author | Dan |
Sun, 01 Jul 2007 14:51:33 -0400 (2007-07-01) | |
changeset 35 | efae425e9b98 |
parent 33 | 143d3ee32f3c |
child 41 | 7c7920b65f42 |
permissions | -rw-r--r-- |
0 | 1 |
<?php |
2 |
/** |
|
3 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
4 |
* @Version 1.0 (Banshee) |
0 | 5 |
* Copyright (C) 2006-2007 Dan Fuhry |
6 |
* |
|
7 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
8 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
9 |
* |
|
10 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
11 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
12 |
* |
|
13 |
*/ |
|
14 |
||
15 |
// Set up gzip encoding before any output is sent |
|
16 |
||
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
8
diff
changeset
|
17 |
$aggressive_optimize_html = false; |
0 | 18 |
|
19 |
global $do_gzip; |
|
20 |
$do_gzip = false; |
|
21 |
||
22 |
if(isset($_SERVER['PATH_INFO'])) $v = $_SERVER['PATH_INFO']; |
|
23 |
elseif(isset($_GET['title'])) $v = $_GET['title']; |
|
24 |
else $v = ''; |
|
25 |
||
26 |
error_reporting(E_ALL); |
|
27 |
||
28 |
// if(!strstr($v, 'CSS') && !strstr($v, 'UploadFile') && !strstr($v, 'DownloadFile')) // These pages are blacklisted because we can't have debugConsole's HTML output disrupting the flow of header() calls and whatnot |
|
29 |
// { |
|
30 |
// $do_gzip = ( function_exists('gzcompress') && ( isset($_SERVER['HTTP_ACCEPT_ENCODING']) && strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') ) ) ? true : false; |
|
31 |
// // Uncomment the following line to enable debugConsole (requires PHP 5 or later) |
|
32 |
// // define('ENANO_DEBUG', ''); |
|
33 |
// } |
|
34 |
||
35 |
if(defined('ENANO_DEBUG')) $do_gzip = false; |
|
36 |
||
37 |
if($aggressive_optimize_html || $do_gzip) |
|
38 |
{ |
|
39 |
ob_start(); |
|
40 |
} |
|
41 |
||
42 |
require('includes/common.php'); |
|
43 |
||
44 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
45 |
||
46 |
if(!isset($_GET['do'])) $_GET['do'] = 'view'; |
|
47 |
switch($_GET['do']) |
|
48 |
{ |
|
49 |
default: |
|
50 |
die_friendly('Invalid action', '<p>The action "'.$_GET['do'].'" is not defined. Return to <a href="'.makeUrl($paths->page).'">viewing this page\'s text</a>.</p>'); |
|
51 |
break; |
|
52 |
case 'view': |
|
53 |
// echo PageUtils::getpage($paths->page, true, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false )); |
|
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
54 |
$rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 ); |
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
parents:
16
diff
changeset
|
55 |
$page = new PageProcessor( $paths->cpage['urlname_nons'], $paths->namespace, $rev_id ); |
0 | 56 |
$page->send_headers = true; |
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
28
diff
changeset
|
57 |
$pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : ''; |
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
28
diff
changeset
|
58 |
$page->password = $pagepass; |
0 | 59 |
$page->send(); |
60 |
break; |
|
61 |
case 'comments': |
|
62 |
$template->header(); |
|
63 |
$sub = ( isset ($_GET['sub']) ) ? $_GET['sub'] : false; |
|
64 |
switch($sub) |
|
65 |
{ |
|
66 |
case 'admin': |
|
67 |
default: |
|
68 |
$act = ( isset ($_GET['action']) ) ? $_GET['action'] : false; |
|
69 |
