author | Dan |
Tue, 26 Jun 2007 21:03:02 -0400 | |
changeset 23 | 320acf077276 |
parent 15 | ad5986a53197 |
child 28 | dd2edcdc6c03 |
permissions | -rw-r--r-- |
1 | 1 |
/* |
2 |
* AJAX applets |
|
3 |
*/ |
|
4 |
||
5 |
function ajaxGet(uri, f) { |
|
6 |
if (window.XMLHttpRequest) { |
|
7 |
ajax = new XMLHttpRequest(); |
|
8 |
} else { |
|
9 |
if (window.ActiveXObject) { |
|
10 |
ajax = new ActiveXObject("Microsoft.XMLHTTP"); |
|
11 |
} else { |
|
12 |
alert('Enano client-side runtime error: No AJAX support, unable to continue'); |
|
13 |
return; |
|
14 |
} |
|
15 |
} |
|
16 |
ajax.onreadystatechange = f; |
|
17 |
ajax.open('GET', uri, true); |
|
18 |
ajax.setRequestHeader( "If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT" ); |
|
19 |
ajax.send(null); |
|
20 |
} |
|
21 |
||
22 |
function ajaxPost(uri, parms, f) { |
|
23 |
if (window.XMLHttpRequest) { |
|
24 |
ajax = new XMLHttpRequest(); |
|
25 |
} else { |
|
26 |
if (window.ActiveXObject) { |
|
27 |
ajax = new ActiveXObject("Microsoft.XMLHTTP"); |
|
28 |
} else { |
|
29 |
alert('Enano client-side runtime error: No AJAX support, unable to continue'); |
|
30 |
return; |
|
31 |
} |
|
32 |
} |
|
33 |
ajax.onreadystatechange = f; |
|
34 |
ajax.open('POST', uri, true); |
|
35 |
ajax.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); |
|
36 |
ajax.setRequestHeader("Content-length", parms.length); |
|
37 |
ajax.setRequestHeader("Connection", "close"); |
|
38 |
ajax.send(parms); |
|
39 |
} |
|
40 |
||
41 |
function ajaxEscape(text) |
|
42 |
{ |
|
43 |
text = escape(text); |
|
44 |
text = text.replace(/\+/g, '%2B', text); |
|
45 |
return text; |
|
46 |
} |
|
47 |
||
48 |
// Page editor |
|
49 |
||
50 |
function ajaxEditor() { |
|
51 |
setAjaxLoading(); |
|
52 |
ajaxGet(stdAjaxPrefix+'&_mode=getsource', function() { |
|
53 |
if(ajax.readyState == 4) { |
|
54 |
unsetAjaxLoading(); |
|
55 |
if(edit_open) { |
|
56 |
c=confirm('Do you really want to revert your changes?'); |
|
57 |
if(!c) return; |
|
58 |
} |
|
59 |
edit_open = true; |
|
60 |
selectButtonMajor('article'); |
|
61 |
selectButtonMinor('edit'); |
|
62 |
if(in_array('ajaxEditArea', grippied_textareas)) |
|
63 |
{ |
|
64 |
// Allow the textarea grippifier to re-create the resizer control on the textarea |
|
65 |
grippied_textareas.pop(in_array('ajaxEditArea', grippied_textareas)); |
|
66 |
} |
|
67 |
disableUnload('If you do, any changes that you have made to this page will be lost.'); |
|
68 |
var switcher = ( readCookie('enano_editor_mode') == 'tinymce' ) ? |
|
69 |
'<a href="#" onclick="setEditorText(); return false;">wikitext editor</a> | graphical editor' : |
|
70 |
'wikitext editor | <a href="#" onclick="setEditorMCE(); return false;">graphical editor</a>' ; |
|
71 |
document.getElementById('ajaxEditContainer').innerHTML = '\ |
|
72 |
<div id="mdgPreviewContainer"></div> \ |
|
73 |
<span id="switcher">' + switcher + '</span><br />\ |
|
74 |
<form name="mdgAjaxEditor" method="get" action="#" onsubmit="ajaxSavePage(); return false;">\ |
|
75 |
<textarea id="ajaxEditArea" rows="20" cols="60" style="display: block; margin: 1em 0 1em 1em; width: 96.5%;">'+ajax.responseText+'</textarea><br />\ |
|
76 |
Edit summary: <input id="ajaxEditSummary" size="40" /><br />\ |
