author | Dan |
Tue, 26 Jun 2007 21:03:02 -0400 | |
changeset 23 | 320acf077276 |
parent 22 | d0314575e2f0 |
child 32 | 4d87aad3c4c0 |
permissions | -rw-r--r-- |
1 | 1 |
<?php |
2 |
||
3 |
/* |
|
4 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
19
diff
changeset
|
5 |
* Version 1.0 (Banshee) |
1 | 6 |
* Copyright (C) 2006-2007 Dan Fuhry |
7 |
* |
|
8 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
9 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
10 |
* |
|
11 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
12 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
13 |
*/ |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
14 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
15 |
/** |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
16 |
* Fetch a value from the site configuration. |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
17 |
* @param string The identifier of the value ("site_name" etc.) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
18 |
* @return string Configuration value, or bool(false) if the value is not set |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
19 |
*/ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
20 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
21 |
function getConfig($n) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
22 |
{ |
1 | 23 |
global $enano_config; |
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
24 |
if ( isset( $enano_config[ $n ] ) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
25 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
26 |
return $enano_config[$n]; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
27 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
28 |
else |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
29 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
30 |
return false; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
31 |
} |
1 | 32 |
} |
33 |
||
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
34 |
/** |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
35 |
* Update or change a configuration value. |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
36 |
* @param string The identifier of the value ("site_name" etc.) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
37 |
* @param string The new value |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
38 |
* @return null |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
39 |
*/ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
40 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
41 |
function setConfig($n, $v) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
42 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
43 |
|
1 | 44 |
global $enano_config, $db; |
45 |
$enano_config[$n] = $v; |
|
46 |
$v = $db->escape($v); |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
47 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
48 |
$e = $db->sql_query('DELETE FROM '.table_prefix.'config WHERE config_name=\''.$n.'\';'); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
49 |
if ( !$e ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
50 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
51 |
$db->_die('Error during generic setConfig() call row deletion.'); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
52 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
53 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
54 |
$e = $db->sql_query('INSERT INTO '.table_prefix.'config(config_name, config_value) VALUES(\''.$n.'\', \''.$v.'\')'); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
55 |
if ( !$e ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
56 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
57 |
$db->_die('Error during generic setConfig() call row insertion.'); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
58 |
} |
1 | 59 |
} |
60 |
||
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
61 |
/** |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
62 |
* Create a URI for an internal link. |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
63 |
* @param string The full identifier of the page to link to (Special:Administration) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
64 |
* @param string The GET query string to append |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
65 |
* @param bool If true, perform htmlspecialchars() on the return value to make it HTML-safe |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
66 |
* @return string |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
67 |
*/ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
68 |
|
1 | 69 |
function makeUrl($t, $query = false, $escape = false) |
70 |
{ |
|
71 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
72 |
$flags = ''; |
|
73 |
$sep = urlSeparator; |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
74 |
if ( isset($_GET['printable'] ) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
75 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
76 |
$flags .= $sep . 'printable=yes'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
77 |
$sep = '&'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
78 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
79 |
if ( isset($_GET['theme'] ) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
80 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
81 |
$flags .= $sep . 'theme='.$session->theme; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
82 |
$sep = '&'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
83 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
84 |
if ( isset($_GET['style'] ) ) { |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
85 |
$flags .= $sep . 'style='.$session->style; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
86 |
$sep = '&'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
87 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
88 |
|
1 | 89 |
$url = $session->append_sid(contentPath.$t.$flags); |
90 |
if($query) |
|
91 |
{ |
|
92 |
$sep = strstr($url, '?') ? '&' : '?'; |
|
93 |
$url = $url . $sep . $query; |
|
94 |
} |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
95 |
|
1 | 96 |
return ($escape) ? htmlspecialchars($url) : $url; |
97 |
} |
|
98 |
||
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
99 |
/** |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
100 |
* Create a URI for an internal link, and be namespace-friendly. Watch out for this one because it's different from most other Enano functions, in that the namespace is the first parameter. |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
101 |
* @param string The namespace ID |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
102 |
* @param string The page ID |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
103 |
* @param string The GET query string to append |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
104 |
* @param bool If true, perform htmlspecialchars() on the return value to make it HTML-safe |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
105 |
* @return string |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
106 |
*/ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
107 |
|
1 | 108 |
function makeUrlNS($n, $t, $query = false, $escape = false) |
109 |
{ |
|
110 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
111 |
$flags = ''; |
|
112 |
||
113 |
if(defined('ENANO_BASE_CLASSES_INITIALIZED')) |
|
114 |
{ |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
115 |
$sep = urlSeparator; |
1 | 116 |
} |
117 |
else |
|
118 |
{ |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
119 |
$sep = (strstr($_SERVER['REQUEST_URI'], '?')) ? '&' : '?'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
120 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
121 |
if ( isset( $_GET['printable'] ) ) { |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
122 |
$flags .= $sep . 'printable'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
123 |
$sep = '&'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
124 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
125 |
if ( isset( $_GET['theme'] ) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
126 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
127 |
$flags .= $sep . 'theme='.$session->theme; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
128 |
$sep = '&'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
129 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
130 |
if ( isset( $_GET['style'] ) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
131 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
132 |
$flags .= $sep . 'style='.$session->style; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
133 |
$sep = '&'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
134 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
135 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
136 |
if(defined('ENANO_BASE_CLASSES_INITIALIZED')) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
137 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
138 |
$url = contentPath . $paths->nslist[$n] . $t . $flags; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
139 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
140 |
else |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
141 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
142 |
// If the path manager hasn't been initted yet, take an educated guess at what the URI should be |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
143 |
$url = contentPath . $n . ':' . $t . $flags; |
1 | 144 |
} |
145 |
||
146 |
if($query) |
|
147 |
{ |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
148 |
if(strstr($url, '?')) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
149 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
150 |
$sep = '&'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
151 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
152 |
else |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
153 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
154 |
$sep = '?'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
155 |
} |
1 | 156 |
$url = $url . $sep . $query . $flags; |
157 |
} |
|
158 |
||
159 |
if(defined('ENANO_BASE_CLASSES_INITIALIZED')) |
|
160 |
{ |
|
161 |
$url = $session->append_sid($url); |
|
162 |
} |
|
163 |
||
164 |
return ($escape) ? htmlspecialchars($url) : $url; |
|
165 |
} |
|
166 |
||
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
167 |
/** |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
168 |
* Create a URI for an internal link, be namespace-friendly, and add http://hostname/scriptpath to the beginning if possible. Watch out for this one because it's different from most other Enano functions, in that the namespace is the first parameter. |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
169 |
* @param string The namespace ID |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
170 |
* @param string The page ID |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
171 |
* @param string The GET query string to append |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
172 |
* @param bool If true, perform htmlspecialchars() on the return value to make it HTML-safe |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
173 |
* @return string |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
174 |
*/ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
175 |
|
1 | 176 |
function makeUrlComplete($n, $t, $query = false, $escape = false) |
177 |
{ |
|
178 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
179 |