$id = ( isset ($_GET['id']) ) ? intval($_GET['id']) : -1; |
|
70 |
echo PageUtils::comments_html($paths->cpage['urlname_nons'], $paths->namespace, $act, Array('id'=>$id)); |
|
71 |
break; |
|
72 |
case 'postcomment': |
|
73 |
if(empty($_POST['name']) || |
|
74 |
empty($_POST['subj']) || |
|
75 |
empty($_POST['text']) |
|
76 |
) { echo 'Invalid request'; break; } |
|
77 |
$cid = ( isset($_POST['captcha_id']) ) ? $_POST['captcha_id'] : false; |
|
78 |
$cin = ( isset($_POST['captcha_input']) ) ? $_POST['captcha_input'] : false; |
|
79 |
PageUtils::addcomment($paths->cpage['urlname_nons'], $paths->namespace, $_POST['name'], $_POST['subj'], $_POST['text'], $cin, $cid); // All filtering, etc. is handled inside this method |
|
80 |
echo PageUtils::comments_html($paths->cpage['urlname_nons'], $paths->namespace); |
|
81 |
break; |
|
82 |
case 'editcomment': |
|
83 |
if(!isset($_GET['id']) || ( isset($_GET['id']) && !preg_match('#^([0-9]+)$#', $_GET['id']) )) { echo '<p>Invalid comment ID</p>'; break; } |
|
84 |
$q = $db->sql_query('SELECT subject,comment_data,comment_id FROM '.table_prefix.'comments WHERE comment_id='.$_GET['id']); |
|
85 |
if(!$q) $db->_die('The comment data could not be selected.'); |
|
86 |
$row = $db->fetchrow(); |
|
87 |
$db->free_result(); |
|
88 |
echo '<form action="'.makeUrl($paths->page, 'do=comments&sub=savecomment').'" method="post">'; |
|
89 |
echo "<br /><div class='tblholder'><table border='0' width='100%' cellspacing='1' cellpadding='4'> |
|
90 |
<tr><td class='row1'>Subject:</td><td class='row1'><input type='text' name='subj' value='{$row['subject']}' /></td></tr> |
|
91 |
<tr><td class='row2'>Comment:</td><td class='row2'><textarea rows='10' cols='40' style='width: 98%;' name='text'>{$row['comment_data']}</textarea></td></tr> |
|
92 |
<tr><td class='row1' colspan='2' class='row1' style='text-align: center;'><input type='hidden' name='id' value='{$row['comment_id']}' /><input type='submit' value='Save Changes' /></td></tr> |
|
93 |
</table></div>"; |
|
94 |
echo '</form>'; |
|
95 |
break; |
|
96 |
case 'savecomment': |
|
97 |
if(empty($_POST['subj']) || empty($_POST['text'])) { echo '<p>Invalid request</p>'; break; } |
|
98 |
$r = PageUtils::savecomment_neater($paths->cpage['urlname_nons'], $paths->namespace, $_POST['subj'], $_POST['text'], (int)$_POST['id']); |
|
99 |
if($r != 'good') { echo "<pre>$r</pre>"; break; } |
|
100 |
echo PageUtils::comments_html($paths->cpage['urlname_nons'], $paths->namespace); |
|
101 |
break; |
|
102 |
case 'deletecomment': |
|
103 |
if(!empty($_GET['id'])) |
|
104 |
{ |
|
105 |
PageUtils::deletecomment_neater($paths->cpage['urlname_nons'], $paths->namespace, (int)$_GET['id']); |
|
106 |
} |
|
107 |
echo PageUtils::comments_html($paths->cpage['urlname_nons'], $paths->namespace); |
|
108 |
break; |
|
109 |
} |
|
110 |
$template->footer(); |
|
111 |
break; |
|
112 |
case 'edit': |
|
113 |
if(isset($_POST['_cancel'])) { header('Location: '.makeUrl($paths->page)); echo '<html><head><title>Redirecting...</title></head><body>If you haven\'t been redirected yet, <a href="'.makeUrl($paths->page).'">click here</a>.'; break; } |
|
114 |
if(isset($_POST['_save'])) { |
|
115 |
$e = PageUtils::savepage($paths->cpage['urlname_nons'], $paths->namespace, $_POST['page_text'], $_POST['edit_summary'], isset($_POST['minor'])); |
