diff -r 990ccfb20120 -r f5718d7c2a6a plugins/SpecialPageFuncs.php --- a/plugins/SpecialPageFuncs.php Thu Feb 14 21:57:04 2008 -0500 +++ b/plugins/SpecialPageFuncs.php Sun Feb 17 20:19:17 2008 -0500 @@ -10,7 +10,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.1 + * Version 1.1.2 (Caoineag alpha 2) * Copyright (C) 2006-2007 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License @@ -74,6 +74,183 @@ global $db, $session, $paths, $template, $plugins; // Common objects global $lang; + $whitelist_ns = array('Article', 'User', 'Help', 'Template', 'Category', 'Project'); + $code = $plugins->setHook('page_create_ns_whitelist'); + foreach ( $code as $cmd ) + { + eval($cmd); + } + + $errors = array(); + + switch ( isset($_POST['page_title']) ) + { + case true: + // "Create page" was clicked + + // + // VALIDATION CODE + // + + // Check namespace + $namespace = ( isset($_POST['namespace']) ) ? $_POST['namespace'] : 'Article'; + if ( !in_array($namespace, $whitelist_ns) ) + { + $errors[] = $lang->get('pagetools_create_err_invalid_namespace'); + } + + // Check title and figure out urlname + $title = $_POST['page_title']; + $urlname = $_POST['page_title']; + if ( @$_POST['custom_url'] === 'yes' && isset($_POST['urlname']) ) + { + $urlname = $_POST['urlname']; + } + $urlname = sanitize_page_id($urlname); + if ( $urlname == '.00' || empty($urlname) ) + { + $errors[] = $lang->get('pagetools_create_err_invalid_urlname'); + } + + // Validate page existence + $pathskey = $paths->nslist[$namespace] . $urlname; + if ( isPage($pathskey) ) + { + $errors[] = $lang->get('pagetools_create_err_already_exists'); + } + + // Validate permissions + $perms = $session->fetch_page_acl($urlname, $namespace); + if ( !$perms->get_permissions('create_page') ) + { + $errors[] = $lang->get('pagetools_create_err_no_permission'); + } + + // Run hooks + $code = $plugins->setHook('page_create_request'); + foreach ( $code as $cmd ) + { + eval($cmd); + } + + // Create the page + if ( count($errors) < 1 ) + { + $page = new PageProcessor($urlname, $namespace); + $page->create_page($title); + if ( $error = $page->pop_error() ) + { + do + { + $errors[] = $error; + } + while ( $error = $page->pop_error() ); + } + else + { + redirect(makeUrlNS($namespace, $urlname) . '#do:edit', '', '', 0); + return true; + } + } + + break; + } + + $template->header(); + + echo $lang->get('pagetools_create_blurb'); + + if ( count($errors) > 0 ) + { + echo '
'; + echo $lang->get('pagetools_create_field_title'); + echo ' '; + echo '
'; + + echo ''; + echo $lang->get('pagetools_create_field_namespace'); + echo ' '; + echo '
'; + + echo ''; + + echo ''; + echo ''; + echo '
'; + + echo ''; + + echo ''; + + $template->footer(); +} + +function page_Special_CreatePage_Old() +{ + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + if ( isset($_POST['do']) ) { $p = $_POST['pagename'];