_id'] : false; - $cin = ( isset($_POST['captcha_input']) ) ? $_POST['captcha_input'] : false; - - require_once('includes/comment.php'); - $comments = new Comments($paths->page_id, $paths->namespace); - - $submission = array( - 'mode' => 'submit', - 'captcha_id' => $cid, - 'captcha_code' => $cin, - 'name' => $_POST['name'], - 'subj' => $_POST['subj'], - 'text' => $_POST['text'], - ); - - $result = $comments->process_json($submission); - if ( $result['mode'] == 'error' ) - { - echo '
' . htmlspecialchars($result['error']) . '
'; - } - else - { - echo '
' . $lang->get('comment_msg_comment_posted') . '
'; - } - - echo PageUtils::comments_html($paths->page_id, $paths->namespace); - break; - case 'editcomment': - if(!isset($_GET['id']) || ( isset($_GET['id']) && !preg_match('#^([0-9]+)$#', $_GET['id']) )) { echo '

Invalid comment ID

'; break; } - $q = $db->sql_query('SELECT subject,comment_data,comment_id FROM '.table_prefix.'comments WHERE comment_id='.$_GET['id']); - if(!$q) $db->_die('The comment data could not be selected.'); - $row = $db->fetchrow(); - $db->free_result(); - $row['subject'] = str_replace('\'', ''', $row['subject']); - echo '
'; - echo "
- - - -
" . $lang->get('comment_postform_field_subject') . "
" . $lang->get('comment_postform_field_comment') . "
"; - echo '
'; - break; - case 'savecomment': - if(empty($_POST['subj']) || empty($_POST['text'])) { echo '

Invalid request

'; break; } - $r = PageUtils::savecomment_neater($paths->page_id, $paths->namespace, $_POST['subj'], $_POST['text'], (int)$_POST['id']); - if($r != 'good') { echo "
$r
"; break; } - echo PageUtils::comments_html($paths->page_id, $paths->namespace); - break; - case 'deletecomment': - if(!empty($_GET['id'])) - { - PageUtils::deletecomment_neater($paths->page_id, $paths->namespace, (int)$_GET['id']); - } - echo PageUtils::comments_html($paths->page_id, $paths->namespace); - break; - } - $output->footer(); - break; - case 'edit': - if(isset($_POST['_cancel'])) - { - redirect(makeUrl($paths->page), '', '', 0); + foreach ( $code as $cmd ) + { + eval($cmd); + } + if ( $contents = ob_get_contents() ) + { + ob_end_clean(); + echo $contents; + } + else + { + die_friendly('Invalid action', '

The action "'.htmlspecialchars($_GET['do']).'" is not defined. Return to viewing this page\'s text.