|
116 |
header('Location: '.makeUrl($paths->page)); echo '<html><head><title>Redirecting...</title></head><body>If you haven\'t been redirected yet, <a href="'.makeUrl($paths->page).'">click here</a>.'; break; |
|
117 |
} |
|
118 |
$template->header(); |
|
119 |
if(isset($_POST['_preview'])) |
|
120 |
{ |
|
121 |
$text = $_POST['page_text']; |
|
122 |
echo PageUtils::genPreview($_POST['page_text']); |
|
123 |
} |
|
124 |
else $text = RenderMan::getPage($paths->cpage['urlname_nons'], $paths->namespace, 0, false, false, false, false); |
|
125 |
echo ' |
|
126 |
<form action="'.makeUrl($paths->page, 'do=edit').'" method="post" enctype="multipart/form-data"> |
|
127 |
<br /> |
|
128 |
<textarea name="page_text" rows="20" cols="60" style="width: 97%;">'.$text.'</textarea><br /> |
|
129 |
<br /> |
|
130 |
'; |
|
131 |
if($paths->wiki_mode) |
|
132 |
echo 'Edit summary: <input name="edit_summary" type="text" size="40" /><br /><label><input type="checkbox" name="minor" /> This is a minor edit</label><br />'; |
|
133 |
echo '<br /> |
|
134 |
<input type="submit" name="_save" value="Save changes" style="font-weight: bold;" /> |
|
135 |
<input type="submit" name="_preview" value="Preview changes" /> |
|
136 |
<input type="submit" name="_revert" value="Revert changes" /> |
|
137 |
<input type="submit" name="_cancel" value="Cancel" /> |
|
138 |
</form> |
|
139 |
'; |
|
140 |
$template->footer(); |
|
141 |
break; |
|
142 |
case 'viewsource': |
|
143 |
$template->header(); |
|
144 |
$text = RenderMan::getPage($paths->cpage['urlname_nons'], $paths->namespace, 0, false, false, false, false); |
|
145 |
echo ' |
|
146 |
<form action="'.makeUrl($paths->page, 'do=edit').'" method="post"> |
|
147 |
<br /> |
|
148 |
<textarea readonly="readonly" name="page_text" rows="20" cols="60" style="width: 97%;">'.$text.'</textarea>'; |
|
149 |
echo '<br /> |
|
150 |
<input type="submit" name="_cancel" value="Close viewer" /> |
|
151 |
</form> |
|
152 |
'; |
|
153 |
$template->footer(); |
|
154 |
break; |
|
155 |
case 'history': |
|
156 |
$hist = PageUtils::histlist($paths->cpage['urlname_nons'], $paths->namespace); |
|
157 |
$template->header(); |
|
158 |
echo $hist; |
|
159 |
$template->footer(); |
|
160 |
break; |
|
161 |
case 'rollback': |
|
162 |
$id = (isset($_GET['id'])) ? $_GET['id'] : false; |
|
163 |
if(!$id || !preg_match('#^([0-9]+)$#', $id)) die_friendly('Invalid action ID', '<p>The URL parameter "id" is not an integer. Exiting to prevent nasties like SQL injection, etc.</p>'); |
|
164 |
$rb = PageUtils::rollback( (int) $id ); |
|
165 |
$template->header(); |
|
166 |
echo '<p>'.$rb.' <a href="'.makeUrl($paths->page).'">Return to the page</a>.</p>'; |
|
167 |
$template->footer(); |
|
168 |
break; |
|
169 |
case 'catedit': |
|
170 |
if(isset($_POST['__enanoSaveButton'])) |
|
171 |
{ |
|
172 |
unset($_POST['__enanoSaveButton']); |
|
173 |
$val = PageUtils::catsave($paths->cpage['urlname_nons'], $paths->namespace, $_POST); |
|
174 |
if($val == 'GOOD') |
|
175 |
{ |
|
176 |
header('Location: '.makeUrl($paths->page)); echo '<html><head><title>Redirecting...</title></head><body>If you haven\'t been redirected yet, <a href="'.makeUrl($paths->page).'">click here</a>.'; break; |
|
177 |
} else { |
|
178 |