|
77 |
<input id="ajaxEditMinor" name="minor" type="checkbox" /> <label for="ajaxEditMinor">This is a minor edit</label><br />\ |
|
78 |
<a href="#" onclick="void(ajaxSavePage()); return false;">save changes</a> | <a href="#" onclick="void(ajaxShowPreview()); return false;">preview changes</a> | <a href="#" onclick="void(ajaxEditor()); return false;">revert changes</a> | <a href="#" onclick="void(ajaxDiscard()); return false;">discard changes</a> | <a href="#" onclick="ajaxWikiEditHelp(); return false;">formatting help</a>\ |
|
79 |
<br />\ |
|
80 |
'+editNotice+'\ |
|
81 |
</form>'; |
|
82 |
// initTextareas(); |
|
83 |
if(readCookie('enano_editor_mode') == 'tinymce') |
|
84 |
{ |
|
85 |
$('ajaxEditArea').switchToMCE(); |
|
86 |
} |
|
87 |
} |
|
88 |
}); |
|
89 |
} |
|
90 |
||
91 |
function setEditorMCE() |
|
92 |
{ |
|
93 |
$('ajaxEditArea').switchToMCE(); |
|
94 |
createCookie('enano_editor_mode', 'tinymce', 365); |
|
95 |
$('switcher').object.innerHTML = '<a href="#" onclick="setEditorText(); return false;">wikitext editor</a> | graphical editor'; |
|
96 |
} |
|
97 |
||
98 |
function setEditorText() |
|
99 |
{ |
|
100 |
$('ajaxEditArea').destroyMCE(); |
|
101 |
createCookie('enano_editor_mode', 'text', 365); |
|
102 |
$('switcher').object.innerHTML = 'wikitext editor | <a href="#" onclick="setEditorMCE(); return false;">graphical editor</a>'; |
|
103 |
} |
|
104 |
||
105 |
function ajaxViewSource() { |
|
106 |
setAjaxLoading(); |
|
107 |
ajaxGet(stdAjaxPrefix+'&_mode=getsource', function() { |
|
108 |
if(ajax.readyState == 4) { |
|
109 |
unsetAjaxLoading(); |
|
110 |
if(edit_open) { |
|
111 |
c=confirm('Do you really want to revert your changes?'); |
|
112 |
if(!c) return; |
|
113 |
} |
|
114 |
edit_open = true; |
|
115 |
selectButtonMajor('article'); |
|
116 |
selectButtonMinor('edit'); |
|
117 |
if(in_array('ajaxEditArea', grippied_textareas)) |
|
118 |
{ |
|
119 |
// Allow the textarea grippifier to re-create the resizer control on the textarea |
|
120 |
grippied_textareas.pop(in_array('ajaxEditArea', grippied_textareas)); |
|
121 |
} |
|
122 |
document.getElementById('ajaxEditContainer').innerHTML = '\ |
|
123 |
<form method="get" action="#" onsubmit="ajaxSavePage(); return false;">\ |
|
124 |
<textarea readonly="readonly" id="ajaxEditArea" rows="20" cols="60" style="display: block; margin: 1em 0 1em 1em; width: 96.5%;">'+ajax.responseText+'</textarea><br />\ |
|
125 |
<a href="#" onclick="void(ajaxReset()); return false;">close viewer</a>\ |
|
126 |
</form>'; |
|
127 |
initTextareas(); |
|
128 |
} |
|
129 |
}); |
|
130 |
} |
|
131 |
||
132 |
function ajaxShowPreview() |
|
133 |
{ |
|
134 |
goBusy('Loading preview...'); |
|
135 |
var text = ajaxEscape($('ajaxEditArea').getContent()); |
|
136 |
if(document.mdgAjaxEditor.minor.checked) minor='&minor'; |
|
137 |
else minor=''; |
|
138 |
ajaxPost(stdAjaxPrefix+'&_mode=preview', 'summary='+document.getElementById('ajaxEditSummary').value+minor+'&text='+text, function() { |
|
139 |
if(ajax.readyState == 4) { |
|
140 |
unBusy(); |
|
141 |
edit_open = false; |
|
142 |
document.getElementById('mdgPreviewContainer').innerHTML = ajax.responseText; |
|
143 |
} |
|
144 |
}); |
|
145 |
} |
|
146 |
||