'); + } + break; + case 'view': + // echo PageUtils::getpage($paths->page, true, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false )); + $rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 ); + $page = new PageProcessor( $paths->page_id, $paths->namespace, $rev_id ); + // Feed this PageProcessor to the template processor. This prevents $template from starting another + // PageProcessor when we already have one going. + $template->set_page($page); + $page->send_headers = true; + $page->allow_redir = ( !isset($_GET['redirect']) || (isset($_GET['redirect']) && $_GET['redirect'] !== 'no') ); + $pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : ''; + $page->password = $pagepass; + $page->send(true); + $page_timestamp = $page->revision_time; + break; + case 'comments': + $output->header(); + require_once(ENANO_ROOT.'/includes/pageutils.php'); + $sub = ( isset ($_GET['sub']) ) ? $_GET['sub'] : false; + switch($sub) + { + case 'admin': + default: + $act = ( isset ($_GET['action']) ) ? $_GET['action'] : false; + $id = ( isset ($_GET['id']) ) ? intval($_GET['id']) : -1; + echo PageUtils::comments_html($paths->page_id, $paths->namespace, $act, Array('id'=>$id)); break; - } - require_once(ENANO_ROOT.'/includes/pageutils.php'); - if(isset($_POST['_save'])) - { - $captcha_valid = true; - if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' ) - { - $captcha_valid = false; - if ( isset($_POST['captcha_id']) && isset($_POST['captcha_code']) ) - { - $hash_correct = strtolower($session->get_captcha($_POST['captcha_id'])); - $hash_input = strtolower($_POST['captcha_code']); - if ( $hash_input === $hash_correct ) - $captcha_valid = true; - } - } - if ( $captcha_valid ) + case 'postcomment': + if(empty($_POST['name']) || + empty($_POST['subj']) || + empty($_POST['text']) + ) { echo 'Invalid request'; break; } + $cid = ( isset($_POST['captcha_id']) ) ? $_POST['captcha_id'] : false; + $cin = ( isset($_POST['captcha_input']) ) ? $_POST['captcha_input'] : false; + + require_once('includes/comment.php'); + $comments = new Comments($paths->page_id, $paths->namespace); + + $submission = array( + 'mode' => 'submit', + 'captcha_id' => $cid, + 'captcha_code' => $cin, + 'name' => $_POST['name'], + 'subj' => $_POST['subj'], + 'text' => $_POST['text'], + ); + + $result = $comments->process_json($submission); + if ( $result['mode'] == 'error' ) { - $e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['page_text'], $_POST['edit_summary'], isset($_POST['minor'])); - if ( $e == 'good' ) - { - redirect(makeUrl($paths->page), $lang->get('editor_msg_save_success_title'), $lang->get('editor_msg_save_success_body'), 3); - } - } - } - $template->header(); - if ( isset($captcha_valid) ) - { - echo '
' . $lang->get('editor_err_captcha_wrong') . '
'; - } - if(isset($_POST['_preview'])) - { - $text = $_POST['page_text']; - $edsumm = $_POST['edit_summary']; - echo PageUtils::genPreview($_POST['page_text']); - $text = htmlspecialchars($text); - $revid = 0; - } - else - { - $revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0; - $page = new PageProcessor($paths->page_id, $paths->namespace, $revid); - $text = $page->fetch_source(); - $edsumm = ''; - // $text = RenderMan::getPage($paths->cpage['urlname_nons'], $paths->namespace, 0, false, false, false, false); - } - if ( $revid > 0 ) - { - $time = $page->revision_time; - // Retrieve information about this revision and the current one - $q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1 - LEFT JOIN ' . table_prefix . 'logs AS l2 - ON ( l2.log_id = ' . $revid . ' - AND l2.log_type = \'page\' - AND l2.action = \'edit\' - AND l2.page_id = \'' . $db->escape($paths->page_id) . '\' - AND l2.namespace = \'' . $db->escape($paths->namespace) . '\' - AND l1.is_draft != 1 - ) - WHERE l1.log_type = \'page\' - AND l1.action = \'edit\' - AND l1.page_id = \'' . $db->escape($paths->page_id) . '\' - AND l1.namespace = \'' . $db->escape($paths->namespace) . '\' - AND l1.time_id > ' . $time . ' - AND l1.is_draft != 1 - ORDER BY l1.time_id DESC;'); - if ( !$q ) - $db->die_json(); - - if ( $db->numrows() > 0 ) - { - echo '
' . $lang->get('editor_msg_editing_old_revision') . '
'; - - $rev_count = $db->numrows() - 2; - $row = $db->fetchrow(); - $undo_info = array( - 'old_author' => $row['oldrev_author'], - 'current_author' => $row['currentrev_author'], - 'undo_count' => max($rev_count, 1), - 'last_rev_id' => $revid - ); + echo '
' . htmlspecialchars($result['error']) . '
'; } else { - $revid = 0; + echo '
' . $lang->get('comment_msg_comment_posted') . '
'; } + + echo PageUtils::comments_html($paths->page_id, $paths->namespace); + break; + case 'editcomment': + if(!isset($_GET['id']) || ( isset($_GET['id']) && !preg_match('#^([0-9]+)$#', $_GET['id']) )) { echo '

Invalid comment ID

'; break; } + $q = $db->sql_query('SELECT subject,comment_data,comment_id FROM '.table_prefix.'comments WHERE comment_id='.$_GET['id']); + if(!$q) $db->_die('The comment data could not be selected.'); + $row = $db->fetchrow(); $db->free_result(); - } - echo ' -
-
-
-
- '; - $edsumm = ( $revid > 0 ) ? $lang->get('editor_reversion_edit_summary', $undo_info) : $edsumm; - echo $lang->get('editor_lbl_edit_summary') . '

'; + $row['subject'] = str_replace('\'', ''', $row['subject']); + echo ''; + echo "
+ + + +
" . $lang->get('comment_postform_field_subject') . "
" . $lang->get('comment_postform_field_comment') . "
"; + echo '
'; + break; + case 'savecomment': + if(empty($_POST['subj']) || empty($_POST['text'])) { echo '

Invalid request

'; break; } + $r = PageUtils::savecomment_neater($paths->page_id, $paths->namespace, $_POST['subj'], $_POST['text'], (int)$_POST['id']); + if($r != 'good') { echo "
$r
"; break; } + echo PageUtils::comments_html($paths->page_id, $paths->namespace); + break; + case 'deletecomment': + if(!empty($_GET['id'])) + { + PageUtils::deletecomment_neater($paths->page_id, $paths->namespace, (int)$_GET['id']); + } + echo PageUtils::comments_html($paths->page_id, $paths->namespace); + break; + } + $output->footer(); + break; + case 'edit': + if(isset($_POST['_cancel'])) + { + redirect(makeUrl($paths->page), '', '', 0); + break; + } + require_once(ENANO_ROOT.'/includes/pageutils.php'); + if(isset($_POST['_save'])) + { + $captcha_valid = true; if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' ) { - echo '
'; - echo '' . $lang->get('editor_lbl_field_captcha') . '
' - . '
' - . $lang->get('editor_msg_captcha_pleaseenter') . '