$flags = ''; |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
180 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
181 |
if(defined('ENANO_BASE_CLASSES_INITIALIZED')) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
182 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
183 |
$sep = urlSeparator; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
184 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
185 |
else |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
186 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
187 |
$sep = (strstr($_SERVER['REQUEST_URI'], '?')) ? '&' : '?'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
188 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
189 |
if ( isset( $_GET['printable'] ) ) { |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
190 |
$flags .= $sep . 'printable'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
191 |
$sep = '&'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
192 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
193 |
if ( isset( $_GET['theme'] ) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
194 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
195 |
$flags .= $sep . 'theme='.$session->theme; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
196 |
$sep = '&'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
197 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
198 |
if ( isset( $_GET['style'] ) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
199 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
200 |
$flags .= $sep . 'style='.$session->style; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
201 |
$sep = '&'; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
202 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
203 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
204 |
if(defined('ENANO_BASE_CLASSES_INITIALIZED')) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
205 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
206 |
$url = $session->append_sid(contentPath . $paths->nslist[$n] . $t . $flags); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
207 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
208 |
else |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
209 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
210 |
// If the path manager hasn't been initted yet, take an educated guess at what the URI should be |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
211 |
$url = contentPath . $n . ':' . $t . $flags; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
212 |
} |
1 | 213 |
if($query) |
214 |
{ |
|
215 |
if(strstr($url, '?')) $sep = '&'; |
|
216 |
else $sep = '?'; |
|
217 |
$url = $url . $sep . $query . $flags; |
|
218 |
} |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
219 |
|
1 | 220 |
$baseprot = 'http' . ( isset($_SERVER['HTTPS']) ? 's' : '' ) . '://' . $_SERVER['HTTP_HOST']; |
221 |
$url = $baseprot . $url; |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
222 |
|
1 | 223 |
return ($escape) ? htmlspecialchars($url) : $url; |
224 |
} |
|
225 |
||
226 |
/** |
|
227 |
* Redirect the user to the specified URL. |
|
228 |
* @param string $url The URL, either relative or absolute. |
|
229 |
* @param string $title The title of the message |
|
230 |
* @param string $message A short message to show to the user |
|
231 |
* @param string $timeout Timeout, in seconds, to delay the redirect. Defaults to 3. |
|
232 |
*/ |
|
233 |
||
234 |
function redirect($url, $title = 'Redirecting...', $message = 'Please wait while you are redirected.', $timeout = 3) |
|
235 |
{ |
|
236 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
237 |
||
238 |
if ( $timeout == 0 ) |
|
239 |
{ |
|
240 |
header('Location: ' . $url); |
|
241 |
header('HTTP/1.1 307 Temporary Redirect'); |
|
242 |
} |
|
243 |
||
244 |
$template->add_header('<meta http-equiv="refresh" content="' . $timeout . '; url=' . str_replace('"', '\\"', $url) . '" />'); |
|
245 |
$template->add_header('<script type="text/javascript"> |
|
246 |
function __r() { |
|
247 |
// FUNCTION AUTOMATICALLY GENERATED |
|
248 |
window.location="' . str_replace('"', '\\"', $url) . '"; |
|
249 |
} |
|
250 |
setTimeout(\'__r();\', ' . $timeout . '000); |
|
251 |
</script> |
|
252 |
'); |
|
253 |
||
254 |
$template->tpl_strings['PAGE_NAME'] = $title; |
|
255 |
$template->header(true); |
|
256 |
echo '<p>' . $message . '</p><p>If you are not redirected within ' . ( $timeout + 1 ) . ' seconds, <a href="' . str_replace('"', '\\"', $url) . '">please click here</a>.</p>'; |
|
257 |
$template->footer(true); |
|
258 |
||
259 |
$db->close(); |
|
260 |
exit(0); |
|
261 |
||
262 |
} |
|
263 |
||
264 |
// Removed wikiFormat() from here, replaced with RenderMan::render |
|
265 |
||
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
266 |
/** |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
267 |
* Tell me if the page exists or not. |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
268 |
* @param string the full page ID (Special:Administration) of the page to check for |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
269 |
* @return bool True if the page exists, false otherwise |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
270 |
*/ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
271 |
|
1 | 272 |
function isPage($p) { |
273 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
22
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
274 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
275 |
// Try the easy way first ;-) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
276 |
if ( isset( $paths->pages[ $p ] ) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
277 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
278 |
return true; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
279 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
280 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
281 |
// Special case for Special, Template, and Admin pages that can't have slashes in their URIs |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
282 |
$ns_test = RenderMan::strToPageID( $p ); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
283 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
284 |
if($ns_test[1] != 'Special' && $ns_test[1] != 'Template' && $ns_test[1] != 'Admin') |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
285 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
286 |
return false; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
287 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
288 |
|
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
289 |
$particles = explode('/', $p); |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
290 |
if ( isset ( $paths->pages[ $particles[ 0 ] ] ) ) |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
291 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
292 |
return true; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
293 |
} |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
294 |
else |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
295 |
{ |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
296 |
return false; |
d0314575e2f0
More preliminary l10n work; userpage portal style basics implemented
Dan
parents:
21
diff
changeset
|
297 |
} |
1 | 298 |
} |
299 |
||
300 |
function arrayItemUp($arr, $keyname) { |
|
301 |
$keylist = array_keys($arr); |
|
302 |
$keyflop = array_flip($keylist); |
|
303 |
$idx = $keyflop[$keyname]; |
|
304 |
$idxm = $idx - 1; |
|
305 |
$temp = $arr[$keylist[$idxm]]; |
|
306 |
if($arr[$keylist[0]] == $arr[$keyname]) return $arr; |
|
307 |
$arr[$keylist[$idxm]] = $arr[$keylist[$idx]]; |
|
308 |
$arr[$keylist[$idx]] = $temp; |
|
309 |
return $arr; |
|
310 |
} |
|
311 |
||
312 |
function arrayItemDown($arr, $keyname) { |
|
313 |
$keylist = array_keys($arr); |
|
314 |
$keyflop = array_flip($keylist); |
|
315 |
$idx = $keyflop[$keyname]; |
|
316 |
$idxm = $idx + 1; |
|
317 |
$temp = $arr[$keylist[$idxm]]; |
|
318 |
$sz = sizeof($arr); $sz--; |
|
319 |
if($arr[$keylist[$sz]] == $arr[$keyname]) return $arr; |
|
320 |
$arr[$keylist[$idxm]] = $arr[$keylist[$idx]]; |
|
321 |
$arr[$keylist[$idx]] = $temp; |
|
322 |
return $arr; |
|
323 |
} |
|
324 |
||
325 |
function arrayItemTop($arr, $keyname) { |
|
326 |
$keylist = array_keys($arr); |
|
327 |
$keyflop = array_flip($keylist); |
|
328 |
$idx = $keyflop[$keyname]; |
|
329 |
while( $orig != $arr[$keylist[0]] ) { |
|
330 |
// echo 'Keyname: '.$keylist[$idx] . '<br />'; flush(); ob_flush(); // Debugger |
|
331 |
if($idx < 0) return $arr; |
|
332 |
if($keylist[$idx] == '' || $keylist[$idx] < 0 || !$keylist[$idx]) { |
|
333 |
/* echo 'Infinite loop caught in arrayItemTop(<br /><pre>'; |
|
334 |
print_r($arr); |
|
335 |
echo '</pre><br />, '.$keyname.');<br /><br />EnanoCMS: Critical error during function call, exiting to prevent excessive server load.'; |
|
336 |
exit; */ |
|
337 |
return $arr; |
|
338 |
} |
|
339 |
$arr = arrayItemUp($arr, $keylist[$idx]); |
|
340 |
$idx--; |
|
341 |
} |
|
342 |
return $arr; |
|
343 |
} |
|
344 |
||
345 |
function arrayItemBottom($arr, $keyname) { |
|
346 |
$keylist = array_keys($arr); |
|
347 |
$keyflop = array_flip($keylist); |
|
348 |
$idx = $keyflop[$keyname]; |
|
349 |
$sz = sizeof($arr); $sz--; |
|
350 |
while( $orig != $arr[$keylist[$sz]] ) { |
|
351 |
// echo 'Keyname: '.$keylist[$idx] . '<br />'; flush(); ob_flush(); // Debugger |
|
352 |
if($idx > $sz) return $arr; |
|
353 |
if($keylist[$idx] == '' || $keylist[$idx] < 0 || !$keylist[$idx]) { |
|
354 |
echo 'Infinite loop caught in arrayItemBottom(<br /><pre>'; |
|
355 |
print_r($arr); |
|
356 |
echo '</pre><br />, '.$keyname.');<br /><br />EnanoCMS: Critical error during function call, exiting to prevent excessive server load.'; |
|
357 |
exit; |
|
358 |
} |
|
359 |
$arr = arrayItemDown($arr, $keylist[$idx]); |
|
360 |
$idx++; |
|
361 |
} |
|
362 |
return $arr; |
|
363 |
} |
|
364 |
||
365 |
// Convert IP address to hex string |
|
366 |
// Input: 127.0.0.1 (string) |
|
367 |
// Output: 0x7f000001 (string) |
|
368 |
// Updated 12/8/06 to work with PHP4 and not use eval() (blech) |
|
369 |
function ip2hex($ip) { |
|
370 |
if ( preg_match('/^([0-9a-f:]+)$/', $ip) ) |
|
371 |
{ |
|
372 |
// this is an ipv6 address |
|
373 |
return str_replace(':', '', $ip); |
|
374 |
} |
|
375 |
$nums = explode('.', $ip); |
|
376 |
if(sizeof($nums) != 4) return false; |
|
377 |
$str = '0x'; |
|
378 |
foreach($nums as $n) |
|
379 |
{ |
|
380 |
$str .= (string)dechex($n); |
|
381 |
} |
|
382 |
return $str; |
|
383 |
} |
|
384 |
||
385 |
// Convert DWord to IP address |
|
386 |
// Input: 0x7f000001 |
|
387 |
// Output: 127.0.0.1 |
|
388 |
// Updated 12/8/06 to work with PHP4 and not use eval() (blech) |
|
389 |
function hex2ip($in) { |
|
390 |
if(substr($in, 0, 2) == '0x') $ip = substr($in, 2, 8); |
|
391 |
else $ip = substr($in, 0, 8); |
|
392 |
$octets = enano_str_split($ip, 2); |
|
393 |
$str = ''; |
|
394 |
$newoct = Array(); |
|
395 |
foreach($octets as $o) |
|
396 |
{ |
|
397 |
$o = (int)hexdec($o); |
|
398 |
$newoct[] = $o; |
|
399 |
} |
|
400 |
return implode('.', $newoct); |
|
401 |
} |
|
402 |
||
403 |
// Function strip_php moved to RenderMan class |
|
404 |
||
405 |
function die_semicritical($t, $p) |
|
406 |
{ |
|
407 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
408 |
$db->close(); |
|
409 |
||
410 |
if ( ob_get_status() ) |
|
411 |
ob_end_clean(); |
|
412 |
||
413 |
dc_here('functions: <span style="color: red">calling die_semicritical</span>'); |
|
414 |
||
415 |
$tpl = new template_nodb(); |
|
416 |
$tpl->load_theme('oxygen', 'bleu'); |
|
417 |