147 |
function ajaxSavePage() { |
|
148 |
goBusy('Saving page...'); |
|
149 |
var text = ajaxEscape($('ajaxEditArea').getContent()); |
|
150 |
if(document.mdgAjaxEditor.minor.checked) minor='&minor'; |
|
151 |
else minor=''; |
|
152 |
ajaxPost(stdAjaxPrefix+'&_mode=savepage', 'summary='+document.getElementById('ajaxEditSummary').value+minor+'&text='+text, function() { |
|
153 |
if(ajax.readyState == 4) { |
|
154 |
unBusy(); |
|
155 |
edit_open = false; |
|
156 |
document.getElementById('ajaxEditContainer').innerHTML = ajax.responseText; |
|
157 |
enableUnload(); |
|
158 |
unselectAllButtonsMinor(); |
|
159 |
} |
|
160 |
}); |
|
161 |
} |
|
162 |
||
163 |
function ajaxDiscard() { |
|
164 |
c = confirm('Do you really want to discard your changes?'); |
|
165 |
if(!c) return; |
|
166 |
ajaxReset(); |
|
167 |
} |
|
168 |
||
169 |
function ajaxReset() { |
|
170 |
enableUnload(); |
|
171 |
setAjaxLoading(); |
|
172 |
ajaxGet(stdAjaxPrefix+'&_mode=getpage&noheaders', function() { |
|
173 |
if(ajax.readyState == 4) { |
|
174 |
unsetAjaxLoading(); |
|
175 |
edit_open = false; |
|
176 |
document.getElementById('ajaxEditContainer').innerHTML = ajax.responseText; |
|
177 |
selectButtonMajor('article'); |
|
178 |
unselectAllButtonsMinor(); |
|
179 |
} |
|
180 |
}); |
|
181 |
} |
|
182 |
||
183 |
// Miscellaneous AJAX applets |
|
184 |
||
185 |
function ajaxProtect(l) { |
|
186 |
if(shift) { |
|
187 |
r = 'NO_REASON'; |
|
188 |
} else { |
|
189 |
r = prompt('Reason for (un)protecting:'); |
|
190 |
if(!r || r=='') return; |
|
191 |
} |
|
192 |
setAjaxLoading(); |
|
193 |
document.getElementById('protbtn_0').style.textDecoration = 'none'; |
|
194 |
document.getElementById('protbtn_1').style.textDecoration = 'none'; |
|
195 |
document.getElementById('protbtn_2').style.textDecoration = 'none'; |
|
196 |
document.getElementById('protbtn_'+l).style.textDecoration = 'underline'; |
|
197 |
ajaxPost(stdAjaxPrefix+'&_mode=protect', 'reason='+escape(r)+'&level='+l, function() { |
|
198 |
if(ajax.readyState == 4) { |
|
199 |
unsetAjaxLoading(); |
|
200 |
if(ajax.responseText != 'good') |
|
201 |
alert(ajax.responseText); |
|
202 |
} |
|
203 |
}); |
|
204 |
} |
|
205 |
||
206 |
function ajaxRename() { |
|
207 |
r = prompt('What title should this page be renamed to?\nNote: This does not and will never change the URL of this page, that must be done from the admin panel.'); |
|
208 |
if(!r || r=='') return; |
|
209 |
setAjaxLoading(); |
|
210 |
ajaxPost(stdAjaxPrefix+'&_mode=rename', 'newtitle='+escape(r), function() { |
|
211 |
if(ajax.readyState == 4) { |
|
212 |
unsetAjaxLoading(); |
|
213 |
alert(ajax.responseText); |
|
214 |
} |
|
215 |
}); |
|
216 |
} |
|
217 |
||
218 |
function ajaxMakePage() { |
|
219 |
setAjaxLoading(); |
|
220 |
ajaxPost(ENANO_SPECIAL_CREATEPAGE, ENANO_CREATEPAGE_PARAMS, function() { |
|
221 |
if(ajax.readyState == 4) { |
|
222 |
unsetAjaxLoading(); |
|
223 |
window.location.reload(); |
|
224 |
} |
|
225 |
}); |
|
226 |
} |
|
227 |
||
228 |
function ajaxDeletePage() { |
|
229 |
c = confirm('You are about to DESTROY this page. Do you REALLY want to do this?'); |
|
230 |
if(!c) return; |
|
231 |
c = confirm('You\'re ABSOLUTELY sure???'); |
|
232 |
if(!c) return; |
|