' - . $lang->get('editor_msg_captcha_blind'); - echo '
'; - $hash = $session->make_captcha(); - echo '
'; - echo ''; - echo $lang->get('editor_lbl_field_captcha_code') . ' '; - echo '
'; + $captcha_valid = false; + if ( isset($_POST['captcha_id']) && isset($_POST['captcha_code']) ) + { + $hash_correct = strtolower($session->get_captcha($_POST['captcha_id'])); + $hash_input = strtolower($_POST['captcha_code']); + if ( $hash_input === $hash_correct ) + $captcha_valid = true; + } } - echo '
- - - - - - '; - if ( getConfig('wiki_edit_notice', '0') == '1' ) + if ( $captcha_valid ) { - $notice = getConfig('wiki_edit_notice_text'); - echo RenderMan::render($notice); + $e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['page_text'], $_POST['edit_summary'], isset($_POST['minor'])); + if ( $e == 'good' ) + { + redirect(makeUrl($paths->page), $lang->get('editor_msg_save_success_title'), $lang->get('editor_msg_save_success_body'), 3); + } } - $template->footer(); - break; - case 'viewsource': - $template->header(); - $text = RenderMan::getPage($paths->page_id, $paths->namespace, 0, false, false, false, false); + } + $template->header(); + if ( isset($captcha_valid) ) + { + echo '
' . $lang->get('editor_err_captcha_wrong') . '
'; + } + if(isset($_POST['_preview'])) + { + $text = $_POST['page_text']; + $edsumm = $_POST['edit_summary']; + echo PageUtils::genPreview($_POST['page_text']); $text = htmlspecialchars($text); - echo ' -
-
- '; - echo '
- -
- '; - $template->footer(); - break; - case 'history': - require_once(ENANO_ROOT.'/includes/pageutils.php'); - $hist = PageUtils::histlist($paths->page_id, $paths->namespace); - $template->header(); - echo $hist; - $template->footer(); - break; - case 'rollback': - $id = (isset($_GET['id'])) ? $_GET['id'] : false; - if(!$id || !ctype_digit($id)) die_friendly('Invalid action ID', '

The URL parameter "id" is not an integer. Exiting to prevent nasties like SQL injection, etc.

'); + $revid = 0; + } + else + { + $revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0; + $page = new PageProcessor($paths->page_id, $paths->namespace, $revid); + $text = $page->fetch_source(); + $edsumm = ''; + // $text = RenderMan::getPage($paths->cpage['urlname_nons'], $paths->namespace, 0, false, false, false, false); + } + if ( $revid > 0 ) + { + $time = $page->revision_time; + // Retrieve information about this revision and the current one + $q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1 +LEFT JOIN ' . table_prefix . 'logs AS l2 + ON ( l2.log_id = ' . $revid . ' + AND l2.log_type = \'page\' + AND l2.action = \'edit\' + AND l2.page_id = \'' . $db->escape($paths->page_id) . '\' + AND l2.namespace = \'' . $db->escape($paths->namespace) . '\' + AND l1.is_draft != 1 + ) +WHERE l1.log_type = \'page\' + AND l1.action = \'edit\' + AND l1.page_id = \'' . $db->escape($paths->page_id) . '\' + AND l1.namespace = \'' . $db->escape($paths->namespace) . '\' + AND l1.time_id > ' . $time . ' + AND l1.is_draft != 1 +ORDER BY l1.time_id DESC;'); + if ( !$q ) + $db->die_json(); - $id = intval($id); - - $page = new PageProcessor($paths->page_id, $paths->namespace); - $result = $page->rollback_log_entry($id); - - if ( $result['success'] ) + if ( $db->numrows() > 0 ) { - $result = $lang->get("page_msg_rb_success_{$result['action']}", array('dateline' => $result['dateline'])); + echo '
' . $lang->get('editor_msg_editing_old_revision') . '
'; + + $rev_count = $db->numrows() - 2; + $row = $db->fetchrow(); + $undo_info = array( + 'old_author' => $row['oldrev_author'], + 'current_author' => $row['currentrev_author'], + 'undo_count' => max($rev_count, 1), + 'last_rev_id' => $revid + ); } else { - $result = $lang->get("page_err_{$result['error']}", array('action' => @$result['action'])); + $revid = 0; } - - $template->header(); - echo '