$tpl->tpl_strings['SITE_NAME'] = getConfig('site_name'); |
|
418 |
$tpl->tpl_strings['SITE_DESC'] = getConfig('site_desc'); |
|
419 |
$tpl->tpl_strings['COPYRIGHT'] = getConfig('copyright_notice'); |
|
420 |
$tpl->tpl_strings['PAGE_NAME'] = $t; |
|
421 |
$tpl->header(); |
|
422 |
echo $p; |
|
423 |
$tpl->footer(); |
|
424 |
||
425 |
exit; |
|
426 |
} |
|
427 |
||
428 |
function die_friendly($t, $p) |
|
429 |
{ |
|
430 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
431 |
||
432 |
if ( ob_get_status() ) |
|
433 |
ob_end_clean(); |
|
434 |
||
435 |
dc_here('functions: <span style="color: red">calling die_friendly</span>'); |
|
436 |
$paths->cpage['name'] = $t; |
|
437 |
$template->tpl_strings['PAGE_NAME'] = $t; |
|
438 |
$template->header(); |
|
439 |
echo $p; |
|
440 |
$template->footer(); |
|
441 |
$db->close(); |
|
442 |
||
443 |
exit; |
|
444 |
} |
|
445 |
||
446 |
function grinding_halt($t, $p) |
|
447 |
{ |
|
448 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
449 |
||
450 |
$db->close(); |
|
451 |
||
452 |
if ( ob_get_status() ) |
|
453 |
ob_end_clean(); |
|
454 |
||
455 |
dc_here('functions: <span style="color: red">calling grinding_halt</span>'); |
|
456 |
$tpl = new template_nodb(); |
|
457 |
$tpl->load_theme('oxygen', 'bleu'); |
|
458 |
$tpl->tpl_strings['SITE_NAME'] = 'Critical error'; |
|
459 |
$tpl->tpl_strings['SITE_DESC'] = 'This website is experiencing a serious error and cannot load.'; |
|
460 |
$tpl->tpl_strings['COPYRIGHT'] = 'Unable to retrieve copyright information'; |
|
461 |
$tpl->tpl_strings['PAGE_NAME'] = $t; |
|
462 |
$tpl->header(); |
|
463 |
echo $p; |
|
464 |
$tpl->footer(); |
|
465 |
exit; |
|
466 |
} |
|
467 |
||
468 |
function show_category_info() { |
|
469 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
470 |
dc_here('functions: showing category info'); |
|
471 |
if($template->no_headers && !strpos($_SERVER['REQUEST_URI'], 'ajax.php')) return ''; |
|
472 |
if($paths->namespace=='Category') |
|
473 |
{ |
|
474 |
$q = $db->sql_query('SELECT page_id,namespace FROM '.table_prefix.'categories WHERE category_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace=\'Category\' ORDER BY page_id;'); |
|
475 |
if(!$q) $db->_die('The category information could not be selected.'); |
|
476 |
$ticker = -1; |
|
477 |
echo '<h3>Subcategories</h3>'; |
|
478 |
if($db->numrows() < 1) echo '<p>There are no subcategories in this category.</p>'; |
|
479 |
echo '<table border="0" cellspacing="1" cellpadding="4">'; |
|
480 |
while($row = $db->fetchrow()) |
|
481 |
{ |
|
482 |
$ticker++;if($ticker==3) $ticker=0; |
|
483 |
if($ticker==0) echo '<tr>'; |
|
484 |
echo '<td style="width: 200px;"><a href="'.makeUrlNS($row['namespace'], $row['page_id']).'">'.$paths->pages[$paths->nslist[$row['namespace']].$row['page_id']]['name'].'</a></td>'; |
|
485 |
if($ticker==2) echo '</tr>'; |
|
486 |
} |
|
487 |
$db->free_result(); |
|
488 |
if($ticker) echo '</tr>'; |
|
489 |
echo '</table>'; |
|
490 |
||
491 |
$q = $db->sql_query('SELECT page_id,namespace FROM '.table_prefix.'categories WHERE category_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace!=\'Category\' ORDER BY page_id;'); |
|
492 |
if(!$q) $db->_die('The category information could not be selected.'); |
|
493 |
$ticker = -1; |
|
494 |
echo '<h3>Pages</h3>'; |
|
495 |
if($db->numrows() < 1) echo '<p>There are no pages in this category.</p>'; |
|
496 |
echo '<table border="0" cellspacing="1" cellpadding="4">'; |
|
497 |
while($row = $db->fetchrow()) |
|
498 |
{ |
|
499 |
$ticker++;if($ticker==3) $ticker=0; |
|
500 |
if($ticker==0) echo '<tr>'; |
|
501 |
echo '<td style="width: 200px;"><a href="'.makeUrlNS($row['namespace'], $row['page_id']).'">'.$paths->pages[$paths->nslist[$row['namespace']].$row['page_id']]['name'].'</a></td>'; |
|
502 |
if($ticker==2) echo '</tr>'; |
|
503 |
} |
|
504 |
$db->free_result(); |
|
505 |
if($ticker) echo '</tr>'; |
|
506 |
echo '</table><br /><br />'; |
|
507 |
} |
|
508 |
$q = $db->sql_query('SELECT category_id FROM '.table_prefix.'categories WHERE page_id=\''.$paths->cpage['urlname_nons'].'\' AND namespace=\''.$paths->namespace.'\''); |
|
509 |
if(!$q) $db->_die('The error seems to have occurred during selection of category data.'); |
|
510 |
if($db->numrows() > 0) { |
|
511 |
echo '<div class="mdg-comment" style="margin-left: 0;">Categories: '; |
|
512 |
$i=0; |
|
513 |
while($r = $db->fetchrow()) |
|
514 |
{ |
|
515 |
if($i>0) echo ', '; |
|
516 |
$i++; |
|
517 |
echo '<a href="'.makeUrlNS('Category', $r['category_id']).'">'.$paths->pages[$paths->nslist['Category'].$r['category_id']]['name'].'</a>'; |
|
518 |
} |
|
519 |
if( ( $paths->wiki_mode && !$paths->page_protected ) || ( $session->get_permissions('edit_cat') && $session->get_permissions('even_when_protected') ) ) echo ' [ <a href="'.makeUrl($paths->page, 'do=catedit', true).'" onclick="ajaxCatEdit(); return false;">edit categorization</a> ]</div>'; |
|
520 |
} else { |
|
521 |
echo '<div class="mdg-comment" style="margin-left: 0;">Categories: '; |
|
522 |
echo '(Uncategorized)'; |
|
523 |
if( ( $paths->wiki_mode && !$paths->page_protected ) || ( $session->get_permissions('edit_cat') && $session->get_permissions('even_when_protected') ) ) echo ' [ <a href="'.makeUrl($paths->page, 'do=catedit', true).'" onclick="ajaxCatEdit(); return false;">edit categorization</a> ]</div>'; |
|
524 |
else echo '</div>'; |
|
525 |
} |
|
526 |
$db->free_result(); |
|
527 |
} |
|
528 |
||
529 |
function show_file_info() |
|
530 |
{ |
|
531 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
532 |
if($paths->namespace != 'File') return null; // Prevent unnecessary work |
|
533 |
$selfn = $paths->cpage['urlname_nons']; // substr($paths->page, strlen($paths->nslist['File']), strlen($paths->cpage)); |
|
534 |
if(substr($paths->cpage['name'], 0, strlen($paths->nslist['File']))==$paths->nslist['File']) $selfn = substr($paths->cpage['urlname_nons'], strlen($paths->nslist['File']), strlen($paths->cpage['urlname_nons'])); |
|
535 |
$q = $db->sql_query('SELECT mimetype,time_id,size FROM '.table_prefix.'files WHERE page_id=\''.$selfn.'\' ORDER BY time_id DESC;'); |
|
536 |
if(!$q) $db->_die('The file type could not be fetched.'); |
|
537 |
if($db->numrows() < 1) { echo '<div class="mdg-comment" style="margin-left: 0;"><h3>Uploaded file</h3><p>There are no files uploaded with this name yet. <a href="'.makeUrlNS('Special', 'UploadFile/'.$paths->cpage['urlname_nons']).'">Upload a file...</a></p></div><br />'; return; } |
|
538 |
$r = $db->fetchrow(); |
|
539 |
$mimetype = $r['mimetype']; |
|
540 |
$datestring = date('F d, Y h:i a', (int)$r['time_id']); |
|
541 |
echo '<div class="mdg-comment" style="margin-left: 0;"><p><h3>Uploaded file</h3></p><p>Type: '.$r['mimetype'].'<br />Size: '; |
|
542 |
$fs = $r['size']; |
|
543 |
echo $fs.' bytes'; |
|
544 |
$fs = (int)$fs; |
|
545 |
if($fs >= 1048576) |
|
546 |
{ |
|
547 |
$fs = round($fs / 1048576, 1); |
|
548 |
echo ' ('.$fs.' MB)'; |
|
549 |
} elseif($fs >= 1024) { |
|
550 |
$fs = round($fs / 1024, 1); |
|
551 |
echo ' ('.$fs.' KB)'; |
|
552 |
} |
|
553 |
echo '<br />Uploaded: '.$datestring.'</p>'; |
|
554 |
if(substr($mimetype, 0, 6)!='image/' && ( substr($mimetype, 0, 5) != 'text/' || $mimetype == 'text/html' || $mimetype == 'text/javascript' )) |
|
555 |
{ |
|
556 |
echo '<div class="warning-box">This file type may contain viruses or other code that could harm your computer. You should exercise caution if you download it.</div>'; |
|
557 |
} |
|
558 |
if(substr($mimetype, 0, 6)=='image/') |
|
559 |
{ |
|
560 |
echo '<p><a href="'.makeUrlNS('Special', 'DownloadFile'.'/'.$selfn).'"><img style="border: 0;" alt="'.$paths->page.'" src="'.makeUrlNS('Special', 'DownloadFile'.'/'.$selfn.htmlspecialchars(urlSeparator).'preview').'" /></a></p>'; |
|
561 |
} |
|
562 |
echo '<p><a href="'.makeUrlNS('Special', 'DownloadFile'.'/'.$selfn.'/'.$r['time_id'].htmlspecialchars(urlSeparator).'download').'">Download this file</a>'; |
|
563 |
if(!$paths->page_protected && ( $paths->wiki_mode || $session->get_permissions('upload_new_version') )) |
|
564 |
{ |
|
565 |
echo ' | <a href="'.makeUrlNS('Special', 'UploadFile'.'/'.$selfn).'">Upload new version</a>'; |
|
566 |
} |
|
567 |
echo '</p>'; |
|
568 |
if($db->numrows() > 1) |
|
569 |
{ |
|
570 |
echo '<h3>File history</h3><p>'; |
|
571 |
while($r = $db->fetchrow()) |
|
572 |
{ |
|
573 |
echo '(<a href="'.makeUrlNS('Special', 'DownloadFile'.'/'.$selfn.'/'.$r['time_id'].htmlspecialchars(urlSeparator).'download').'">this ver</a>) '; |
|
574 |
if($session->get_permissions('history_rollback')) |
|
575 |
echo ' (<a href="#" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">revert</a>) '; |
|
576 |
$mimetype = $r['mimetype']; |
|
577 |
$datestring = date('F d, Y h:i a', (int)$r['time_id']); |
|
578 |
echo $datestring.': '.$r['mimetype'].', '; |
|
579 |
$fs = $r['size']; |
|
580 |
$fs = (int)$fs; |
|
581 |
if($fs >= 1048576) |
|
582 |
{ |
|
583 |
$fs = round($fs / 1048576, 1); |
|
584 |
echo ' '.$fs.' MB'; |
|
585 |
} elseif($fs >= 1024) { |
|
586 |
$fs = round($fs / 1024, 1); |
|
587 |
echo ' '.$fs.' KB'; |
|
588 |
} else { |
|
589 |
echo ' '.$fs.' bytes'; |
|
590 |
} |
|
591 |
echo '<br />'; |
|
592 |
} |
|
593 |
echo '</p>'; |
|
594 |
} |
|
595 |
$db->free_result(); |
|
596 |
echo '</div><br />'; |
|
597 |
} |
|
598 |
||
599 |
function display_page_headers() |
|
600 |
{ |
|
601 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
602 |
if($session->get_permissions('vote_reset') && $paths->cpage['delvotes'] > 0) |
|
603 |
{ |
|
604 |
$hr = implode(', ', explode('|', $paths->cpage['delvote_ips'])); |
|
605 |
$is = 'is'; |
|
606 |
$s = ''; |
|
607 |
$s2 = 's'; |
|
608 |
if ( $paths->cpage['delvotes'] > 1) |
|
609 |
{ |
|
610 |
$is = 'are'; |
|
611 |
$s = 's'; |
|
612 |
$s2 = ''; |
|
613 |
} |
|
614 |
echo '<div class="info-box" style="margin-left: 0; margin-top: 5px;" id="mdgDeleteVoteNoticeBox"> |
|
615 |
<b>Notice:</b> There '.$is.' '.$paths->cpage['delvotes'].' user'.$s.' that think'.$s2.' this page should be deleted.<br /> |
|
616 |
<b>Users that voted:</b> ' . $hr . '<br /> |
|
617 |
<a href="'.makeUrl($paths->page, 'do=deletepage').'" onclick="ajaxDeletePage(); return false;">Delete page</a> | <a href="'.makeUrl($paths->page, 'do=resetvotes').'" onclick="ajaxResetDelVotes(); return false;">Reset votes</a> |
|
618 |
</div>'; |
|
619 |
} |
|
620 |
} |
|
621 |
||
622 |
function display_page_footers() |
|
623 |
{ |
|
624 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
625 |
if(isset($_GET['nofooters'])) return; |
|
626 |
$code = $plugins->setHook('send_page_footers'); |
|
627 |
foreach ( $code as $cmd ) |
|
628 |
{ |
|
629 |
eval($cmd); |
|
630 |
} |
|
631 |
show_file_info(); |
|
632 |
show_category_info(); |
|
633 |
} |
|
634 |
||
635 |
function password_prompt($id = false) |
|
636 |
{ |
|
637 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
638 |
if(!$id) $id = $paths->page; |
|
639 |
if(isset($paths->pages[$id]['password']) && strlen($paths->pages[$id]['password']) == 40 && !isset($_REQUEST['pagepass'])) |
|
640 |
{ |
|
641 |
die_friendly('Password required', '<p>You must supply a password to access this page.</p><form action="'.makeUrl($paths->pages[$id]['urlname']).'" method="post"><p>Password: <input name="pagepass" type="password" /></p><p><input type="submit" value="Submit" /></p>'); |
|
642 |
} elseif(isset($_REQUEST['pagepass'])) { |
|
643 |
$p = (preg_match('#^([a-f0-9]*){40}$#', $_REQUEST['pagepass'])) ? $_REQUEST['pagepass'] : sha1($_REQUEST['pagepass']); |
|
644 |