die_friendly('Error saving category information', '<p>'.$val.'</p>'); |
|
179 |
} |
|
180 |
} |
|
181 |
elseif(isset($_POST['__enanoCatCancel'])) |
|
182 |
{ |
|
183 |
header('Location: '.makeUrl($paths->page)); echo '<html><head><title>Redirecting...</title></head><body>If you haven\'t been redirected yet, <a href="'.makeUrl($paths->page).'">click here</a>.'; break; |
|
184 |
} |
|
185 |
$template->header(); |
|
186 |
$c = PageUtils::catedit_raw($paths->cpage['urlname_nons'], $paths->namespace); |
|
187 |
echo $c[1]; |
|
188 |
$template->footer(); |
|
189 |
break; |
|
190 |
case 'moreoptions': |
|
191 |
$template->header(); |
|
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
28
diff
changeset
|
192 |
echo '<div class="menu_nojs" style="width: 150px; padding: 0;"><ul style="display: block;"><li><div class="label">More options for this page</div><div style="clear: both;"></div></li>'.$template->tpl_strings['TOOLBAR_EXTRAS'].'</ul></div>'; |
0 | 193 |
$template->footer(); |
194 |
break; |
|
195 |
case 'protect': |
|
196 |
if (!isset($_REQUEST['level'])) die_friendly('Invalid request', '<p>No protection level specified</p>'); |
|
197 |
if(!empty($_POST['reason'])) |
|
198 |
{ |
|
199 |
if(!preg_match('#^([0-2]*){1}$#', $_POST['level'])) die_friendly('Error protecting page', '<p>Request validation failed</p>'); |
|
200 |
PageUtils::protect($paths->cpage['urlname_nons'], $paths->namespace, intval($_POST['level']), $_POST['reason']); |
|
201 |
die_friendly('Page protected', '<p>The protection setting has been applied. <a href="'.makeUrl($paths->page).'">Return to the page</a>.</p>'); |
|
202 |
} |
|
203 |
$template->header(); |
|
204 |
?> |
|
205 |
<form action="<?php echo makeUrl($paths->page, 'do=protect'); ?>" method="post"> |
|
206 |
<input type="hidden" name="level" value="<?php echo $_REQUEST['level']; ?>" /> |
|
207 |
<?php if(isset($_POST['reason'])) echo '<p style="color: red;">Error: you must enter a reason for protecting this page.</p>'; ?> |
|
208 |
<p>Reason for protecting the page:</p> |
|
209 |
<p><input type="text" name="reason" size="40" /><br /> |
|
210 |
Protecion level to be applied: <b><?php |
|
211 |
switch($_REQUEST['level']) |
|
212 |
{ |
|
213 |
case '0': |
|
214 |
echo 'No protection'; |
|
215 |
break; |
|
216 |
case '1': |
|
217 |
echo 'Full protection'; |
|
218 |
break; |
|
219 |
case '2': |
|
220 |
echo 'Semi-protection'; |
|
221 |
break; |
|
222 |
default: |
|
223 |
echo 'None;</b> Warning: request validation will fail after clicking submit<b>'; |
|
224 |
} |
|
225 |
?></b></p> |
|
226 |
<p><input type="submit" value="Protect page" style="font-weight: bold;" /></p> |
|
227 |
</form> |
|
228 |
<?php |
|
229 |
$template->footer(); |
|
230 |
break; |
|
231 |
case 'rename': |
|
232 |
if(!empty($_POST['newname'])) |
|
233 |
{ |
|
234 |
$r = PageUtils::rename($paths->cpage['urlname_nons'], $paths->namespace, $_POST['newname']); |
|
235 |
die_friendly('Page renamed', '<p>'.nl2br($r).' <a href="'.makeUrl($paths->page).'">Return to the page</a>.</p>'); |
|
236 |
} |
|
237 |
$template->header(); |
|
238 |
?> |
|
239 |
<form action="<?php echo makeUrl($paths->page, 'do=rename'); ?>" method="post"> |
|
240 |
<?php if(isset($_POST['newname'])) echo '<p style="color: red;">Error: you must enter a new name for this page.</p>'; ?> |