'.$result.' ' . $lang->get('etc_return_to_page') . '

'; - $template->footer(); - break; - case 'catedit': - require_once(ENANO_ROOT.'/includes/pageutils.php'); - if(isset($_POST['__enanoSaveButton'])) - { - unset($_POST['__enanoSaveButton']); - $val = PageUtils::catsave($paths->page_id, $paths->namespace, $_POST); - if($val == 'GOOD') - { - header('Location: '.makeUrl($paths->page)); echo 'Redirecting...If you haven\'t been redirected yet, click here.'; break; - } else { - die_friendly('Error saving category information', '

'.$val.'

'); - } - } - elseif(isset($_POST['__enanoCatCancel'])) + $db->free_result(); + } + echo ' +
+
+
+
+ '; + $edsumm = ( $revid > 0 ) ? $lang->get('editor_reversion_edit_summary', $undo_info) : $edsumm; + echo $lang->get('editor_lbl_edit_summary') . '

'; + if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' ) + { + echo '
'; + echo '' . $lang->get('editor_lbl_field_captcha') . '
' + . '
' + . $lang->get('editor_msg_captcha_pleaseenter') . '

' + . $lang->get('editor_msg_captcha_blind'); + echo '
'; + $hash = $session->make_captcha(); + echo '
'; + echo ''; + echo $lang->get('editor_lbl_field_captcha_code') . ' '; + echo '
'; + } + echo '
+ + + + +
+ '; + if ( getConfig('wiki_edit_notice', '0') == '1' ) + { + $notice = getConfig('wiki_edit_notice_text'); + echo RenderMan::render($notice); + } + $template->footer(); + break; + case 'viewsource': + $template->header(); + $text = RenderMan::getPage($paths->page_id, $paths->namespace, 0, false, false, false, false); + $text = htmlspecialchars($text); + echo ' +
+
+ '; + echo '
+ +
+ '; + $template->footer(); + break; + case 'history': + require_once(ENANO_ROOT.'/includes/pageutils.php'); + $hist = PageUtils::histlist($paths->page_id, $paths->namespace); + $template->header(); + echo $hist; + $template->footer(); + break; + case 'rollback': + $id = (isset($_GET['id'])) ? $_GET['id'] : false; + if(!$id || !ctype_digit($id)) die_friendly('Invalid action ID', '

The URL parameter "id" is not an integer. Exiting to prevent nasties like SQL injection, etc.

'); + + $id = intval($id); + + $page = new PageProcessor($paths->page_id, $paths->namespace); + $result = $page->rollback_log_entry($id); + + if ( $result['success'] ) + { + $result = $lang->get("page_msg_rb_success_{$result['action']}", array('dateline' => $result['dateline'])); + } + else + { + $result = $lang->get("page_err_{$result['error']}", array('action' => @$result['action'])); + } + + $template->header(); + echo '

'.$result.' ' . $lang->get('etc_return_to_page') . '

'; + $template->footer(); + break; + case 'catedit': + require_once(ENANO_ROOT.'/includes/pageutils.php'); + if(isset($_POST['__enanoSaveButton'])) + { + unset($_POST['__enanoSaveButton']); + $val = PageUtils::catsave($paths->page_id, $paths->namespace, $_POST); + if($val == 'GOOD') { header('Location: '.makeUrl($paths->page)); echo 'Redirecting...If you haven\'t been redirected yet, click here.'; break; + } else { + die_friendly('Error saving category information', '

'.$val.'