if($p != $paths->pages[$id]['password']) die_friendly('Password required', '<p style="color: red;">The password you entered is incorrect.</p><form action="'.makeUrl($paths->page).'" method="post"><p>Password: <input name="pagepass" type="password" /></p><p><input type="submit" value="Submit" /></p>'); |
|
645 |
} |
|
646 |
} |
|
647 |
||
648 |
function str_hex($string){ |
|
649 |
$hex=''; |
|
650 |
for ($i=0; $i < strlen($string); $i++){ |
|
651 |
$hex .= ' '.dechex(ord($string[$i])); |
|
652 |
} |
|
653 |
return substr($hex, 1, strlen($hex)); |
|
654 |
} |
|
655 |
||
656 |
// Function pulled from phpBB's smtp.php |
|
657 |
function smtp_get_response($socket, $response, $line = __LINE__) |
|
658 |
{ |
|
659 |
$server_response = ''; |
|
660 |
while (substr($server_response, 3, 1) != ' ') |
|
661 |
{ |
|
662 |
if (!($server_response = fgets($socket, 256))) |
|
663 |
{ |
|
664 |
die_friendly('SMTP Error', "<p>Couldn't get mail server response codes</p>"); |
|
665 |
} |
|
666 |
} |
|
667 |
||
668 |
if (!(substr($server_response, 0, 3) == $response)) |
|
669 |
{ |
|
670 |
die_friendly('SMTP Error', "<p>Ran into problems sending mail. Response: $server_response</p>"); |
|
671 |
} |
|
672 |
} |
|
673 |
||
674 |
function smtp_send_email($to, $subject, $message, $from) |
|
675 |
{ |
|
676 |
return smtp_send_email_core($to, $subject, $message, "From: <$from>\n"); |
|
677 |
} |
|
678 |
||
679 |
// Replacement or substitute for PHP's mail command |
|
680 |
// Ported from phpBB - copyright (C) phpBB group, GPL. |
|
681 |
function smtp_send_email_core($mail_to, $subject, $message, $headers = '') |
|
682 |
{ |
|
683 |
global $board_config; |
|
684 |
||
685 |
// Fix any bare linefeeds in the message to make it RFC821 Compliant. |
|
686 |
$message = preg_replace("#(?<!\r)\n#si", "\r\n", $message); |
|
687 |
||
688 |
if ($headers != '') |
|
689 |
{ |
|
690 |
if (is_array($headers)) |
|
691 |
{ |
|
692 |
if (sizeof($headers) > 1) |
|
693 |
{ |
|
694 |
$headers = join("\n", $headers); |
|
695 |
} |
|
696 |
else |
|
697 |
{ |
|
698 |
$headers = $headers[0]; |
|
699 |
} |
|
700 |
} |
|
701 |
$headers = chop($headers); |
|
702 |
||
703 |
// Make sure there are no bare linefeeds in the headers |
|
704 |
$headers = preg_replace('#(?<!\r)\n#si', "\r\n", $headers); |
|
705 |
||
706 |
// Ok this is rather confusing all things considered, |
|
707 |
// but we have to grab bcc and cc headers and treat them differently |
|
708 |
// Something we really didn't take into consideration originally |
|
709 |
$header_array = explode("\r\n", $headers); |
|
710 |
@reset($header_array); |
|
711 |
||
712 |
$headers = ''; |
|
713 |
while(list(, $header) = each($header_array)) |
|
714 |
{ |
|
715 |
if (preg_match('#^cc:#si', $header)) |
|
716 |
{ |
|
717 |
$cc = preg_replace('#^cc:(.*)#si', '\1', $header); |
|
718 |
} |
|
719 |
else if (preg_match('#^bcc:#si', $header)) |
|
720 |
{ |
|
721 |
$bcc = preg_replace('#^bcc:(.*)#si', '\1', $header); |
|
722 |
$header = ''; |
|
723 |
} |
|
724 |
$headers .= ($header != '') ? $header . "\r\n" : ''; |
|
725 |
} |
|
726 |
||
727 |
$headers = chop($headers); |
|
728 |
$cc = explode(', ', $cc); |
|
729 |
$bcc = explode(', ', $bcc); |
|
730 |
} |
|
731 |
||
732 |
if (trim($subject) == '') |
|
733 |
{ |
|
734 |
die_friendly(GENERAL_ERROR, "No email Subject specified"); |
|
735 |
} |
|
736 |
||
737 |
if (trim($message) == '') |
|
738 |
{ |
|
739 |
die_friendly(GENERAL_ERROR, "Email message was blank"); |
|
740 |
} |
|
741 |
||
742 |
// setup SMTP |
|
743 |
$host = getConfig('smtp_server'); |
|
744 |
if ( empty($host) ) |
|
745 |
return 'No smtp_host in config'; |
|
746 |
if ( strstr($host, ':' ) ) |
|
747 |
{ |
|
748 |
$n = explode(':', $host); |
|
749 |
$smtp_host = $n[0]; |
|
750 |
$port = intval($n[1]); |
|
751 |
} |
|
752 |
else |
|
753 |
{ |
|
754 |
$smtp_host = $host; |
|
755 |
$port = 25; |
|
756 |
} |
|
757 |
||
758 |
$smtp_user = getConfig('smtp_user'); |
|
759 |
$smtp_pass = getConfig('smtp_password'); |
|
760 |
||
761 |
// Ok we have error checked as much as we can to this point let's get on |
|
762 |
// it already. |
|
763 |
if( !$socket = @fsockopen($smtp_host, $port, $errno, $errstr, 20) ) |
|
764 |
{ |
|
765 |
die_friendly(GENERAL_ERROR, "Could not connect to smtp host : $errno : $errstr"); |
|
766 |
} |
|
767 |
||
768 |
// Wait for reply |
|
769 |
smtp_get_response($socket, "220", __LINE__); |
|
770 |
||
771 |
// Do we want to use AUTH?, send RFC2554 EHLO, else send RFC821 HELO |
|
772 |
// This improved as provided by SirSir to accomodate |
|
773 |
if( !empty($smtp_user) && !empty($smtp_pass) ) |
|
774 |
{ |
|
775 |
enano_fputs($socket, "EHLO " . $smtp_host . "\r\n"); |
|
776 |
smtp_get_response($socket, "250", __LINE__); |
|
777 |
||
778 |
enano_fputs($socket, "AUTH LOGIN\r\n"); |
|
779 |
smtp_get_response($socket, "334", __LINE__); |
|
780 |
||
781 |
enano_fputs($socket, base64_encode($smtp_user) . "\r\n"); |
|
782 |
smtp_get_response($socket, "334", __LINE__); |
|
783 |
||
784 |
enano_fputs($socket, base64_encode($smtp_pass) . "\r\n"); |
|
785 |
smtp_get_response($socket, "235", __LINE__); |
|
786 |
} |
|
787 |
else |
|
788 |
{ |
|
789 |
enano_fputs($socket, "HELO " . $smtp_host . "\r\n"); |
|
790 |
smtp_get_response($socket, "250", __LINE__); |
|
791 |
} |
|
792 |
||
793 |
// From this point onward most server response codes should be 250 |
|
794 |
// Specify who the mail is from.... |
|
795 |
enano_fputs($socket, "MAIL FROM: <" . getConfig('contact_email') . ">\r\n"); |
|
796 |
smtp_get_response($socket, "250", __LINE__); |
|
797 |
||
798 |
// Specify each user to send to and build to header. |
|
799 |
$to_header = ''; |
|
800 |
||
801 |
// Add an additional bit of error checking to the To field. |
|
802 |
$mail_to = (trim($mail_to) == '') ? 'Undisclosed-recipients:;' : trim($mail_to); |
|
803 |
if (preg_match('#[^ ]+\@[^ ]+#', $mail_to)) |
|
804 |
{ |
|
805 |
enano_fputs($socket, "RCPT TO: <$mail_to>\r\n"); |
|
806 |
smtp_get_response($socket, "250", __LINE__); |
|
807 |
} |
|
808 |
||
809 |
// Ok now do the CC and BCC fields... |
|
810 |
@reset($bcc); |
|
811 |
while(list(, $bcc_address) = each($bcc)) |
|
812 |
{ |
|
813 |
// Add an additional bit of error checking to bcc header... |
|
814 |
$bcc_address = trim($bcc_address); |
|
815 |
if (preg_match('#[^ ]+\@[^ ]+#', $bcc_address)) |
|
816 |
{ |
|
817 |
enano_fputs($socket, "RCPT TO: <$bcc_address>\r\n"); |
|
818 |
smtp_get_response($socket, "250", __LINE__); |
|
819 |
} |
|
820 |
} |
|
821 |
||
822 |
@reset($cc); |
|
823 |
while(list(, $cc_address) = each($cc)) |
|
824 |
{ |
|
825 |
// Add an additional bit of error checking to cc header |
|
826 |
$cc_address = trim($cc_address); |
|
827 |
if (preg_match('#[^ ]+\@[^ ]+#', $cc_address)) |
|
828 |
{ |
|
829 |
enano_fputs($socket, "RCPT TO: <$cc_address>\r\n"); |
|
830 |
smtp_get_response($socket, "250", __LINE__); |
|
831 |
} |
|
832 |
} |
|
833 |
||
834 |
// Ok now we tell the server we are ready to start sending data |
|
835 |
enano_fputs($socket, "DATA\r\n"); |
|
836 |
||
837 |
// This is the last response code we look for until the end of the message. |
|
838 |
smtp_get_response($socket, "354", __LINE__); |
|
839 |
||
840 |
// Send the Subject Line... |
|
841 |
enano_fputs($socket, "Subject: $subject\r\n"); |
|
842 |
||
843 |
// Now the To Header. |
|
844 |
enano_fputs($socket, "To: $mail_to\r\n"); |
|
845 |
||
846 |
// Now any custom headers.... |
|
847 |
enano_fputs($socket, "$headers\r\n\r\n"); |
|
848 |
||
849 |
// Ok now we are ready for the message... |
|
850 |
enano_fputs($socket, "$message\r\n"); |
|
851 |
||
852 |
// Ok the all the ingredients are mixed in let's cook this puppy... |
|
853 |
enano_fputs($socket, ".\r\n"); |
|
854 |
smtp_get_response($socket, "250", __LINE__); |
|
855 |
||
856 |
// Now tell the server we are done and close the socket... |
|
857 |
enano_fputs($socket, "QUIT\r\n"); |
|
858 |
fclose($socket); |
|
859 |
||
860 |
return TRUE; |
|
861 |
} |
|
862 |
||
863 |
/** |
|
864 |
* Tell which version of Enano we're running. |
|
865 |
* @param bool $long if true, uses English version names (e.g. alpha, beta, release candidate). If false (default) uses abbreviations (1.0a1, 1.0b3, 1.0RC2, etc.) |
|
866 |
* @return string |
|
867 |
*/ |
|
868 |
||
869 |
function enano_version($long = false, $no_nightly = false) |
|
870 |
{ |
|
871 |
$r = getConfig('enano_version'); |
|
872 |
$rc = ( $long ) ? ' release candidate ' : 'RC'; |
|
873 |
$b = ( $long ) ? ' beta ' : 'b'; |
|
874 |
$a = ( $long ) ? ' alpha ' : 'a'; |
|
875 |
if($v = getConfig('enano_rc_version')) $r .= $rc.$v; |
|
876 |
if($v = getConfig('enano_beta_version')) $r .= $b.$v; |
|
877 |
if($v = getConfig('enano_alpha_version')) $r .= $a.$v; |
|
878 |
if ( defined('ENANO_NIGHTLY') && !$no_nightly ) |
|
879 |
{ |
|
880 |
$nightlytag = ENANO_NIGHTLY_MONTH . '-' . ENANO_NIGHTLY_DAY . '-' . ENANO_NIGHTLY_YEAR; |
|
881 |
$nightlylong = ' nightly; build date: ' . ENANO_NIGHTLY_MONTH . '-' . ENANO_NIGHTLY_DAY . '-' . ENANO_NIGHTLY_YEAR; |
|
882 |
$r = ( $long ) ? $r . $nightlylong : $r . '-nightly-' . $nightlytag; |
|
883 |
} |
|
884 |
return $r; |
|
885 |
} |
|
886 |
||
887 |
function _dualurlenc($t) { |
|
888 |
return rawurlencode(rawurlencode($t)); |
|
889 |
} |
|
890 |
||
891 |
function _die($t) { |
|
892 |
$_ob = 'document.getElementById("ajaxEditContainer").innerHTML = unescape(\'' . rawurlencode('' . $t . '') . '\')'; |
|
893 |
die($_ob); |
|
894 |
} |
|
895 |
||
896 |
function jsdie($text) { |
|
897 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
898 |
$text = rawurlencode($text . "\n\nSQL Backtrace:\n" . $db->sql_backtrace()); |
|
899 |
echo 'document.getElementById("ajaxEditContainer").innerHTML = unescape(\''.$text.'\');'; |
|
900 |
} |
|
901 |
||
902 |
// HTML sanitizing function - written by Kallahar |
|
903 |
// Original function at: http://quickwired.com/kallahar/smallprojects/php_xss_filter_function.php |
|
904 |
||
905 |
// UNUSED - todo: remove this in gold or put it to use |
|
906 |
||
907 |
function RemoveXSS($val) { |
|
908 |
// remove all non-printable characters. CR(0a) and LF(0b) and TAB(9) are allowed |
|
909 |
// this prevents some character re-spacing such as <java\0script> |
|
910 |
// note that you have to handle splits with \n, \r, and \t later since they *are* allowed in some inputs |
|
911 |
$val = preg_replace('/([\x00-\x08][\x0b-\x0c][\x0e-\x20])/', '', $val); |
|
912 |
||
913 |
// straight replacements, the user should never need these since they're normal characters |
|
914 |
// this prevents like <IMG SRC=@avascript:alert('XSS')> |
|
915 |
$search = 'abcdefghijklmnopqrstuvwxyz'; |
|
916 |
$search .= 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'; |
|
917 |
$search .= '1234567890!@#$%^&*()'; |
|
918 |
$search .= '~`";:?+/={}[]-_|\'\\'; |
|
919 |
for ($i = 0; $i < strlen($search); $i++) { |
|
920 |
// ;? matches the ;, which is optional |
|
921 |
// 0{0,7} matches any padded zeros, which are optional and go up to 8 chars |
|
922 |
||
923 |
// @ @ search for the hex values |
|
924 |
$val = preg_replace('/(&#[x|X]0{0,8}'.dechex(ord($search[$i])).';?)/i', $search[$i], $val); // with a ; |
|
925 |
// @ @ 0{0,7} matches '0' zero to seven times |
|
926 |
$val = preg_replace('/(�{0,8}'.ord($search[$i]).';?)/', $search[$i], $val); // with a ; |
|
927 |
} |
|
928 |
||
929 |
// now the only remaining whitespace attacks are \t, \n, and \r |
|
930 |
$ra1 = Array('javascript', 'vbscript', 'expression', 'applet', 'meta', 'xml', 'blink', 'link', 'script', 'embed', 'object', 'iframe', 'frame', 'frameset', 'ilayer', 'layer', 'bgsound', 'title', 'base'); |
|
931 |