233 |
setAjaxLoading(); |
|
234 |
ajaxGet(stdAjaxPrefix+'&_mode=deletepage', function() { |
|
235 |
if(ajax.readyState == 4) { |
|
236 |
unsetAjaxLoading(); |
|
237 |
alert(ajax.responseText); |
|
238 |
window.location.reload(); |
|
239 |
} |
|
240 |
}); |
|
241 |
} |
|
242 |
||
243 |
function ajaxDelVote() { |
|
244 |
c = confirm('Are you sure that you want to vote that this page be deleted?'); |
|
245 |
if(!c) return; |
|
246 |
setAjaxLoading(); |
|
247 |
ajaxGet(stdAjaxPrefix+'&_mode=delvote', function() { |
|
248 |
if(ajax.readyState == 4) { |
|
249 |
unsetAjaxLoading(); |
|
250 |
alert(ajax.responseText); |
|
251 |
} |
|
252 |
}); |
|
253 |
} |
|
254 |
||
255 |
function ajaxResetDelVotes() { |
|
256 |
c = confirm('This will reset the number of votes against this page to zero. Do you really want to do this?'); |
|
257 |
if(!c) return; |
|
258 |
setAjaxLoading(); |
|
259 |
ajaxGet(stdAjaxPrefix+'&_mode=resetdelvotes', function() { |
|
260 |
if(ajax.readyState == 4) { |
|
261 |
unsetAjaxLoading(); |
|
262 |
alert(ajax.responseText); |
|
263 |
item = document.getElementById('mdgDeleteVoteNoticeBox'); |
|
264 |
if(item) |
|
265 |
{ |
|
266 |
opacity('mdgDeleteVoteNoticeBox', 100, 0, 1000); |
|
267 |
setTimeout("document.getElementById('mdgDeleteVoteNoticeBox').style.display = 'none';", 1000); |
|
268 |
} |
|
269 |
} |
|
270 |
}); |
|
271 |
} |
|
272 |
||
273 |
function ajaxSetWikiMode(val) { |
|
274 |
setAjaxLoading(); |
|
275 |
document.getElementById('wikibtn_0').style.textDecoration = 'none'; |
|
276 |
document.getElementById('wikibtn_1').style.textDecoration = 'none'; |
|
277 |
document.getElementById('wikibtn_2').style.textDecoration = 'none'; |
|
278 |
document.getElementById('wikibtn_'+val).style.textDecoration = 'underline'; |
|
279 |
ajaxGet(stdAjaxPrefix+'&_mode=setwikimode&mode='+val, function() { |
|
280 |
if(ajax.readyState == 4) { |
|
281 |
unsetAjaxLoading(); |
|
282 |
if(ajax.responseText!='GOOD') |
|
283 |
{ |
|
284 |
alert(ajax.responseText); |
|
285 |
} |
|
286 |
} |
|
287 |
}); |
|
288 |
} |
|
289 |
||
290 |
// Editing/saving category information |
|
291 |
// This was not easy to write, I hope enjoy it, and dang I swear I'm gonna |
|
292 |
// find someone to work on just the Javascript part of Enano... |
|
293 |
||
294 |
function ajaxCatEdit() { |
|
295 |
setAjaxLoading(); |
|
296 |
ajaxGet(stdAjaxPrefix+'&_mode=catedit', function() { |
|
297 |
if(ajax.readyState == 4) { |
|
298 |
unsetAjaxLoading(); |
|
299 |
edit_open = false; |
|
300 |
eval(ajax.responseText); |
|
301 |
} |
|
302 |
}); |
|
303 |
} |
|
304 |
||
305 |
function ajaxCatSave() |
|
306 |
{ |
|
307 |
if(!catlist) |
|
308 |
{ |
|
309 |
alert('Var catlist has no properties'); |
|
310 |
return; |
|
311 |
} |
|
312 |
query=''; |
|
313 |
for(i=0;i<catlist.length;i++) |
|
314 |
{ |
|
315 |
l = 'if(document.forms.mdgCatForm.mdgCat_'+catlist[i]+'.checked) s = true; else s = false;'; |
|
316 |
eval(l); |
|
317 |
if(s) query = query + '&' + catlist[i] + '=true'; |
|
318 |
} |
|
319 |
setAjaxLoading(); |
|
320 |
query = query.substring(1, query.length); |
|
321 |
ajaxPost(stdAjaxPrefix+'&_mode=catsave', query, function() { |
|
322 |
if(ajax.readyState == 4) { |
|
323 |
unsetAjaxLoading(); |