'); } - $template->header(); - $c = PageUtils::catedit_raw($paths->page_id, $paths->namespace); - echo $c[1]; - $template->footer(); - break; - case 'moreoptions': - $template->header(); - echo ''; - $template->footer(); - break; - case 'protect': - if ( !$session->sid_super ) + } + elseif(isset($_POST['__enanoCatCancel'])) + { + header('Location: '.makeUrl($paths->page)); echo 'Redirecting...If you haven\'t been redirected yet, click here.'; break; + } + $template->header(); + $c = PageUtils::catedit_raw($paths->page_id, $paths->namespace); + echo $c[1]; + $template->footer(); + break; + case 'moreoptions': + $template->header(); + echo ''; + $template->footer(); + break; + case 'protect': + if ( !$session->sid_super ) + { + redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=protect&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); + } + + if ( isset($_POST['level']) && isset($_POST['reason']) ) + { + $level = intval($_POST['level']); + if ( !in_array($level, array(PROTECT_FULL, PROTECT_SEMI, PROTECT_NONE)) ) { - redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=protect&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); + $errors[] = 'bad level'; + } + $reason = trim($_POST['reason']); + if ( empty($reason) ) + { + $errors[] = $lang->get('onpage_protect_err_need_reason'); } - if ( isset($_POST['level']) && isset($_POST['reason']) ) + $page = new PageProcessor($paths->page_id, $paths->namespace); + $result = $page->protect_page($level, $reason); + if ( $result['success'] ) + { + redirect(makeUrl($paths->page), $lang->get('page_protect_lbl_success_title'), $lang->get('page_protect_lbl_success_body', array('page_link' => makeUrl($paths->page, false, true))), 3); + } + else { - $level = intval($_POST['level']); - if ( !in_array($level, array(PROTECT_FULL, PROTECT_SEMI, PROTECT_NONE)) ) - { - $errors[] = 'bad level'; - } - $reason = trim($_POST['reason']); - if ( empty($reason) ) - { - $errors[] = $lang->get('onpage_protect_err_need_reason'); - } - - $page = new PageProcessor($paths->page_id, $paths->namespace); - $result = $page->protect_page($level, $reason); - if ( $result['success'] ) - { - redirect(makeUrl($paths->page), $lang->get('page_protect_lbl_success_title'), $lang->get('page_protect_lbl_success_body', array('page_link' => makeUrl($paths->page, false, true))), 3); - } - else - { - $errors[] = $lang->get('page_err_' . $result['error']); - } + $errors[] = $lang->get('page_err_' . $result['error']); } - $template->header(); + } + $template->header(); + ?> +
+

get('onpage_protect_heading'); ?>

+

get('onpage_protect_msg_select_level'); ?>

+ +
  • ' . implode('
  • ', $errors) . '
  • '; + } ?> - -

    get('onpage_protect_heading'); ?>

    -

    get('onpage_protect_msg_select_level'); ?>

    - -
  • ' . implode('
  • ', $errors) . '
  • '; - } - ?> - -
    - -
    -
    - get('onpage_protect_btn_full_hint'); ?> -
    - -
    - -
    -
    - get('onpage_protect_btn_semi_hint'); ?> -
    - -
    - -
    -
    - get('onpage_protect_btn_none_hint'); ?> -
    - - - - - - -
    - get('onpage_protect_lbl_reason'); ?> - -
    - get('onpage_protect_lbl_reason_hint'); ?> -
    - -

    - - get('etc_cancel'); ?> -

    + +
    + +
    +
    + get('onpage_protect_btn_full_hint'); ?> +
    + +
    + +
    +
    + get('onpage_protect_btn_semi_hint'); ?> +
    + +
    + +
    +
    + get('onpage_protect_btn_none_hint'); ?> +
    + + + + + + +
    + get('onpage_protect_lbl_reason'); ?> + +
    + get('onpage_protect_lbl_reason_hint'); ?> +
    + +

    + + get('etc_cancel'); ?> +

    +
    + footer(); + break; + case 'rename': + require_once(ENANO_ROOT.'/includes/pageutils.php'); + if(!empty($_POST['newname'])) + { + $r = PageUtils::rename($paths->page_id, $paths->namespace, $_POST['newname']); + die_friendly($lang->get('page_rename_success_title'), '

    '.nl2br($r).' ' . $lang->get('etc_return_to_page') . '.

    '); + } + $template->header(); + ?> +
    + ' . $lang->get('page_rename_err_need_name') . '

    '; ?> +

    get('page_rename_lbl'); ?>

    +

    +

    +
    + footer(); + break; + case 'flushlogs': + if(!$session->get_permissions('clear_logs')) + { + die_friendly($lang->get('etc_access_denied_short'), '

    ' . $lang->get('etc_access_denied') . '

    '); + } + if ( !$session->sid_super ) + { + redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=flushlogs&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); + } + require_once(ENANO_ROOT.'/includes/pageutils.php'); + if(isset($_POST['_downthejohn'])) + { + $template->header(); + $result = PageUtils::flushlogs($paths->page_id, $paths->namespace); + echo '

    '.$result.' ' . $lang->get('etc_return_to_page') . '.

    '; + $template->footer(); + break; + } + $template->header(); + ?> +
    + get('page_flushlogs_warning_stern'); ?> +

    footer(); + break; + case 'delvote': + require_once(ENANO_ROOT.'/includes/pageutils.php'); + if(isset($_POST['_ballotbox'])) + { + $template->header(); + $result = PageUtils::delvote($paths->page_id, $paths->namespace); + echo '

    '.$result.' ' . $lang->get('etc_return_to_page') . '.

    '; $template->footer(); break; - case 'rename': - require_once(ENANO_ROOT.'/includes/pageutils.php'); - if(!empty($_POST['newname'])) - { - $r = PageUtils::rename($paths->page_id, $paths->namespace, $_POST['newname']); - die_friendly($lang->get('page_rename_success_title'), '

    '.nl2br($r).' ' . $lang->get('etc_return_to_page') . '.