$ra2 = Array('onabort', 'onactivate', 'onafterprint', 'onafterupdate', 'onbeforeactivate', 'onbeforecopy', 'onbeforecut', 'onbeforedeactivate', 'onbeforeeditfocus', 'onbeforepaste', 'onbeforeprint', 'onbeforeunload', 'onbeforeupdate', 'onblur', 'onbounce', 'oncellchange', 'onchange', 'onclick', 'oncontextmenu', 'oncontrolselect', 'oncopy', 'oncut', 'ondataavailable', 'ondatasetchanged', 'ondatasetcomplete', 'ondblclick', 'ondeactivate', 'ondrag', 'ondragend', 'ondragenter', 'ondragleave', 'ondragover', 'ondragstart', 'ondrop', 'onerror', 'onerrorupdate', 'onfilterchange', 'onfinish', 'onfocus', 'onfocusin', 'onfocusout', 'onhelp', 'onkeydown', 'onkeypress', 'onkeyup', 'onlayoutcomplete', 'onload', 'onlosecapture', 'onmousedown', 'onmouseenter', 'onmouseleave', 'onmousemove', 'onmouseout', 'onmouseover', 'onmouseup', 'onmousewheel', 'onmove', 'onmoveend', 'onmovestart', 'onpaste', 'onpropertychange', 'onreadystatechange', 'onreset', 'onresize', 'onresizeend', 'onresizestart', 'onrowenter', 'onrowexit', 'onrowsdelete', 'onrowsinserted', 'onscroll', 'onselect', 'onselectionchange', 'onselectstart', 'onstart', 'onstop', 'onsubmit', 'onunload'); |
|
932 |
$ra = array_merge($ra1, $ra2); |
|
933 |
||
934 |
$found = true; // keep replacing as long as the previous round replaced something |
|
935 |
while ($found == true) { |
|
936 |
$val_before = $val; |
|
937 |
for ($i = 0; $i < sizeof($ra); $i++) { |
|
938 |
$pattern = '/'; |
|
939 |
for ($j = 0; $j < strlen($ra[$i]); $j++) { |
|
940 |
if ($j > 0) { |
|
941 |
$pattern .= '('; |
|
942 |
$pattern .= '(&#[x|X]0{0,8}([9][a][b]);?)?'; |
|
943 |
$pattern .= '|(�{0,8}([9][10][13]);?)?'; |
|
944 |
$pattern .= ')?'; |
|
945 |
} |
|
946 |
$pattern .= $ra[$i][$j]; |
|
947 |
} |
|
948 |
$pattern .= '/i'; |
|
949 |
$replacement = substr($ra[$i], 0, 2).'<b></b>'.substr($ra[$i], 2); // add in <> to nerf the tag |
|
950 |
$val = preg_replace($pattern, $replacement, $val); // filter out the hex tags |
|
951 |
if ($val_before == $val) { |
|
952 |
// no replacements were made, so exit the loop |
|
953 |
$found = false; |
|
954 |
} |
|
955 |
} |
|
956 |
} |
|
957 |
return $val; |
|
958 |
} |
|
959 |
||
960 |
/** |
|
961 |
* Capitalizes the first letter of a string |
|
962 |
* @param $text string the text to be transformed |
|
963 |
* @return string |
|
964 |
*/ |
|
965 |
||
966 |
function capitalize_first_letter($text) |
|
967 |
{ |
|
968 |
return strtoupper(substr($text, 0, 1)) . substr($text, 1); |
|
969 |
} |
|
970 |
||
971 |
/** |
|
972 |
* Checks if a value in a bitfield is on or off |
|
973 |
* @param $bitfield int the bit-field value |
|
974 |
* @param $value int the value to switch off |
|
975 |
* @return bool |
|
976 |
*/ |
|
977 |
||
978 |
function is_bit($bitfield, $value) |
|
979 |
{ |
|
980 |
return ( $bitfield & $value ) ? true : false; |
|
981 |
} |
|
982 |
||
983 |
/** |
|
984 |
* Trims spaces/newlines from the beginning and end of a string |
|
985 |
* @param $text the text to process |
|
986 |
* @return string |
|
987 |
*/ |
|
988 |
||
989 |
function trim_spaces($text) |
|
990 |
{ |
|
991 |
$d = true; |
|
992 |
while($d) |
|
993 |
{ |
|
994 |
$c = substr($text, 0, 1); |
|
995 |
$a = substr($text, strlen($text)-1, strlen($text)); |
|
996 |
if($c == "\n" || $c == "\r" || $c == "\t" || $c == ' ') $text = substr($text, 1, strlen($text)); |
|
997 |
elseif($a == "\n" || $a == "\r" || $a == "\t" || $a == ' ') $text = substr($text, 0, strlen($text)-1); |
|
998 |
else $d = false; |
|
999 |
} |
|
1000 |
return $text; |
|
1001 |
} |
|
1002 |
||
1003 |
/** |
|
1004 |
* Enano-ese equivalent of str_split() which is only found in PHP5 |
|
1005 |
* @param $text string the text to split |
|
1006 |
* @param $inc int size of each block |
|
1007 |
* @return array |
|
1008 |
*/ |
|
1009 |
||
1010 |
function enano_str_split($text, $inc = 1) |
|
1011 |
{ |
|
14
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1012 |
if($inc < 1) |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1013 |
{ |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1014 |
return false; |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1015 |
} |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1016 |
if($inc >= strlen($text)) |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1017 |
{ |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1018 |
return Array($text); |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1019 |
} |
1 | 1020 |
$len = ceil(strlen($text) / $inc); |
1021 |
$ret = Array(); |
|
14
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1022 |
for ( $i = 0; $i < strlen($text); $i = $i + $inc ) |
1 | 1023 |
{ |
1024 |
$ret[] = substr($text, $i, $inc); |
|
1025 |
} |
|
1026 |
return $ret; |
|
1027 |
} |
|
1028 |
||
1029 |
/** |
|
1030 |
* Converts a hexadecimal number to a binary string. |
|
1031 |
* @param text string hexadecimal number |
|
1032 |
* @return string |
|
1033 |
*/ |
|
1034 |
function hex2bin($text) |
|
1035 |
{ |
|
1036 |
$arr = enano_str_split($text, 2); |
|
1037 |
$ret = ''; |
|
1038 |
for ($i=0; $i<sizeof($arr); $i++) |
|
1039 |
{ |
|
1040 |
$ret .= chr(hexdec($arr[$i])); |
|
1041 |
} |
|
1042 |
return $ret; |
|
1043 |
} |
|
1044 |
||
1045 |
/** |
|
1046 |
* Generates and/or prints a human-readable backtrace |
|
1047 |
* @param bool $return - if true, this function returns a string, otherwise returns null |
|
1048 |
* @return mixed |
|
1049 |
*/ |
|
1050 |
||
1051 |
function enano_debug_print_backtrace($return = false) |
|
1052 |
{ |
|
1053 |
ob_start(); |
|
1054 |
echo '<pre>'; |
|
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
16
diff
changeset
|
1055 |
if ( function_exists('debug_print_backtrace') ) |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
16
diff
changeset
|
1056 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
16
diff
changeset
|
1057 |
debug_print_backtrace(); |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
16
diff
changeset
|
1058 |
} |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
16
diff
changeset
|
1059 |
else |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
16
diff
changeset
|
1060 |
{ |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
16
diff
changeset
|
1061 |
echo '<b>Warning:</b> No debug_print_backtrace() support!'; |
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
parents:
16
diff
changeset
|
1062 |
} |
1 | 1063 |
echo '</pre>'; |
1064 |
$c = ob_get_contents(); |
|
1065 |
ob_end_clean(); |
|
1066 |
if($return) return $c; |
|
1067 |
else echo $c; |
|
1068 |
return null; |
|
1069 |
} |
|
1070 |
||
1071 |
/** |
|
1072 |
* Like rawurlencode(), but encodes all characters |
|
1073 |
* @param string $text the text to encode |
|
1074 |
* @param optional string $prefix text before each hex character |
|
1075 |
* @param optional string $suffix text after each hex character |
|
1076 |
* @return string |
|
1077 |
*/ |
|
1078 |
||
1079 |
function hexencode($text, $prefix = '%', $suffix = '') |
|
1080 |
{ |
|
1081 |
$arr = enano_str_split($text); |
|
1082 |
$r = ''; |
|
1083 |
foreach($arr as $a) |
|
1084 |
{ |
|
1085 |
$nibble = (string)dechex(ord($a)); |
|
1086 |
if(strlen($nibble) == 1) $nibble = '0' . $nibble; |
|
1087 |
$r .= $prefix . $nibble . $suffix; |
|
1088 |
} |
|
1089 |
return $r; |
|
1090 |
} |
|
1091 |
||
1092 |
/** |
|
1093 |
* Enano-ese equivalent of get_magic_quotes_gpc() |
|
1094 |
* @return bool |
|
1095 |
*/ |
|
1096 |
||
1097 |
function enano_get_magic_quotes_gpc() |
|
1098 |
{ |
|
1099 |
if(function_exists('get_magic_quotes_gpc')) |
|
1100 |
{ |
|
1101 |
return ( get_magic_quotes_gpc() == 1 ); |
|
1102 |
} |
|
1103 |
else |
|
1104 |
{ |
|
1105 |
return ( strtolower(@ini_get('magic_quotes_gpc')) == '1' ); |
|
1106 |
} |
|
1107 |
} |
|
1108 |
||
1109 |
/** |
|
1110 |
* Recursive stripslashes() |
|
1111 |
* @param array |
|
1112 |
* @return array |
|
1113 |
*/ |
|
1114 |
||
1115 |
function stripslashes_recurse($arr) |
|
1116 |
{ |
|
1117 |
foreach($arr as $k => $xxxx) |
|
1118 |
{ |
|
1119 |
$val =& $arr[$k]; |
|
1120 |
if(is_string($val)) |
|
1121 |
$val = stripslashes($val); |
|
1122 |
elseif(is_array($val)) |
|
1123 |
$val = stripslashes_recurse($val); |
|
1124 |
} |
|
1125 |
return $arr; |
|
1126 |
} |
|
1127 |
||
1128 |
/** |
|
14
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1129 |
* Recursive function to remove all NUL bytes from a string |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1130 |
* @param array |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1131 |
* @return array |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1132 |
*/ |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1133 |
|
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1134 |
function strip_nul_chars($arr) |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1135 |
{ |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1136 |
foreach($arr as $k => $xxxx_unused) |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1137 |
{ |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1138 |
$val =& $arr[$k]; |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1139 |
if(is_string($val)) |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1140 |
$val = str_replace("\000", '', $val); |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1141 |
elseif(is_array($val)) |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1142 |
$val = strip_nul_chars($val); |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1143 |
} |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1144 |
return $arr; |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1145 |
} |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1146 |
|
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1147 |
/** |
1 | 1148 |
* If magic_quotes_gpc is on, calls stripslashes() on everything in $_GET/$_POST/$_COOKIE |
14
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1149 |
* @ignore - this doesn't work too well in my tests |
1 | 1150 |
* @todo port version from the PHP manual |
1151 |
* @return void |
|
1152 |
*/ |
|
1153 |
function strip_magic_quotes_gpc() |
|
1154 |
{ |
|
1155 |
if(enano_get_magic_quotes_gpc()) |
|
1156 |
{ |
|
1157 |
$_POST = stripslashes_recurse($_POST); |
|
1158 |
$_GET = stripslashes_recurse($_GET); |
|
1159 |
$_COOKIE = stripslashes_recurse($_COOKIE); |
|
1160 |
} |
|
14
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1161 |
$_POST = strip_nul_chars($_POST); |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1162 |
$_GET = strip_nul_chars($_GET); |
ce6053bb48d8
Security: NUL characters are now stripped from GPC; several code readability standards changes
Dan
parents:
1
diff
changeset
|
1163 |
$_COOKIE = strip_nul_chars($_COOKIE); |
1 | 1164 |
} |
1165 |
||
1166 |
/** |
|
1167 |
* A very basic single-character compression algorithm for binary strings/bitfields |
|
1168 |
* @param string $bits the text to compress |
|
1169 |
* @return string |
|
1170 |
*/ |
|
1171 |
||
1172 |
function compress_bitfield($bits) |
|
1173 |
{ |
|
1174 |
$crc32 = crc32($bits); |
|
1175 |
$bits .= '0'; |
|
1176 |
$start_pos = 0; |
|
1177 |
$current = substr($bits, 1, 1); |
|
1178 |
$last = substr($bits, 0, 1); |
|
1179 |
$chunk_size = 1; |
|
1180 |
$len = strlen($bits); |
|
1181 |
$crc = $len; |
|
1182 |
$crcval = 0; |
|
1183 |
for ( $i = 1; $i < $len; $i++ ) |
|
1184 |
{ |
|
1185 |
$current = substr($bits, $i, 1); |
|
1186 |
$last = substr($bits, $i - 1, 1); |
|
1187 |
$next = substr($bits, $i + 1, 1); |
|
1188 |
// Are we on the last character? |
|
1189 |
if($current == $last && $i+1 < $len) |
|
1190 |
$chunk_size++; |
|
1191 |
else |
|
1192 |
{ |
|
1193 |
if($i+1 == $len && $current == $next) |
|
1194 |
{ |
|
1195 |
// This character completes a chunk |
|
1196 |
$chunk_size++; |
|
1197 |
$i++; |
|
1198 |
$chunk = substr($bits, $start_pos, $chunk_size); |
|
1199 |
$chunklen = strlen($chunk); |
|
1200 |
$newchunk = $last . '[' . $chunklen . ']'; |
|
1201 |