|
324 |
edit_open = false; |
|
325 |
if(ajax.responseText != 'GOOD') alert(ajax.responseText); |
|
326 |
ajaxReset(); |
|
327 |
} |
|
328 |
}); |
|
329 |
} |
|
330 |
||
331 |
// History stuff |
|
332 |
||
333 |
function ajaxHistory() { |
|
334 |
setAjaxLoading(); |
|
335 |
ajaxGet(stdAjaxPrefix+'&_mode=histlist', function() { |
|
336 |
if(ajax.readyState == 4) { |
|
337 |
unsetAjaxLoading(); |
|
338 |
edit_open = false; |
|
339 |
selectButtonMajor('article'); |
|
340 |
selectButtonMinor('history'); |
|
341 |
document.getElementById('ajaxEditContainer').innerHTML = ajax.responseText; |
|
342 |
buildDiffList(); |
|
343 |
} |
|
344 |
}); |
|
345 |
} |
|
346 |
||
347 |
function ajaxHistView(oldid, tit) { |
|
348 |
if(!tit) tit=title; |
|
349 |
setAjaxLoading(); |
|
350 |
ajaxGet(append_sid(scriptPath+'/ajax.php?title='+tit+'&_mode=getpage&oldid='+oldid), function() { |
|
351 |
if(ajax.readyState == 4) { |
|
352 |
unsetAjaxLoading(); |
|
353 |
edit_open = false; |
|
354 |
document.getElementById('ajaxEditContainer').innerHTML = ajax.responseText; |
|
355 |
} |
|
356 |
}); |
|
357 |
} |
|
358 |
||
359 |
function ajaxRollback(id) { |
|
360 |
setAjaxLoading(); |
|
361 |
ajaxGet(stdAjaxPrefix+'&_mode=rollback&id='+id, function() { |
|
362 |
if(ajax.readyState == 4) { |
|
363 |
unsetAjaxLoading(); |
|
364 |
alert(ajax.responseText); |
|
365 |
} |
|
366 |
}); |
|
367 |
} |
|
368 |
||
369 |
function ajaxClearLogs() { |
|
370 |
c = confirm('You are about to DESTROY all log entries for this page. As opposed to (example) deleting this page, this action is completely IRREVERSIBLE and should not be used except in dire circumstances. Do you REALLY want to do this?'); |
|
371 |
if(!c) return; |
|
372 |
c = confirm('You\'re ABSOLUTELY sure???'); |
|
373 |
if(!c) return; |
|
374 |
setAjaxLoading(); |
|
375 |
ajaxGet(stdAjaxPrefix+'&_mode=flushlogs', function() { |
|
376 |
if(ajax.readyState == 4) { |
|
377 |
unsetAjaxLoading(); |
|
378 |
alert(ajax.responseText); |
|
379 |
window.location.reload(); |
|
380 |
} |
|
381 |
}); |
|
382 |
} |
|
383 |
||
384 |
var timelist; |
|
385 |
||
386 |
function buildDiffList() |
|
387 |
{ |
|
388 |
arrDiff1Buttons = getElementsByClassName(document, 'input', 'clsDiff1Radio'); |
|
389 |
arrDiff2Buttons = getElementsByClassName(document, 'input', 'clsDiff2Radio'); |
|
390 |
var len = arrDiff1Buttons.length; |
|
391 |
if ( len < 1 ) |
|
392 |
return false; |
|
393 |
timelist = new Array(); |
|
394 |
for ( var i = 0; i < len; i++ ) |
|
395 |
{ |
|
396 |
timelist.push( arrDiff2Buttons[i].id.substr(6) ); |
|
397 |
} |
|
398 |
timelist.push( arrDiff1Buttons[len-1].id.substr(6) ); |
|
399 |
delete(timelist.toJSONString); |
|
400 |
for ( var i = 1; i < timelist.length-1; i++ ) |
|
401 |
{ |
|
402 |
if ( i >= timelist.length ) break; |
|
403 |
arrDiff2Buttons[i].style.display = 'none'; |
|
404 |
} |
|
405 |
} |
|
406 |
||
407 |
function selectDiff1Button(obj) |
|
408 |
{ |
|
409 |
var this_time = obj.id.substr(6); |
|
410 |
var index = parseInt(in_array(this_time, timelist)); |
|
411 |
for ( var i = 0; i < timelist.length - 1; i++ ) |
|
412 |
{ |
|
413 |
if ( i < timelist.length - 1 ) |
|
414 |
{ |
|
415 |
var state = ( i < index ) ? 'inline' : 'none'; |
|