    '); - } - $template->header(); + } + $template->header(); ?> -
    - ' . $lang->get('page_rename_err_need_name') . '

    '; ?> -

    get('page_rename_lbl'); ?>

    -

    -

    + + get('page_delvote_warning_stern'); + echo '

    '; + switch($paths->cpage['delvotes']) + { + case 0: echo $lang->get('page_delvote_count_zero'); break; + case 1: echo $lang->get('page_delvote_count_one'); break; + default: echo $lang->get('page_delvote_count_plural', array('delvotes' => $paths->cpage['delvotes'])); break; + } + echo '

    '; + ?> +

    footer(); + $template->footer(); + break; + case 'resetvotes': + require_once(ENANO_ROOT.'/includes/pageutils.php'); + if(!$session->get_permissions('vote_reset')) + { + die_friendly($lang->get('etc_access_denied_short'), '

    ' . $lang->get('etc_access_denied') . '

    '); + } + if(isset($_POST['_youmaylivealittlelonger'])) + { + $template->header(); + $result = PageUtils::resetdelvotes($paths->page_id, $paths->namespace); + echo '

    '.$result.' ' . $lang->get('etc_return_to_page') . '.

    '; + $template->footer(); break; - case 'flushlogs': - if(!$session->get_permissions('clear_logs')) - { - die_friendly($lang->get('etc_access_denied_short'), '

    ' . $lang->get('etc_access_denied') . '

    '); - } - if ( !$session->sid_super ) - { - redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=flushlogs&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); - } - require_once(ENANO_ROOT.'/includes/pageutils.php'); - if(isset($_POST['_downthejohn'])) + } + $template->header(); + ?> +
    +

    get('ajax_delvote_reset_confirm'); ?>

    +

    +
    + footer(); + break; + case 'deletepage': + if(!$session->get_permissions('delete_page')) + { + die_friendly($lang->get('etc_access_denied_short'), '

    ' . $lang->get('etc_access_denied') . '

    '); + } + if ( !$session->sid_super ) + { + redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=deletepage&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); + } + + require_once(ENANO_ROOT.'/includes/pageutils.php'); + if(isset($_POST['_adiossucker'])) + { + $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false; + if ( empty($reason) ) + $error = $lang->get('ajax_delete_prompt_reason'); + else { $template->header(); - $result = PageUtils::flushlogs($paths->page_id, $paths->namespace); + $result = PageUtils::deletepage($paths->page_id, $paths->namespace, $reason); echo '

    '.$result.' ' . $lang->get('etc_return_to_page') . '.

    '; $template->footer(); break; } - $template->header(); - ?> -
    - get('page_flushlogs_warning_stern'); ?> -

    -
    - footer(); - break; - case 'delvote': - require_once(ENANO_ROOT.'/includes/pageutils.php'); - if(isset($_POST['_ballotbox'])) + } + $template->header(); + ?> +
    + get('page_delete_warning_stern'); ?> + $error

    "; ?> +

    get('page_delete_lbl_reason'); ?>

    +

    +
    + footer(); + break; + case 'setwikimode': + if(!$session->get_permissions('set_wiki_mode')) + { + die_friendly($lang->get('etc_access_denied_short'), '

    ' . $lang->get('etc_access_denied') . '

    '); + } + if ( isset($_POST['finish']) ) + { + $level = intval($_POST['level']); + if ( !in_array($level, array(0, 1, 2) ) ) { - $template->header(); - $result = PageUtils::delvote($paths->page_id, $paths->namespace); - echo '

    '.$result.' ' . $lang->get('etc_return_to_page') . '.

    '; - $template->footer(); - break; + die_friendly('Invalid request', '

    Level not specified

    '); } - $template->header(); - ?> -
    - get('page_delvote_warning_stern'); - echo '

    '; - switch($paths->cpage['delvotes']) - { - case 0: echo $lang->get('page_delvote_count_zero'); break; - case 1: echo $lang->get('page_delvote_count_one'); break; - default: echo $lang->get('page_delvote_count_plural', array('delvotes' => $paths->cpage['delvotes'])); break; - } - echo '

    '; - ?> -

    -
    - footer(); - break; - case 'resetvotes': - require_once(ENANO_ROOT.'/includes/pageutils.php'); - if(!$session->get_permissions('vote_reset')) - { - die_friendly($lang->get('etc_access_denied_short'), '

    ' . $lang->get('etc_access_denied') . '

    '); - } - if(isset($_POST['_youmaylivealittlelonger'])) - { - $template->header(); - $result = PageUtils::resetdelvotes($paths->page_id, $paths->namespace); - echo '

    '.$result.' ' . $lang->get('etc_return_to_page') . '.