$newlen = strlen($newchunk); |
|
1202 |
$bits = substr($bits, 0, $start_pos) . $newchunk . substr($bits, $i, $len); |
|
1203 |
$chunk_size = 1; |
|
1204 |
$i = $start_pos + $newlen; |
|
1205 |
$start_pos = $i; |
|
1206 |
$len = strlen($bits); |
|
1207 |
$crcval = $crcval + $chunklen; |
|
1208 |
} |
|
1209 |
else |
|
1210 |
{ |
|
1211 |
// Last character completed a chunk |
|
1212 |
$chunk = substr($bits, $start_pos, $chunk_size); |
|
1213 |
$chunklen = strlen($chunk); |
|
1214 |
$newchunk = $last . '[' . $chunklen . '],'; |
|
1215 |
$newlen = strlen($newchunk); |
|
1216 |
$bits = substr($bits, 0, $start_pos) . $newchunk . substr($bits, $i, $len); |
|
1217 |
$chunk_size = 1; |
|
1218 |
$i = $start_pos + $newlen; |
|
1219 |
$start_pos = $i; |
|
1220 |
$len = strlen($bits); |
|
1221 |
$crcval = $crcval + $chunklen; |
|
1222 |
} |
|
1223 |
} |
|
1224 |
} |
|
1225 |
if($crc != $crcval) |
|
1226 |
{ |
|
1227 |
echo __FUNCTION__.'(): ERROR: length check failed, this is a bug in the algorithm<br />Debug info: aiming for a CRC val of '.$crc.', got '.$crcval; |
|
1228 |
return false; |
|
1229 |
} |
|
1230 |
$compressed = 'cbf:len='.$crc.';crc='.dechex($crc32).';data='.$bits.'|end'; |
|
1231 |
return $compressed; |
|
1232 |
} |
|
1233 |
||
1234 |
/** |
|
1235 |
* Uncompresses a bitfield compressed with compress_bitfield() |
|
1236 |
* @param string $bits the compressed bitfield |
|
1237 |
* @return string the uncompressed, original (we hope) bitfield OR bool false on error |
|
1238 |
*/ |
|
1239 |
||
1240 |
function uncompress_bitfield($bits) |
|
1241 |
{ |
|
1242 |
if(substr($bits, 0, 4) != 'cbf:') |
|
1243 |
{ |
|
1244 |
echo __FUNCTION__.'(): ERROR: Invalid stream'; |
|
1245 |
return false; |
|
1246 |
} |
|
1247 |
$len = intval(substr($bits, strpos($bits, 'len=')+4, strpos($bits, ';')-strpos($bits, 'len=')-4)); |
|
1248 |
$crc = substr($bits, strpos($bits, 'crc=')+4, 8); |
|
1249 |
$data = substr($bits, strpos($bits, 'data=')+5, strpos($bits, '|end')-strpos($bits, 'data=')-5); |
|
1250 |
$data = explode(',', $data); |
|
1251 |
foreach($data as $a => $b) |
|
1252 |
{ |
|
1253 |
$d =& $data[$a]; |
|
1254 |
$char = substr($d, 0, 1); |
|
1255 |
$dlen = intval(substr($d, 2, strlen($d)-1)); |
|
1256 |
$s = ''; |
|
1257 |
for($i=0;$i<$dlen;$i++,$s.=$char); |
|
1258 |
$d = $s; |
|
1259 |
unset($s, $dlen, $char); |
|
1260 |
} |
|
1261 |
$decompressed = implode('', $data); |
|
1262 |
$decompressed = substr($decompressed, 0, -1); |
|
1263 |
$dcrc = (string)dechex(crc32($decompressed)); |
|
1264 |
if($dcrc != $crc) |
|
1265 |
{ |
|
1266 |
echo __FUNCTION__.'(): ERROR: CRC check failed<br />debug info:<br />original crc: '.$crc.'<br />decomp\'ed crc: '.$dcrc.'<br />'; |
|
1267 |
return false; |
|
1268 |
} |
|
1269 |
return $decompressed; |
|
1270 |
} |
|
1271 |
||
1272 |
/** |
|
1273 |
* Exports a MySQL table into a SQL string. |
|
1274 |
* @param string $table The name of the table to export |
|
1275 |
* @param bool $structure If true, include a CREATE TABLE command |
|
1276 |
* @param bool $data If true, include the contents of the table |
|
1277 |
* @param bool $compact If true, omits newlines between parts of SQL statements, use in Enano database exporter |
|
1278 |
* @return string |
|
1279 |
*/ |
|
1280 |
||
1281 |
function export_table($table, $structure = true, $data = true, $compact = false) |
|
1282 |
{ |
|
1283 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1284 |
$struct_keys = ''; |
|
1285 |
$divider = (!$compact) ? "\n" : "\n"; |
|
1286 |
$spacer1 = (!$compact) ? "\n" : " "; |
|
1287 |
$spacer2 = (!$compact) ? " " : " "; |
|
1288 |
$rowspacer = (!$compact) ? "\n " : " "; |
|
1289 |
$index_list = Array(); |
|
1290 |
$cols = $db->sql_query('SHOW COLUMNS IN '.$table.';'); |
|
1291 |
if(!$cols) |
|
1292 |
{ |
|
1293 |
echo 'export_table(): Error getting column list: '.$db->get_error_text().'<br />'; |
|
1294 |
return false; |
|
1295 |
} |
|
1296 |
$col = Array(); |
|
1297 |
$sqlcol = Array(); |
|
1298 |
$collist = Array(); |
|
1299 |
$pri_keys = Array(); |
|
1300 |
// Using fetchrow_num() here to compensate for MySQL l10n |
|
1301 |
while( $row = $db->fetchrow_num() ) |
|
1302 |
{ |
|
1303 |
$field =& $row[0]; |
|
1304 |
$type =& $row[1]; |
|
1305 |
$null =& $row[2]; |
|
1306 |
$key =& $row[3]; |
|
1307 |
$def =& $row[4]; |
|
1308 |
$extra =& $row[5]; |
|
1309 |
$col[] = Array( |
|
1310 |
'name'=>$field, |
|
1311 |
'type'=>$type, |
|
1312 |
'null'=>$null, |
|
1313 |
'key'=>$key, |
|
1314 |
'default'=>$def, |
|
1315 |
'extra'=>$extra, |
|
1316 |
); |
|
1317 |
$collist[] = $field; |
|
1318 |
} |
|
1319 |
||
1320 |
if ( $structure ) |
|
1321 |
{ |
|
1322 |
$db->sql_query('SET SQL_QUOTE_SHOW_CREATE = 0;'); |
|
1323 |
$struct = $db->sql_query('SHOW CREATE TABLE '.$table.';'); |
|
1324 |
if ( !$struct ) |
|
1325 |
$db->_die(); |
|
1326 |
$row = $db->fetchrow_num(); |
|
1327 |
$db->free_result(); |
|
1328 |
$struct = $row[1]; |
|
1329 |
$struct = preg_replace("/\n\) ENGINE=(.+)$/", "\n);", $struct); |
|
1330 |
unset($row); |
|
1331 |
if ( $compact ) |
|
1332 |
{ |
|
1333 |
$struct_arr = explode("\n", $struct); |
|
1334 |
foreach ( $struct_arr as $i => $leg ) |
|
1335 |
{ |
|
1336 |
if ( $i == 0 ) |
|
1337 |
continue; |
|
1338 |
$test = trim($leg); |
|
1339 |
if ( empty($test) ) |
|
1340 |
{ |
|
1341 |
unset($struct_arr[$i]); |
|
1342 |
continue; |
|
1343 |
} |
|
1344 |
$struct_arr[$i] = preg_replace('/^([\s]*)/', ' ', $leg); |
|
1345 |
} |
|
1346 |
$struct = implode("", $struct_arr); |
|
1347 |
} |
|
1348 |
} |
|
1349 |
||
1350 |
// Structuring complete |
|
1351 |
if($data) |
|
1352 |
{ |
|
1353 |
$datq = $db->sql_query('SELECT * FROM '.$table.';'); |
|
1354 |
if(!$datq) |
|
1355 |
{ |
|
1356 |
echo 'export_table(): Error getting column list: '.$db->get_error_text().'<br />'; |
|
1357 |
return false; |
|
1358 |
} |
|
1359 |
if($db->numrows() < 1) |
|
1360 |
{ |
|
1361 |
if($structure) return $struct; |
|
1362 |
else return ''; |
|
1363 |
} |
|
1364 |
$rowdata = Array(); |
|
1365 |
$dataqs = Array(); |
|
1366 |
$insert_strings = Array(); |
|
1367 |
$z = false; |
|
1368 |
while($row = $db->fetchrow_num()) |
|
1369 |
{ |
|
1370 |
$z = false; |
|
1371 |
foreach($row as $i => $cell) |
|
1372 |
{ |
|
1373 |
$str = mysql_encode_column($cell, $col[$i]['type']); |
|
1374 |
$rowdata[] = $str; |
|
1375 |
} |
|
1376 |
$dataqs2 = implode(",$rowspacer", $dataqs) . ",$rowspacer" . '( ' . implode(', ', $rowdata) . ' )'; |
|
1377 |
$ins = 'INSERT INTO '.$table.'( '.implode(',', $collist).' ) VALUES' . $dataqs2 . ";"; |
|
1378 |
if ( strlen( $ins ) > MYSQL_MAX_PACKET_SIZE ) |
|
1379 |
{ |
|
1380 |
// We've exceeded the maximum allowed packet size for MySQL - separate this into a different query |
|
1381 |
$insert_strings[] = 'INSERT INTO '.$table.'( '.implode(',', $collist).' ) VALUES' . implode(",$rowspacer", $dataqs) . ";";; |
|
1382 |
$dataqs = Array('( ' . implode(', ', $rowdata) . ' )'); |
|
1383 |
$z = true; |
|
1384 |
} |
|
1385 |
else |
|
1386 |
{ |
|
1387 |
$dataqs[] = '( ' . implode(', ', $rowdata) . ' )'; |
|
1388 |
} |
|
1389 |
$rowdata = Array(); |
|
1390 |
} |
|
1391 |
if ( !$z ) |
|
1392 |
{ |
|
1393 |
$insert_strings[] = 'INSERT INTO '.$table.'( '.implode(',', $collist).' ) VALUES' . implode(",$rowspacer", $dataqs) . ";";; |
|
1394 |
$dataqs = Array(); |
|
1395 |
} |
|
1396 |
$datstring = implode($divider, $insert_strings); |
|
1397 |
} |
|
1398 |
if($structure && !$data) return $struct; |
|
1399 |
elseif(!$structure && $data) return $datstring; |
|
1400 |
elseif($structure && $data) return $struct . $divider . $datstring; |
|
1401 |
elseif(!$structure && !$data) return ''; |
|
1402 |
} |
|
1403 |
||
1404 |
/** |
|
1405 |
* Encodes a string value for use in an INSERT statement for given column type $type. |
|
1406 |
* @access private |
|
1407 |
*/ |
|
1408 |
||
1409 |
function mysql_encode_column($input, $type) |
|
1410 |
{ |
|
1411 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1412 |
// Decide whether to quote the string or not |
|
1413 |
if(substr($type, 0, 7) == 'varchar' || $type == 'datetime' || $type == 'text' || $type == 'tinytext' || $type == 'smalltext' || $type == 'longtext' || substr($type, 0, 4) == 'char') |
|
1414 |
{ |
|
1415 |
$str = "'" . $db->escape($input) . "'"; |
|
1416 |
} |
|
1417 |
elseif(in_array($type, Array('blob', 'longblob', 'mediumblob', 'smallblob')) || substr($type, 0, 6) == 'binary' || substr($type, 0, 9) == 'varbinary') |
|
1418 |
{ |
|
1419 |
$str = '0x' . hexencode($input, '', ''); |
|
1420 |
} |
|
1421 |
elseif(is_null($input)) |
|
1422 |
{ |
|
1423 |
$str = 'NULL'; |
|
1424 |
} |
|
1425 |
else |
|
1426 |
{ |
|
1427 |
$str = (string)$input; |
|
1428 |
} |
|
1429 |
return $str; |
|
1430 |
} |
|
1431 |
||
1432 |
/** |
|
1433 |
* Creates an associative array defining which file extensions are allowed and which ones aren't |
|
1434 |
* @return array keyname will be a file extension, value will be true or false |
|
1435 |
*/ |
|
1436 |
||
1437 |
function fetch_allowed_extensions() |
|
1438 |
{ |
|
1439 |
global $mime_types; |
|
1440 |
$bits = getConfig('allowed_mime_types'); |
|
1441 |
if(!$bits) return Array(false); |
|
1442 |
$bits = uncompress_bitfield($bits); |
|
1443 |
if(!$bits) return Array(false); |
|
1444 |
$bits = enano_str_split($bits, 1); |
|
1445 |
$ret = Array(); |
|
1446 |
$mt = array_keys($mime_types); |
|
1447 |
foreach($bits as $i => $b) |
|
1448 |
{ |
|
1449 |
$ret[$mt[$i]] = ( $b == '1' ) ? true : false; |
|
1450 |
} |
|
1451 |
return $ret; |
|
1452 |
} |
|
1453 |
||
1454 |
/** |
|
1455 |
* Generates a random key suitable for encryption |
|
1456 |
* @param int $len the length of the key |
|
1457 |
* @return string a BINARY key |
|
1458 |
*/ |
|
1459 |
||
1460 |
function randkey($len = 32) |
|
1461 |
{ |
|
1462 |
$key = ''; |
|
1463 |
for($i=0;$i<$len;$i++) |
|
1464 |
{ |
|
1465 |
$key .= chr(mt_rand(0, 255)); |
|
1466 |
} |
|
1467 |
return $key; |
|
1468 |
} |
|
1469 |
||
1470 |
/** |
|
1471 |
* Decodes a hex string. |
|
1472 |
* @param string $hex The hex code to decode |
|
1473 |
* @return string |
|
1474 |
*/ |
|
1475 |
||
1476 |
function hexdecode($hex) |
|
1477 |
{ |
|
1478 |
$hex = enano_str_split($hex, 2); |
|
1479 |
$bin_key = ''; |
|
1480 |
foreach($hex as $nibble) |
|
1481 |
{ |
|
1482 |
$byte = chr(hexdec($nibble)); |
|
1483 |
$bin_key .= $byte; |
|
1484 |
} |
|
1485 |
return $bin_key; |
|
1486 |
} |
|
1487 |
||
1488 |
/** |
|
1489 |
* Enano's own (almost) bulletproof HTML sanitizer. |
|
1490 |
* @param string $html The input HTML |
|
1491 |
* @return string cleaned HTML |
|
1492 |
*/ |
|
1493 |
||
1494 |
function sanitize_html($html, $filter_php = true) |
|
1495 |
{ |
|
1496 |
||
1497 |
$html = preg_replace('#<([a-z]+)([\s]+)([^>]+?)'.htmlalternatives('javascript:').'(.+?)>(.*?)</\\1>#is', '<\\1\\2\\3javascript:\\59>\\60</\\1>', $html); |
|
1498 |
$html = preg_replace('#<([a-z]+)([\s]+)([^>]+?)'.htmlalternatives('javascript:').'(.+?)>#is', '<\\1\\2\\3javascript:\\59>', $html); |
|
1499 |
||
1500 |
if($filter_php) |
|
1501 |
$html = str_replace( |
|
1502 |
Array('<?php', '<?', '<%', '?>', '%>'), |
|
1503 |
Array('<?php', '<?', '<%', '?>', '%>'), |
|
1504 |
$html); |
|
1505 |
||
1506 |
$tag_whitelist = array_keys ( setupAttributeWhitelist() ); |
|
1507 |
if ( !$filter_php ) |
|
1508 |
$tag_whitelist[] = '?php'; |
|
1509 |
$len = strlen($html); |
|
1510 |
$in_quote = false; |
|
1511 |
$quote_char = ''; |
|
1512 |
$tag_start = 0; |
|
1513 |
$tag_name = ''; |
|
1514 |
$in_tag = false; |
|
1515 |
$trk_name = false; |
|
1516 |
for ( $i = 0; $i < $len; $i++ ) |
|
1517 |
{ |
|
1518 |
$chr = $html{$i}; |
|
1519 |
$prev = ( $i == 0 ) ? '' : $html{ $i - 1 }; |
|
1520 |
$next = ( ( $i + 1 ) == $len ) ? '' : $html { $i + 1 }; |