416 |
var id = 'diff2_' + timelist[i]; |
|
417 |
document.getElementById(id).style.display = state; |
|
418 |
||
419 |
// alert("Debug:\nIndex: "+index+"\nState: "+state+"\ni: "+i); |
|
420 |
} |
|
421 |
} |
|
422 |
} |
|
423 |
||
424 |
function selectDiff2Button(obj) |
|
425 |
{ |
|
426 |
var this_time = obj.id.substr(6); |
|
427 |
var index = parseInt(in_array(this_time, timelist)); |
|
428 |
for ( var i = 1; i < timelist.length; i++ ) |
|
429 |
{ |
|
430 |
if ( i < timelist.length - 1 ) |
|
431 |
{ |
|
432 |
var state = ( i > index ) ? 'inline' : 'none'; |
|
433 |
var id = 'diff1_' + timelist[i]; |
|
434 |
document.getElementById(id).style.display = state; |
|
435 |
||
436 |
// alert("Debug:\nIndex: "+index+"\nState: "+state+"\ni: "+i); |
|
437 |
} |
|
438 |
} |
|
439 |
} |
|
440 |
||
441 |
function ajaxHistDiff() |
|
442 |
{ |
|
443 |
var id1=false; |
|
444 |
var id2=false; |
|
445 |
for ( i = 0; i < arrDiff1Buttons.length; i++ ) |
|
446 |
{ |
|
447 |
k = i + ''; |
|
448 |
kpp = i + 1; |
|
449 |
kpp = kpp + ''; |
|
450 |
if(arrDiff1Buttons[k].checked) id1 = arrDiff1Buttons[k].id.substr(6); |
|
451 |
if(arrDiff2Buttons[k].checked) id2 = arrDiff2Buttons[k].id.substr(6); |
|
452 |
} |
|
453 |
if(!id1 || !id2) { alert('BUG: Couldn\'t get checked radiobutton state'); return; } |
|
454 |
setAjaxLoading(); |
|
455 |
ajaxGet(stdAjaxPrefix+'&_mode=pagediff&diff1='+id1+'&diff2='+id2, function() |
|
456 |
{ |
|
457 |
if(ajax.readyState==4) |
|
458 |
{ |
|
459 |
unsetAjaxLoading(); |
|
460 |
document.getElementById('ajaxEditContainer').innerHTML = ajax.responseText; |
|
461 |
} |
|
462 |
}); |
|
463 |
} |
|
464 |
||
465 |
// Change the user's preferred style/theme |
|
466 |
||
467 |
function ajaxChangeStyle() |
|
468 |
{ |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
11
diff
changeset
|
469 |
var inner_html = ''; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
11
diff
changeset
|
470 |
inner_html += ''; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
11
diff
changeset
|
471 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
11
diff
changeset
|
472 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
11
diff
changeset
|
473 |
/* |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
11
diff
changeset
|
474 |
function ajaxChangeStyle() |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
11
diff
changeset
|
475 |
{ |
1 | 476 |
var win = document.getElementById("cn2"); |
477 |
win.innerHTML = ' \ |
|
478 |
<form action="'+ENANO_SPECIAL_CHANGESTYLE+'" onsubmit="jws.closeWin(\'root2\');" method="post" style="text-align: center"> \ |
|
479 |
<h3>Select a theme...</h3>\ |
|
480 |
<select id="mdgThemeID" name="theme" onchange="ajaxGetStyles(this.value);"> \ |
|
481 |
'+ENANO_THEME_LIST+' \ |
|
482 |
</select> \ |
|
483 |
<div id="styleSelector"></div>\ |
|
484 |
<br /><br />\ |
|
485 |
<input type="hidden" name="return_to" value="'+title+'" />\ |
|
486 |
<input id="styleSubmitter" type="submit" style="display: none; font-weight: bold" value="Change theme" /> \ |
|
487 |
<input type="button" value="Cancel" onclick="jws.closeWin(\'root2\');" /> \ |
|
488 |
</form> \ |
|
489 |
'; |
|
490 |
ajaxGetStyles(ENANO_CURRENT_THEME); |
|
491 |
jws.openWin('root2', 340, 300); |