|
241 |
<p>Please enter a new name for this page:</p> |
|
242 |
<p><input type="text" name="newname" size="40" /></p> |
|
243 |
<p><input type="submit" value="Rename page" style="font-weight: bold;" /></p> |
|
244 |
</form> |
|
245 |
<?php |
|
246 |
$template->footer(); |
|
247 |
break; |
|
248 |
case 'flushlogs': |
|
249 |
if(!$session->get_permissions('clear_logs')) die_friendly('Access denied', '<p>Flushing the logs for a page <u>requires</u> administrative rights.</p>'); |
|
250 |
if(isset($_POST['_downthejohn'])) |
|
251 |
{ |
|
252 |
$template->header(); |
|
253 |
$result = PageUtils::flushlogs($paths->cpage['urlname_nons'], $paths->namespace); |
|
254 |
echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">Return to the page</a>.</p>'; |
|
255 |
$template->footer(); |
|
256 |
break; |
|
257 |
} |
|
258 |
$template->header(); |
|
259 |
?> |
|
260 |
<form action="<?php echo makeUrl($paths->page, 'do=flushlogs'); ?>" method="post"> |
|
261 |
<h3>You are about to <span style="color: red;">destroy</span> all logged edits and actions on this page.</h3> |
|
262 |
<p>Unlike deleting or editing this page, this action is <u>not reversible</u>! You should only do this if you are desperate for |
|
263 |
database space.</p> |
|
264 |
<p>Do you really want to continue?</p> |
|
265 |
<p><input type="submit" name="_downthejohn" value="Flush logs" style="color: red; font-weight: bold;" /></p> |
|
266 |
</form> |
|
267 |
<?php |
|
268 |
$template->footer(); |
|
269 |
break; |
|
270 |
case 'delvote': |
|
271 |
if(isset($_POST['_ballotbox'])) |
|
272 |
{ |
|
273 |
$template->header(); |
|
274 |
$result = PageUtils::delvote($paths->cpage['urlname_nons'], $paths->namespace); |
|
275 |
echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">Return to the page</a>.</p>'; |
|
276 |
$template->footer(); |
|
277 |
break; |
|
278 |
} |
|
279 |
$template->header(); |
|
280 |
?> |
|
281 |
<form action="<?php echo makeUrl($paths->page, 'do=delvote'); ?>" method="post"> |
|
282 |
<h3>Your vote counts.</h3> |
|
283 |
<p>If you think that this page is not relavent to the content on this site, or if it looks like this page was only created in |
|
284 |
an attempt to spam the site, you can request that this page be deleted by an administrator.</p> |
|
285 |
<p>After you vote, you should leave a comment explaining the reason for your vote, especially if you are the first person to |
|
286 |
vote against this page.</p> |
|
287 |
<p>So far, <?php echo ( $paths->cpage['delvotes'] == 1 ) ? $paths->cpage['delvotes'] . ' person has' : $paths->cpage['delvotes'] . ' people have'; ?> voted to delete this page.</p> |
|
288 |
<p><input type="submit" name="_ballotbox" value="Vote to delete this page" /></p> |
|
289 |
</form> |
|
290 |
<?php |
|
291 |
$template->footer(); |
|
292 |
break; |
|
293 |
case 'resetvotes': |
|
294 |
if(!$session->get_permissions('vote_reset')) die_friendly('Access denied', '<p>Resetting the deletion votes against this page <u>requires</u> admin rights.</p>'); |
|
295 |
if(isset($_POST['_youmaylivealittlelonger'])) |
|
296 |
{ |
|
297 |
$template->header(); |
|
298 |
$result = PageUtils::resetdelvotes($paths->cpage['urlname_nons'], $paths->namespace); |
|
299 |
echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">Return to the page</a>.</p>'; |