|
1521 |
if ( $in_quote && $in_tag ) |
|
1522 |
{ |
|
1523 |
if ( $quote_char == $chr && $prev != '\\' ) |
|
1524 |
$in_quote = false; |
|
1525 |
} |
|
1526 |
elseif ( ( $chr == '"' || $chr == "'" ) && $prev != '\\' && $in_tag ) |
|
1527 |
{ |
|
1528 |
$in_quote = true; |
|
1529 |
$quote_char = $chr; |
|
1530 |
} |
|
1531 |
if ( $chr == '<' && !$in_tag && $next != '/' ) |
|
1532 |
{ |
|
1533 |
// start of a tag |
|
1534 |
$tag_start = $i; |
|
1535 |
$in_tag = true; |
|
1536 |
$trk_name = true; |
|
1537 |
} |
|
1538 |
elseif ( !$in_quote && $in_tag && $chr == '>' ) |
|
1539 |
{ |
|
1540 |
$full_tag = substr($html, $tag_start, ( $i - $tag_start ) + 1 ); |
|
1541 |
$l = strlen($tag_name) + 2; |
|
1542 |
$attribs_only = trim( substr($full_tag, $l, ( strlen($full_tag) - $l - 1 ) ) ); |
|
1543 |
||
1544 |
// Debugging message |
|
1545 |
// echo htmlspecialchars($full_tag) . '<br />'; |
|
1546 |
||
1547 |
if ( !in_array($tag_name, $tag_whitelist) ) |
|
1548 |
{ |
|
1549 |
// Illegal tag |
|
1550 |
//echo $tag_name . ' '; |
|
1551 |
||
1552 |
$s = ( empty($attribs_only) ) ? '' : ' '; |
|
1553 |
||
1554 |
$sanitized = '<' . $tag_name . $s . $attribs_only . '>'; |
|
1555 |
||
1556 |
$html = substr($html, 0, $tag_start) . $sanitized . substr($html, $i + 1); |
|
1557 |
$html = str_replace('</' . $tag_name . '>', '</' . $tag_name . '>', $html); |
|
1558 |
$new_i = $tag_start + strlen($sanitized); |
|
1559 |
||
1560 |
$len = strlen($html); |
|
1561 |
$i = $new_i; |
|
1562 |
||
1563 |
$in_tag = false; |
|
1564 |
$tag_name = ''; |
|
1565 |
continue; |
|
1566 |
} |
|
1567 |
else |
|
1568 |
{ |
|
1569 |
if ( $tag_name == '?php' && !$filter_php ) |
|
1570 |
continue; |
|
1571 |
$f = fixTagAttributes( $attribs_only, $tag_name ); |
|
1572 |
$s = ( empty($f) ) ? '' : ' '; |
|
1573 |
||
1574 |
$sanitized = '<' . $tag_name . $f . '>'; |
|
1575 |
$new_i = $tag_start + strlen($sanitized); |
|
1576 |
||
1577 |
$html = substr($html, 0, $tag_start) . $sanitized . substr($html, $i + 1); |
|
1578 |
$len = strlen($html); |
|
1579 |
$i = $new_i; |
|
1580 |
||
1581 |
$in_tag = false; |
|
1582 |
$tag_name = ''; |
|
1583 |
continue; |
|
1584 |
} |
|
1585 |
} |
|
1586 |
elseif ( $in_tag && $trk_name ) |
|
1587 |
{ |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
19
diff
changeset
|
1588 |
$is_alphabetical = ( strtolower($chr) != strtoupper($chr) || in_array($chr, array('0', '1', '2', '3', '4', '5', '6', '7', '8', '9')) || $chr == '?' || $chr == '!' || $chr == '-' ); |
1 | 1589 |
if ( $is_alphabetical ) |
1590 |
$tag_name .= $chr; |
|
1591 |
else |
|
1592 |
{ |
|
1593 |
$trk_name = false; |
|
1594 |
} |
|
1595 |
} |
|
1596 |
||
1597 |
} |
|
1598 |
||
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
1599 |
// Vulnerability from ha.ckers.org/xss.html: |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
1600 |
// <script src="http://foo.com/xss.js" |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
1601 |
// < |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
1602 |
// The rule is so specific because everything else will have been filtered by now |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
1603 |
$html = preg_replace('/<(script|iframe)(.+?)src=([^>]*)</i', '<\\1\\2src=\\3<', $html); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
1604 |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
19
diff
changeset
|
1605 |
// Unstrip comments |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
19
diff
changeset
|
1606 |
$html = preg_replace('/<!--([^>]*?)-->/i', '', $html); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
19
diff
changeset
|
1607 |
|
1 | 1608 |
return $html; |
1609 |
||
1610 |
} |
|
1611 |
||
1612 |
function htmlalternatives($string) |
|
1613 |
{ |
|
1614 |
$ret = ''; |
|
1615 |
for ( $i = 0; $i < strlen($string); $i++ ) |
|
1616 |
{ |
|
1617 |
$chr = $string{$i}; |
|
1618 |
$ch1 = ord($chr); |
|
1619 |
$ch2 = dechex($ch1); |
|
1620 |
$byte = '(&\\#([0]*){0,7}' . $ch1 . ';|\\\\([0]*){0,7}' . $ch1 . ';|\\\\([0]*){0,7}' . $ch2 . ';|&\\#x([0]*){0,7}' . $ch2 . ';|%([0]*){0,7}' . $ch2 . '|' . preg_quote($chr) . ')'; |
|
1621 |
$ret .= $byte; |
|
1622 |
$ret .= '([\s]){0,2}'; |
|
1623 |
} |
|
1624 |
return $ret; |
|
1625 |
} |
|
1626 |
||
1627 |
/** |
|
1628 |
* Paginates (breaks into multiple pages) a MySQL result resource, which is treated as unbuffered. |
|
1629 |
* @param resource The MySQL result resource. This should preferably be an unbuffered query. |
|
1630 |
* @param string A template, with variables being named after the column name |
|
1631 |
* @param int The number of total results. This should be determined by a second query. |
|
1632 |
* @param string sprintf-style formatting string for URLs for result pages. First parameter will be start offset. |
|
1633 |
* @param int Optional. Start offset in individual results. Defaults to 0. |
|
1634 |
* @param int Optional. The number of results per page. Defualts to 10. |
|
1635 |
* @param int Optional. An associative array of functions to call, with key names being column names, and values being function names. Values can also be an array with key 0 being either an object or a string(class name) and key 1 being a [static] method. |
|
1636 |
* @param string Optional. The text to be sent before the result list, only if there are any results. Possibly the start of a table. |
|
1637 |
* @param string Optional. The text to be sent after the result list, only if there are any results. Possibly the end of a table. |
|
1638 |
* @return string |
|
1639 |
*/ |
|
1640 |
||
1641 |
function paginate($q, $tpl_text, $num_results, $result_url, $start = 0, $perpage = 10, $callers = Array(), $header = '', $footer = '') |
|
1642 |
{ |
|
1643 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1644 |
$parser = $template->makeParserText($tpl_text); |
|
1645 |
$num_pages = ceil ( $num_results / $perpage ); |
|
1646 |
$out = ''; |
|
1647 |
$i = 0; |
|
1648 |
$this_page = ceil ( $start / $perpage ); |
|
1649 |
||
1650 |
// Build paginator |
|
1651 |
$begin = '<div class="tblholder" style="display: table; margin: 10px 0 0 auto;"> |
|
1652 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
1653 |
<tr><th>Page:</th>'; |
|
1654 |
$block = '<td class="row1" style="text-align: center;">{LINK}</td>'; |
|
1655 |
$end = '</tr></table></div>'; |
|
1656 |
$blk = $template->makeParserText($block); |
|
1657 |
$inner = ''; |
|
1658 |
$cls = 'row2'; |
|
1659 |
if ( $num_pages < 5 ) |
|
1660 |
{ |
|
1661 |
for ( $i = 0; $i < $num_pages; $i++ ) |
|
1662 |
{ |
|
1663 |
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; |
|
1664 |
$offset = strval($i * $perpage); |
|
1665 |
$url = sprintf($result_url, $offset); |
|
1666 |
$j = $i + 1; |
|
1667 |
$link = ( $offset == strval($start) ) ? "<b>$j</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>$j</a>"; |
|
1668 |
$blk->assign_vars(array( |
|
1669 |
'CLASS'=>$cls, |
|
1670 |
'LINK'=>$link |
|
1671 |
)); |
|
1672 |
$inner .= $blk->run(); |
|
1673 |
} |
|
1674 |
} |
|
1675 |
else |
|
1676 |
{ |
|
1677 |
if ( $this_page + 5 > $num_pages ) |
|
1678 |
{ |
|
1679 |
$list = Array(); |
|
1680 |
$tp = $this_page; |
|
1681 |
if ( $this_page + 0 == $num_pages ) $tp = $tp - 3; |
|
1682 |
if ( $this_page + 1 == $num_pages ) $tp = $tp - 2; |
|
1683 |
if ( $this_page + 2 == $num_pages ) $tp = $tp - 1; |
|
1684 |
for ( $i = $tp - 1; $i <= $tp + 1; $i++ ) |
|
1685 |
{ |
|
1686 |
$list[] = $i; |
|
1687 |
} |
|
1688 |
} |
|
1689 |
else |
|
1690 |
{ |
|
1691 |
$list = Array(); |
|
1692 |
$current = $this_page; |
|
1693 |
$lower = ( $current < 3 ) ? 1 : $current - 1; |
|
1694 |
for ( $i = 0; $i < 3; $i++ ) |
|
1695 |
{ |
|
1696 |
$list[] = $lower + $i; |
|
1697 |
} |
|
1698 |
} |
|
1699 |
$url = sprintf($result_url, '0'); |
|
1700 |
$link = ( 0 == $start ) ? "<b>First</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>« First</a>"; |
|
1701 |
$blk->assign_vars(array( |
|
1702 |
'CLASS'=>$cls, |
|
1703 |
'LINK'=>$link |
|
1704 |
)); |
|
1705 |
$inner .= $blk->run(); |
|
1706 |
||
1707 |
// if ( !in_array(1, $list) ) |
|
1708 |
// { |
|
1709 |
// $cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; |
|
1710 |
// $blk->assign_vars(array('CLASS'=>$cls,'LINK'=>'...')); |
|
1711 |
// $inner .= $blk->run(); |
|
1712 |
// } |
|
1713 |
||
1714 |
foreach ( $list as $i ) |
|
1715 |
{ |
|
1716 |
if ( $i == $num_pages ) |
|
1717 |
break; |
|
1718 |
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; |
|
1719 |
$offset = strval($i * $perpage); |
|
1720 |
$url = sprintf($result_url, $offset); |
|
1721 |
$j = $i + 1; |
|
1722 |
$link = ( $offset == strval($start) ) ? "<b>$j</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>$j</a>"; |
|
1723 |
$blk->assign_vars(array( |
|
1724 |
'CLASS'=>$cls, |
|
1725 |
'LINK'=>$link |
|
1726 |
)); |
|
1727 |
$inner .= $blk->run(); |
|
1728 |
} |
|
1729 |
||
1730 |
$total = $num_pages * $perpage - $perpage; |
|
1731 |
||
1732 |
if ( $this_page < $num_pages ) |
|
1733 |
{ |
|
1734 |
// $cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; |
|
1735 |
// $blk->assign_vars(array('CLASS'=>$cls,'LINK'=>'...')); |
|
1736 |
// $inner .= $blk->run(); |
|
1737 |
||
1738 |
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; |
|
1739 |
$offset = strval($total); |
|
1740 |
$url = sprintf($result_url, $offset); |
|
1741 |
$j = $i + 1; |
|
1742 |
$link = ( $offset == strval($start) ) ? "<b>Last</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>Last »</a>"; |
|
1743 |
$blk->assign_vars(array( |
|
1744 |
'CLASS'=>$cls, |
|
1745 |
'LINK'=>$link |
|
1746 |
)); |
|
1747 |
$inner .= $blk->run(); |
|
1748 |
} |
|
1749 |
||
1750 |
} |
|
1751 |
||
1752 |
$inner .= '<td class="row2" style="cursor: pointer;" onclick="paginator_goto(this, '.$this_page.', '.$num_pages.', '.$perpage.', unescape(\'' . rawurlencode($result_url) . '\'));">↓</td>'; |
|
1753 |
||
1754 |
$paginator = "\n$begin$inner$end\n"; |
|
1755 |
$out .= $paginator; |
|
1756 |
||
1757 |
$cls = 'row2'; |
|
1758 |
||
1759 |
if ( $row = $db->fetchrow($q) ) |
|
1760 |
{ |
|
1761 |
$i = 0; |
|
1762 |
$out .= $header; |
|
1763 |
do { |
|
1764 |
$i++; |
|
1765 |
if ( $i <= $start ) |
|
1766 |
{ |
|
1767 |
continue; |
|
1768 |
} |
|
1769 |
if ( ( $i - $start ) > $perpage ) |
|
1770 |
{ |
|
1771 |
break; |
|
1772 |
} |
|
1773 |
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; |
|
1774 |
foreach ( $row as $j => $val ) |
|
1775 |
{ |
|
1776 |
if ( isset($callers[$j]) ) |
|
1777 |
{ |
|
1778 |
$tmp = ( is_callable($callers[$j]) ) ? @call_user_func($callers[$j], $val, $row) : $v; |
|
1779 |
||
1780 |
if ( $tmp ) |
|
1781 |
{ |
|
1782 |
$row[$j] = $tmp; |
|
1783 |
} |
|
1784 |
} |
|
1785 |
} |
|
1786 |
$parser->assign_vars($row); |
|
1787 |
$parser->assign_vars(array('_css_class' => $cls)); |
|
1788 |
$out .= $parser->run(); |
|
1789 |
} while ( $row = $db->fetchrow($q) ); |
|
1790 |
$out .= $footer; |
|
1791 |
} |
|
1792 |
||
1793 |
$out .= $paginator; |
|
1794 |
||
1795 |
return $out; |
|
1796 |
} |
|
1797 |
||
1798 |
/** |
|
1799 |
* This is the same as paginate(), but it processes an array instead of a MySQL result resource. |
|
1800 |
* @param array The results. Each value is simply echoed. |
|
1801 |
* @param int The number of total results. This should be determined by a second query. |
|
1802 |
* @param string sprintf-style formatting string for URLs for result pages. First parameter will be start offset. |
|
1803 |
* @param int Optional. Start offset in individual results. Defaults to 0. |
|
1804 |
* @param int Optional. The number of results per page. Defualts to 10. |
|
1805 |
* @param string Optional. The text to be sent before the result list, only if there are any results. Possibly the start of a table. |