|
492 |
} |
|
493 |
||
494 |
function ajaxGetStyles(id) { |
|
495 |
setAjaxLoading(); |
|
496 |
ajaxGet(stdAjaxPrefix+'&_mode=getstyles&id='+id, function() { |
|
497 |
if(ajax.readyState == 4) { |
|
498 |
unsetAjaxLoading(); |
|
499 |
eval(ajax.responseText); |
|
500 |
html = '<h3>And a style...</h3><select id="mdgStyleID" name="style">'; |
|
501 |
for(i=0;i<list.length;i++) { |
|
502 |
lname = list[i].substr(0, 1).toUpperCase() + list[i].substr(1, list[i].length); |
|
503 |
html = html + '<option value="'+list[i]+'">'+lname+'</option>'; |
|
504 |
} |
|
505 |
html = html + '</select>'; |
|
506 |
document.getElementById('styleSelector').innerHTML = html; |
|
507 |
document.getElementById('styleSubmitter').style.display = 'inline'; |
|
508 |
} |
|
509 |
}); |
|
510 |
} |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
11
diff
changeset
|
511 |
*/ |
1 | 512 |
|
513 |
function ajaxSwapCSS() { |
|
514 |
setAjaxLoading(); |
|
515 |
if(_css) { |
|
516 |
document.getElementById('mdgCss').href = main_css; |
|
517 |
_css = false; |
|
518 |
} else { |
|
519 |
document.getElementById('mdgCss').href = print_css; |
|
520 |
_css = true; |
|
521 |
} |
|
522 |
unsetAjaxLoading(); |
|
523 |
menuOff(); |
|
524 |
} |
|
525 |
||
526 |
function ajaxSetPassword() |
|
527 |
{ |
|
528 |
pass = hex_sha1(document.getElementById('mdgPassSetField').value); |
|
529 |
setAjaxLoading(); |
|
530 |
ajaxPost(stdAjaxPrefix+'&_mode=setpass', 'password='+pass, function() |
|
531 |
{ |
|
532 |
unsetAjaxLoading(); |
|
533 |
if(ajax.readyState==4) |
|
534 |
{ |
|
535 |
alert(ajax.responseText); |
|
536 |
} |
|
537 |
} |
|
538 |
); |
|
539 |
} |
|
540 |
||
541 |
function ajaxWikiEditHelp() |
|
542 |
{ |
|
543 |
jws.openWin('root3', 640, 480); |
|
544 |
setAjaxLoading(); |
|
545 |
ajaxGet(stdAjaxPrefix+'&_mode=wikihelp', function() { |
|
546 |
if(ajax.readyState==4) |
|
547 |
{ |
|
548 |
unsetAjaxLoading(); |
|
549 |
document.getElementById('cn3').innerHTML = ajax.responseText; |
|
550 |
} |
|
551 |
}); |
|
552 |
} |
|
553 |
||
554 |
function ajaxStartLogin() |
|
555 |
{ |
|
556 |
ajaxPromptAdminAuth(function(k) { |
|
557 |
window.location.reload(); |
|
558 |
}, 2); |
|
559 |
} |
|
560 |
||
561 |
function ajaxAdminPage() |
|
562 |
{ |
|
563 |
if ( auth_level < USER_LEVEL_ADMIN ) |
|
564 |
{ |
|
565 |
ajaxPromptAdminAuth(function(k) { |
|
566 |
ENANO_SID = k; |
|
567 |
auth_level = USER_LEVEL_ADMIN; |
|
568 |
var loc = String(window.location + ''); |
|
569 |
window.location = append_sid(loc); |
|
570 |
var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'PageManager&source=ajax&page_id=' + ajaxEscape(title)); |
|
571 |
if ( (ENANO_SID + ' ').length > 1 ) |
|
572 |
window.location = loc; |
|
573 |
}, 9); |
|
574 |
return false; |
|
575 |
} |
|
576 |
var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'PageManager&source=ajax&page_id=' + ajaxEscape(title)); |
|
577 |
window.location = loc; |
|
578 |
} |
|
579 |
||
11
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
580 |
function ajaxDisableEmbeddedPHP() |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
581 |
{ |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
582 |