|
300 |
$template->footer(); |
|
301 |
break; |
|
302 |
} |
|
303 |
$template->header(); |
|
304 |
?> |
|
305 |
<form action="<?php echo makeUrl($paths->page, 'do=resetvotes'); ?>" method="post"> |
|
306 |
<p>This action will reset the number of votes against this page to zero. Are you sure you want to do this?</p> |
|
307 |
<p><input type="submit" name="_youmaylivealittlelonger" value="Reset votes" /></p> |
|
308 |
</form> |
|
309 |
<?php |
|
310 |
$template->footer(); |
|
311 |
break; |
|
312 |
case 'deletepage': |
|
313 |
if(!$session->get_permissions('delete_page')) die_friendly('Access denied', '<p>Deleting pages <u>requires</u> admin rights.</p>'); |
|
314 |
if(isset($_POST['_adiossucker'])) |
|
315 |
{ |
|
28 | 316 |
$reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false; |
317 |
if ( empty($reason) ) |
|
318 |
$error = 'Please enter a reason for deleting this page.'; |
|
319 |
else |
|
320 |
{ |
|
321 |
$template->header(); |
|
322 |
$result = PageUtils::deletepage($paths->cpage['urlname_nons'], $paths->namespace, $reason); |
|
323 |
echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">Return to the page</a>.</p>'; |
|
324 |
$template->footer(); |
|
325 |
break; |
|
326 |
} |
|
0 | 327 |
} |
328 |
$template->header(); |
|
329 |
?> |
|
330 |
<form action="<?php echo makeUrl($paths->page, 'do=deletepage'); ?>" method="post"> |
|
331 |
<h3>You are about to <span style="color: red;">destroy</span> this page.</h3> |
|
332 |
<p>While the deletion of the page itself is completely reversible, it is impossible to recover any comments or category information on this page. If this is a file page, the file along with all older revisions of it will be permanently deleted. Also, any custom information that this page is tagged with, such as a custom name, protection status, or additional settings such as whether to allow comments, will be permanently lost.</p> |
|
333 |
<p>Are you <u>absolutely sure</u> that you want to continue?<br /> |
|
334 |
You will not be asked again.</p> |
|
28 | 335 |
<?php if ( isset($error) ) echo "<p>$error</p>"; ?> |
336 |
<p>Reason for deleting: <input type="text" name="reason" size="50" /></p> |
|
0 | 337 |
<p><input type="submit" name="_adiossucker" value="Delete this page" style="color: red; font-weight: bold;" /></p> |
338 |
</form> |
|
339 |
<?php |
|
340 |
$template->footer(); |
|
341 |
break; |
|
342 |
case 'setwikimode': |
|
343 |
if(!$session->get_permissions('set_wiki_mode')) die_friendly('Access denied', '<p>Changing the wiki mode setting <u>requires</u> admin rights.</p>'); |
|
344 |
if(!isset($_GET['level']) || ( isset($_GET['level']) && !preg_match('#^([0-9])$#', $_GET['level']))) die_friendly('Invalid request', '<p>Level not specified</p>'); |
|
345 |
$template->header(); |
|
346 |
$template->footer(); |
|
347 |
break; |
|
348 |
case 'diff': |
|
349 |
$template->header(); |
|
350 |
$id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false; |
|
351 |
$id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false; |
|
352 |
if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; } |
|
353 |
if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) || |
|
354 |
!preg_match('#^([0-9]+)$#', (string)$_GET['diff2'] )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; } |