|
1806 |
* @param string Optional. The text to be sent after the result list, only if there are any results. Possibly the end of a table. |
|
1807 |
* @return string |
|
1808 |
*/ |
|
1809 |
||
1810 |
function paginate_array($q, $num_results, $result_url, $start = 0, $perpage = 10, $header = '', $footer = '') |
|
1811 |
{ |
|
1812 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
1813 |
$parser = $template->makeParserText($tpl_text); |
|
1814 |
$num_pages = ceil ( $num_results / $perpage ); |
|
1815 |
$out = ''; |
|
1816 |
$i = 0; |
|
1817 |
$this_page = ceil ( $start / $perpage ); |
|
1818 |
||
1819 |
// Build paginator |
|
1820 |
$begin = '<div class="tblholder" style="display: table; margin: 10px 0 0 auto;"> |
|
1821 |
<table border="0" cellspacing="1" cellpadding="4"> |
|
1822 |
<tr><th>Page:</th>'; |
|
1823 |
$block = '<td class="row1" style="text-align: center;">{LINK}</td>'; |
|
1824 |
$end = '</tr></table></div>'; |
|
1825 |
$blk = $template->makeParserText($block); |
|
1826 |
$inner = ''; |
|
1827 |
$cls = 'row2'; |
|
1828 |
if ( $start > 0 ) |
|
1829 |
{ |
|
1830 |
$url = sprintf($result_url, abs($start - $perpage)); |
|
1831 |
$link = "<a href=".'"'."$url".'"'." style='text-decoration: none;'>« Prev</a>"; |
|
1832 |
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; |
|
1833 |
$blk->assign_vars(array( |
|
1834 |
'CLASS'=>$cls, |
|
1835 |
'LINK'=>$link |
|
1836 |
)); |
|
1837 |
$inner .= $blk->run(); |
|
1838 |
} |
|
1839 |
if ( $num_pages < 5 ) |
|
1840 |
{ |
|
1841 |
for ( $i = 0; $i < $num_pages; $i++ ) |
|
1842 |
{ |
|
1843 |
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; |
|
1844 |
$offset = strval($i * $perpage); |
|
1845 |
$url = sprintf($result_url, $offset); |
|
1846 |
$j = $i + 1; |
|
1847 |
$link = ( $offset == strval($start) ) ? "<b>$j</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>$j</a>"; |
|
1848 |
$blk->assign_vars(array( |
|
1849 |
'CLASS'=>$cls, |
|
1850 |
'LINK'=>$link |
|
1851 |
)); |
|
1852 |
$inner .= $blk->run(); |
|
1853 |
} |
|
1854 |
} |
|
1855 |
else |
|
1856 |
{ |
|
1857 |
if ( $this_page + 5 > $num_pages ) |
|
1858 |
{ |
|
1859 |
$list = Array(); |
|
1860 |
$tp = $this_page; |
|
1861 |
if ( $this_page + 0 == $num_pages ) $tp = $tp - 3; |
|
1862 |
if ( $this_page + 1 == $num_pages ) $tp = $tp - 2; |
|
1863 |
if ( $this_page + 2 == $num_pages ) $tp = $tp - 1; |
|
1864 |
for ( $i = $tp - 1; $i <= $tp + 1; $i++ ) |
|
1865 |
{ |
|
1866 |
$list[] = $i; |
|
1867 |
} |
|
1868 |
} |
|
1869 |
else |
|
1870 |
{ |
|
1871 |
$list = Array(); |
|
1872 |
$current = $this_page; |
|
1873 |
$lower = ( $current < 3 ) ? 1 : $current - 1; |
|
1874 |
for ( $i = 0; $i < 3; $i++ ) |
|
1875 |
{ |
|
1876 |
$list[] = $lower + $i; |
|
1877 |
} |
|
1878 |
} |
|
1879 |
$url = sprintf($result_url, '0'); |
|
1880 |
$link = ( 0 == $start ) ? "<b>First</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>« First</a>"; |
|
1881 |
$blk->assign_vars(array( |
|
1882 |
'CLASS'=>$cls, |
|
1883 |
'LINK'=>$link |
|
1884 |
)); |
|
1885 |
$inner .= $blk->run(); |
|
1886 |
||
1887 |
// if ( !in_array(1, $list) ) |
|
1888 |
// { |
|
1889 |
// $cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; |
|
1890 |
// $blk->assign_vars(array('CLASS'=>$cls,'LINK'=>'...')); |
|
1891 |
// $inner .= $blk->run(); |
|
1892 |
// } |
|
1893 |
||
1894 |
foreach ( $list as $i ) |
|
1895 |
{ |
|
1896 |
if ( $i == $num_pages ) |
|
1897 |
break; |
|
1898 |
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; |
|
1899 |
$offset = strval($i * $perpage); |
|
1900 |
$url = sprintf($result_url, $offset); |
|
1901 |
$j = $i + 1; |
|
1902 |
$link = ( $offset == strval($start) ) ? "<b>$j</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>$j</a>"; |
|
1903 |
$blk->assign_vars(array( |
|
1904 |
'CLASS'=>$cls, |
|
1905 |
'LINK'=>$link |
|
1906 |
)); |
|
1907 |
$inner .= $blk->run(); |
|
1908 |
} |
|
1909 |
||
1910 |
$total = $num_pages * $perpage - $perpage; |
|
1911 |
||
1912 |
if ( $this_page < $num_pages ) |
|
1913 |
{ |
|
1914 |
// $cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; |
|
1915 |
// $blk->assign_vars(array('CLASS'=>$cls,'LINK'=>'...')); |
|
1916 |
// $inner .= $blk->run(); |
|
1917 |
||
1918 |
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; |
|
1919 |
$offset = strval($total); |
|
1920 |
$url = sprintf($result_url, $offset); |
|
1921 |
$j = $i + 1; |
|
1922 |
$link = ( $offset == strval($start) ) ? "<b>Last</b>" : "<a href=".'"'."$url".'"'." style='text-decoration: none;'>Last »</a>"; |
|
1923 |
$blk->assign_vars(array( |
|
1924 |
'CLASS'=>$cls, |
|
1925 |
'LINK'=>$link |
|
1926 |
)); |
|
1927 |
$inner .= $blk->run(); |
|
1928 |
} |
|
1929 |
||
1930 |
} |
|
1931 |
||
1932 |
if ( $start < $total ) |
|
1933 |
{ |
|
1934 |
$url = sprintf($result_url, abs($start + $perpage)); |
|
1935 |
$link = "<a href=".'"'."$url".'"'." style='text-decoration: none;'>Next »</a>"; |
|
1936 |
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1'; |
|
1937 |
$blk->assign_vars(array( |
|
1938 |
'CLASS'=>$cls, |
|
1939 |
'LINK'=>$link |
|
1940 |
)); |
|
1941 |
$inner .= $blk->run(); |
|
1942 |
} |
|
1943 |
||
1944 |
$inner .= '<td class="row2" style="cursor: pointer;" onclick="paginator_goto(this, '.$this_page.', '.$num_pages.', '.$perpage.', unescape(\'' . rawurlencode($result_url) . '\'));">↓</td>'; |
|
1945 |
||
1946 |
$paginator = "\n$begin$inner$end\n"; |
|
1947 |
if ( $total > 1 ) |
|
1948 |
$out .= $paginator; |
|
1949 |
||
1950 |
$cls = 'row2'; |
|
1951 |
||
1952 |
if ( sizeof($q) > 0 ) |
|
1953 |
{ |
|
1954 |
$i = 0; |
|
1955 |
$out .= $header; |
|
1956 |
foreach ( $q as $val ) { |
|
1957 |
$i++; |
|
1958 |
if ( $i <= $start ) |
|
1959 |
{ |
|
1960 |
continue; |
|
1961 |
} |
|
1962 |
if ( ( $i - $start ) > $perpage ) |
|
1963 |
{ |
|
1964 |
break; |
|
1965 |
} |
|
1966 |
$out .= $val; |
|
1967 |
} |
|
1968 |
$out .= $footer; |
|
1969 |
} |
|
1970 |
||
1971 |
if ( $total > 1 ) |
|
1972 |
$out .= $paginator; |
|
1973 |
||
1974 |
return $out; |
|
1975 |
} |
|
1976 |
||
1977 |
/** |
|
1978 |
* Enano version of fputs for debugging |
|
1979 |
*/ |
|
1980 |
||
1981 |
function enano_fputs($socket, $data) |
|
1982 |
{ |
|
1983 |
// echo '<pre>' . htmlspecialchars($data) . '</pre>'; |
|
1984 |
// flush(); |
|
1985 |
// ob_flush(); |
|
1986 |
// ob_end_flush(); |
|
1987 |
return fputs($socket, $data); |
|
1988 |
} |
|
1989 |
||
1990 |
/** |
|
1991 |
* Sanitizes a page URL string so that it can safely be stored in the database. |
|
1992 |
* @param string Page ID to sanitize |
|
1993 |
* @return string Cleaned text |
|
1994 |
*/ |
|
1995 |
||
1996 |
function sanitize_page_id($page_id) |
|
1997 |
{ |
|
1998 |
||
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
1999 |
// Remove character escapes |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2000 |
$page_id = dirtify_page_id($page_id); |
1 | 2001 |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
19
diff
changeset
|
2002 |
$pid_clean = preg_replace('/[\w\.\/:;\(\)@\[\]_-]/', 'X', $page_id); |
1 | 2003 |
$pid_dirty = enano_str_split($pid_clean, 1); |
2004 |
||
2005 |
foreach ( $pid_dirty as $id => $char ) |
|
2006 |
{ |
|
2007 |
if ( $char == 'X' ) |
|
2008 |
continue; |
|
2009 |
$cid = ord($char); |
|
2010 |
$cid = dechex($cid); |
|
2011 |
$cid = strval($cid); |
|
2012 |
if ( strlen($cid) < 2 ) |
|
2013 |
{ |
|
2014 |
$cid = strtoupper("0$cid"); |
|
2015 |
} |
|
2016 |
$pid_dirty[$id] = ".$cid"; |
|
2017 |
} |
|
2018 |
||
2019 |
$pid_chars = enano_str_split($page_id, 1); |
|
2020 |
$page_id_cleaned = ''; |
|
2021 |
||
2022 |
foreach ( $pid_chars as $id => $char ) |
|
2023 |
{ |
|
2024 |
if ( $pid_dirty[$id] == 'X' ) |
|
2025 |
$page_id_cleaned .= $char; |
|
2026 |
else |
|
2027 |
$page_id_cleaned .= $pid_dirty[$id]; |
|
2028 |
} |
|
2029 |
||
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
19
diff
changeset
|
2030 |
// global $mime_types; |
1 | 2031 |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
19
diff
changeset
|
2032 |
// $exts = array_keys($mime_types); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
19
diff
changeset
|
2033 |
// $exts = '(' . implode('|', $exts) . ')'; |
1 | 2034 |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
19
diff
changeset
|
2035 |
// $page_id_cleaned = preg_replace('/\.2e' . $exts . '$/', '.\\1', $page_id_cleaned); |
1 | 2036 |
|
2037 |
return $page_id_cleaned; |
|
2038 |
} |
|
2039 |
||
2040 |
/** |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2041 |
* Removes character escapes in a page ID string |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2042 |
* @param string Page ID string to dirty up |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2043 |
* @return string |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2044 |
*/ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2045 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2046 |
function dirtify_page_id($page_id) |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2047 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2048 |
// First, replace spaces with underscores |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2049 |
$page_id = str_replace(' ', '_', $page_id); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2050 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2051 |
preg_match_all('/\.[A-Fa-f0-9][A-Fa-f0-9]/', $page_id, $matches); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2052 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2053 |
foreach ( $matches[0] as $id => $char ) |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2054 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2055 |
$char = substr($char, 1); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2056 |
$char = strtolower($char); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2057 |
$char = intval(hexdec($char)); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2058 |
$char = chr($char); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2059 |
$page_id = str_replace($matches[0][$id], $char, $page_id); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2060 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2061 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2062 |
return $page_id; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2063 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2064 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
14
diff
changeset
|
2065 |
/** |
1 | 2066 |
* Inserts commas into a number to make it more human-readable. Floating point-safe. |
2067 |
* @param int The number to process |
|
2068 |
* @return string Input number with commas added |
|
2069 |
*/ |
|
2070 |
||
2071 |
function commatize($num) |
|
2072 |
{ |
|
2073 |
$num = (string)$num; |
|
2074 |
if ( strpos($num, '.') ) |
|
2075 |
{ |
|
2076 |
$whole = explode('.', $num); |
|
2077 |
$num = $whole[0]; |
|
2078 |
$dec = $whole[1]; |
|
2079 |
} |
|
2080 |
else |
|
2081 |
{ |
|
2082 |
$whole = $num; |
|
2083 |
} |
|
2084 |
$offset = ( strlen($num) ) % 3; |
|
2085 |
$len = strlen($num); |
|
2086 |
$offset = ( $offset == 0 ) |
|
2087 |
? 3 |
|
2088 |
: $offset; |
|
2089 |
for ( $i = $offset; $i < $len; $i=$i+3 ) |
|
2090 |
{ |
|
2091 |
$num = substr($num, 0, $i) . ',' . substr($num, $i, $len); |
|
2092 |
$len = strlen($num); |
|
2093 |
$i++; |
|
2094 |
} |
|
2095 |
if ( isset($dec) ) |
|
2096 |
{ |
|
2097 |
return $num . '.' . $dec; |
|
2098 |
} |
|
2099 |
else |
|
2100 |
{ |
|
2101 |
return $num; |
|
2102 |
} |
|
2103 |
} |
|
2104 |
||
2105 |
//die('<pre>Original: 01010101010100101010100101010101011010'."\nProcessed: ".uncompress_bitfield(compress_bitfield('01010101010100101010100101010101011010')).'</pre>'); |
|
2106 |
||
2107 |
?> |