if ( !confirm('Are you really sure you want to do this? Some pages might not function if this emergency-only feature is activated.') ) |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
583 |
return false; |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
584 |
var $killdiv = $dynano('php_killer'); |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
585 |
if ( !$killdiv.object ) |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
586 |
{ |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
587 |
alert('Can\'t get kill div object'); |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
588 |
return false; |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
589 |
} |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
590 |
$killdiv.object.innerHTML = '<img alt="Loading..." src="' + scriptPath + '/images/loading-big.gif" /><br />Making request...'; |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
591 |
var url = makeUrlNS('Admin', 'Home', 'src=ajax'); |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
592 |
ajaxPost(url, 'act=kill_php', function() { |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
593 |
if ( ajax.readyState == 4 ) |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
594 |
{ |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
595 |
if ( ajax.responseText == '1' ) |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
596 |
{ |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
597 |
var $killdiv = $dynano('php_killer'); |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
598 |
//$killdiv.object.innerHTML = '<img alt="Success" src="' + scriptPath + '/images/error.png" /><br />Embedded PHP in pages has been disabled.'; |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
599 |
$killdiv.object.parentNode.removeChild($killdiv.object); |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
600 |
var newdiv = document.createElement('div'); |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
601 |
// newdiv.style = $killdiv.object.style; |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
602 |
newdiv.className = $killdiv.object.className; |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
603 |
newdiv.innerHTML = '<img alt="Success" src="' + scriptPath + '/images/error.png" /><br />Embedded PHP in pages has been disabled.'; |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
604 |
$killdiv.object.parentNode.appendChild(newdiv); |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
605 |
$killdiv.object.parentNode.removeChild($killdiv.object); |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
606 |
} |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
607 |
else |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
608 |
{ |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
609 |
var $killdiv = $dynano('php_killer'); |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
610 |
$killdiv.object.innerHTML = ajax.responseText; |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
611 |
} |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
612 |
} |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
613 |
}); |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
614 |
} |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
615 |