    '; - $template->footer(); - break; - } + $q = $db->sql_query('UPDATE '.table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $paths->namespace . '\';'); + if ( !$q ) + $db->_die(); + redirect(makeUrl($paths->page), htmlspecialchars($paths->cpage['name']), $lang->get('page_wikimode_success_redirect'), 2); + } + else + { $template->header(); - ?> -
    -

    get('ajax_delvote_reset_confirm'); ?>

    -

    -
    - footer(); - break; - case 'deletepage': - if(!$session->get_permissions('delete_page')) - { - die_friendly($lang->get('etc_access_denied_short'), '

    ' . $lang->get('etc_access_denied') . '

    '); - } - if ( !$session->sid_super ) - { - redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=deletepage&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); - } - - require_once(ENANO_ROOT.'/includes/pageutils.php'); - if(isset($_POST['_adiossucker'])) - { - $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false; - if ( empty($reason) ) - $error = $lang->get('ajax_delete_prompt_reason'); - else - { - $template->header(); - $result = PageUtils::deletepage($paths->page_id, $paths->namespace, $reason); - echo '

    '.$result.' ' . $lang->get('etc_return_to_page') . '.

    '; - $template->footer(); - break; - } - } - $template->header(); - ?> -
    - get('page_delete_warning_stern'); ?> - $error

    "; ?> -

    get('page_delete_lbl_reason'); ?>

    -

    -
    - footer(); - break; - case 'setwikimode': - if(!$session->get_permissions('set_wiki_mode')) - { - die_friendly($lang->get('etc_access_denied_short'), '

    ' . $lang->get('etc_access_denied') . '

    '); - } - if ( isset($_POST['finish']) ) - { - $level = intval($_POST['level']); + if(!isset($_GET['level']) || ( isset($_GET['level']) && !preg_match('#^([0-9])$#', $_GET['level']))) die_friendly('Invalid request', '

    Level not specified

    '); + $level = intval($_GET['level']); if ( !in_array($level, array(0, 1, 2) ) ) { die_friendly('Invalid request', '

    Level not specified

    '); } - $q = $db->sql_query('UPDATE '.table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $paths->namespace . '\';'); - if ( !$q ) - $db->_die(); - redirect(makeUrl($paths->page), htmlspecialchars($paths->cpage['name']), $lang->get('page_wikimode_success_redirect'), 2); - } - else - { - $template->header(); - if(!isset($_GET['level']) || ( isset($_GET['level']) && !preg_match('#^([0-9])$#', $_GET['level']))) die_friendly('Invalid request', '

    Level not specified

    '); - $level = intval($_GET['level']); - if ( !in_array($level, array(0, 1, 2) ) ) - { - die_friendly('Invalid request', '

    Level not specified

    '); - } - echo '
    '; - echo ''; - echo ''; - $level_txt = ( $level == 0 ) ? 'page_wikimode_level_off' : ( ( $level == 1 ) ? 'page_wikimode_level_on' : 'page_wikimode_level_global' ); - $blurb = ( $level == 0 || ( $level == 2 && getConfig('wiki_mode') != '1' ) ) ? 'page_wikimode_blurb_disable' : 'page_wikimode_blurb_enable'; - ?> -

    get('page_wikimode_heading'); ?>

    -

    get($level_txt) . ' ' . $lang->get($blurb); ?>

    -

    get('page_wikimode_warning'); ?>

    -

    - '; - $template->footer(); - } + echo ''; + echo ''; + echo ''; + $level_txt = ( $level == 0 ) ? 'page_wikimode_level_off' : ( ( $level == 1 ) ? 'page_wikimode_level_on' : 'page_wikimode_level_global' ); + $blurb = ( $level == 0 || ( $level == 2 && getConfig('wiki_mode') != '1' ) ) ? 'page_wikimode_blurb_disable' : 'page_wikimode_blurb_enable'; + ?> +

    get('page_wikimode_heading'); ?>

    +

    get($level_txt) . ' ' . $lang->get($blurb); ?>

    +

    get('page_wikimode_warning'); ?>

    +

    + '; + $template->footer(); + } + break; + case 'diff': + require_once(ENANO_ROOT.'/includes/pageutils.php'); + require_once(ENANO_ROOT.'/includes/diff.php'); + $template->header(); + $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false; + $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false; + if ( !$id1 || !$id2 ) + { + echo '

    Invalid request.

    '; + $template->footer(); break; - case 'diff': - require_once(ENANO_ROOT.'/includes/pageutils.php'); - require_once(ENANO_ROOT.'/includes/diff.php'); - $template->header(); - $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false; - $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false; - if ( !$id1 || !$id2 ) - { - echo '

    Invalid request.