|
355 |
echo PageUtils::pagediff($paths->cpage['urlname_nons'], $paths->namespace, $id1, $id2); |
|
356 |
$template->footer(); |
|
357 |
break; |
|
358 |
case 'aclmanager': |
|
359 |
$data = ( isset($_POST['data']) ) ? $_POST['data'] : Array('mode' => 'listgroups'); |
|
360 |
PageUtils::aclmanager($data); |
|
361 |
break; |
|
362 |
} |
|
363 |
||
364 |
// |
|
365 |
// Optimize HTML by replacing newlines with spaces (excludes <pre>, <script>, and <style> blocks) |
|
366 |
// |
|
367 |
if ($aggressive_optimize_html) |
|
368 |
{ |
|
369 |
// Load up the HTML |
|
370 |
$html = ob_get_contents(); |
|
371 |
ob_end_clean(); |
|
372 |
||
373 |
// Which tags to strip - you can change this if needed |
|
374 |
$strip_tags = Array('pre', 'script', 'style', 'enano:no-opt'); |
|
375 |
$strip_tags = implode('|', $strip_tags); |
|
376 |
||
377 |
// Strip out the tags and replace with placeholders |
|
378 |
preg_match_all("#<($strip_tags)(.*?)>(.*?)</($strip_tags)>#is", $html, $matches); |
|
379 |
$seed = md5(microtime() . mt_rand()); // Random value used for placeholders |
|
380 |
for ($i = 0;$i < sizeof($matches[1]); $i++) |
|
381 |
{ |
|
382 |
$html = str_replace("<{$matches[1][$i]}{$matches[2][$i]}>{$matches[3][$i]}</{$matches[4][$i]}>", "{DONT_STRIP_ME_NAKED:$seed:$i}", $html); |
|
383 |
} |
|
384 |
||
385 |
// Finally, process the HTML |
|
386 |
$html = preg_replace("#\n([ ]*)#", " ", $html); |
|
387 |
||
388 |
// Remove annoying spaces between tags |
|
389 |
$html = preg_replace("#>([ ]*?){2,}<#", "> <", $html); |
|
390 |
||
391 |
// Re-insert untouchable tags |
|
392 |
for ($i = 0;$i < sizeof($matches[1]); $i++) |
|
393 |
{ |
|
394 |
$html = str_replace("{DONT_STRIP_ME_NAKED:$seed:$i}", "<{$matches[1][$i]}{$matches[2][$i]}>{$matches[3][$i]}</{$matches[4][$i]}>", $html); |
|
395 |
} |
|
396 |
||
397 |
// Remove <enano:no-opt> blocks (can be used by themes that don't want their HTML optimized) |
|
398 |
$html = preg_replace('#<(\/|)enano:no-opt(.*?)>#', '', $html); |
|
399 |
||
400 |
// Tell snoopish users what's going on |
|
401 |
$html = str_replace('<html>', "\n<!-- NOTE: This HTML document has been Aggressively Optimized(TM) by Enano to make page loading faster. -->\n<html>", $html); |
|
402 |
||
403 |
// Re-enable output buffering to allow the Gzip function (below) to work |
|
404 |
ob_start(); |
|
405 |
||
406 |
// Done, send it to the user |
|
407 |
echo( $html ); |
|
408 |
} |
|
409 |
||
410 |
// |
|
411 |
// Compress buffered output if required and send to browser |
|
412 |
// |
|
413 |
if ( $do_gzip ) |
|
414 |
{ |
|
415 |
// |
|
416 |
// Copied from phpBB, which was in turn borrowed from php.net |
|
417 |
// |
|
418 |
$gzip_contents = ob_get_contents(); |
|
419 |
ob_end_clean(); |
|
420 |
||
421 |
$gzip_size = strlen($gzip_contents); |
|
422 |
$gzip_crc = crc32($gzip_contents); |
|
423 |
||
424 |
$gzip_contents = gzcompress($gzip_contents, 9); |
|
425 |
$gzip_contents = substr($gzip_contents, 0, strlen($gzip_contents) - 4); |
|
426 |
||
427 |
header('Content-encoding: gzip'); |
|
428 |
echo "\x1f\x8b\x08\x00\x00\x00\x00\x00"; |
|
429 |
echo $gzip_contents; |
|
430 |
echo pack('V', $gzip_crc); |
|
431 |
echo pack('V', $gzip_size); |
|
432 |
} |
|
433 |
||
434 |
$db->close(); |
|
435 |
||
436 |
?> |