    '; - $template->footer(); - break; - } - if ( !ctype_digit($_GET['diff1']) || !ctype_digit($_GET['diff1']) ) - { - echo '

    SQL injection attempt

    '; - $template->footer(); - break; - } - echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2); + } + if ( !ctype_digit($_GET['diff1']) || !ctype_digit($_GET['diff1']) ) + { + echo '

    SQL injection attempt

    '; $template->footer(); break; - case 'detag': - if ( $session->user_level < USER_LEVEL_ADMIN ) - { - die_friendly($lang->get('etc_access_denied_short'), '

    ' . $lang->get('etc_access_denied') . '

    '); - } - if ( $paths->page_exists ) - { - die_friendly($lang->get('etc_invalid_request_short'), '

    ' . $lang->get('page_detag_err_page_exists') . '

    '); - } - $q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $paths->namespace . '\';'); - if ( !$q ) - $db->_die('Detag query, index.php:'.__LINE__); - die_friendly($lang->get('page_detag_success_title'), '

    ' . $lang->get('page_detag_success_body') . '

    '); - break; - case 'aclmanager': - if ( !$session->sid_super ) - { - redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=aclmanager&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); - } - - require_once(ENANO_ROOT.'/includes/pageutils.php'); - $data = ( isset($_POST['data']) ) ? $_POST['data'] : Array('mode' => 'listgroups'); - PageUtils::aclmanager($data); - break; - case 'sql_report': - $rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 ); - $page = new PageProcessor( $paths->page_id, $paths->namespace, $rev_id ); - $page->send_headers = true; - $pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : ''; - $page->password = $pagepass; - $page->send(true); - ob_end_clean(); - ob_start(); - $db->sql_report(); - break; + } + echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2); + $template->footer(); + break; + case 'detag': + if ( $session->user_level < USER_LEVEL_ADMIN ) + { + die_friendly($lang->get('etc_access_denied_short'), '

    ' . $lang->get('etc_access_denied') . '

    '); + } + if ( $paths->page_exists ) + { + die_friendly($lang->get('etc_invalid_request_short'), '

    ' . $lang->get('page_detag_err_page_exists') . '

    '); + } + $q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $paths->namespace . '\';'); + if ( !$q ) + $db->_die('Detag query, index.php:'.__LINE__); + die_friendly($lang->get('page_detag_success_title'), '

    ' . $lang->get('page_detag_success_body') . '

    '); + break; + case 'aclmanager': + if ( !$session->sid_super ) + { + redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=aclmanager&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); + } + + require_once(ENANO_ROOT.'/includes/pageutils.php'); + $data = ( isset($_POST['data']) ) ? $_POST['data'] : Array('mode' => 'listgroups'); + PageUtils::aclmanager($data); + break; + case 'sql_report': + $rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 ); + $page = new PageProcessor( $paths->page_id, $paths->namespace, $rev_id ); + $page->send_headers = true; + $pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : ''; + $page->password = $pagepass; + $page->send(true); + ob_end_clean(); + ob_start(); + $db->sql_report(); + break; +} + +// Generate an ETag +/* +// format: first 10 digits of SHA1 of page name, user id in hex, user and auth levels, page timestamp in hex +$etag = substr(sha1($paths->namespace . ':' . $paths->page_id), 0, 10) . '-' . + "u{$session->user_id}l{$session->user_level}a{$session->auth_level}-" . + dechex($page_timestamp); + +if ( isset($_SERVER['HTTP_IF_NONE_MATCH']) ) +{ + if ( "\"$etag\"" == $_SERVER['HTTP_IF_NONE_MATCH'] ) + { + header('HTTP/1.1 304 Not Modified'); + exit(); } - - // Generate an ETag - /* - // format: first 10 digits of SHA1 of page name, user id in hex, user and auth levels, page timestamp in hex - $etag = substr(sha1($paths->namespace . ':' . $paths->page_id), 0, 10) . '-' . - "u{$session->user_id}l{$session->user_level}a{$session->auth_level}-" . - dechex($page_timestamp); +} - if ( isset($_SERVER['HTTP_IF_NONE_MATCH']) ) - { - if ( "\"$etag\"" == $_SERVER['HTTP_IF_NONE_MATCH'] ) - { - header('HTTP/1.1 304 Not Modified'); - exit(); - } - } - - header("ETag: \"$etag\""); - */ - - $db->close(); - gzip_output(); - - @ob_end_flush(); +header("ETag: \"$etag\""); +*/ + +$db->close(); +gzip_output(); + +@ob_end_flush(); ?>