ajax.php
changeset 261 5f1cd51bf1be
parent 259 112debff64bd
child 263 16d0c9f33466
equal deleted inserted replaced
259:112debff64bd 261:5f1cd51bf1be
    95   switch($_GET['_mode']) {
    95   switch($_GET['_mode']) {
    96     case "checkusername":
    96     case "checkusername":
    97       echo PageUtils::checkusername($_GET['name']);
    97       echo PageUtils::checkusername($_GET['name']);
    98       break;
    98       break;
    99     case "getsource":
    99     case "getsource":
   100       $p = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
   100       $password = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
   101       echo PageUtils::getsource($paths->page, $p);
   101       $page = new PageProcessor($paths->page_id, $paths->namespace);
       
   102       $page->password = $password;
       
   103       if ( $src = $page->fetch_source() )
       
   104       {
       
   105         echo $src;
       
   106       }
       
   107       else
       
   108       {
       
   109         echo 'err_access_denied';
       
   110       }
   102       break;
   111       break;
   103     case "getpage":
   112     case "getpage":
   104       // echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
   113       // echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
   105       $revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
   114       $revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
   106       $page = new PageProcessor( $paths->cpage['urlname_nons'], $paths->namespace, $revision_id );
   115       $page = new PageProcessor( $paths->page_id, $paths->namespace, $revision_id );
   107       
   116       
   108       $pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : '';
   117       $pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : '';
   109       $page->password = $pagepass;
   118       $page->password = $pagepass;
   110             
   119             
   111       $page->send();
   120       $page->send();
   112       break;
   121       break;
   113     case "savepage":
   122     case "savepage":
   114       $summ = ( isset($_POST['summary']) ) ? $_POST['summary'] : '';
   123       $summ = ( isset($_POST['summary']) ) ? $_POST['summary'] : '';
   115       $minor = isset($_POST['minor']);
   124       $minor = isset($_POST['minor']);
   116       $e = PageUtils::savepage($paths->cpage['urlname_nons'], $paths->namespace, $_POST['text'], $summ, $minor);
   125       $e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['text'], $summ, $minor);
   117       if($e=='good')
   126       if($e=='good')
   118       {
   127       {
   119         $page = new PageProcessor($paths->cpage['urlname_nons'], $paths->namespace);
   128         $page = new PageProcessor($paths->page_id, $paths->namespace);
   120         $page->send();
   129         $page->send();
   121       }
   130       }
   122       else
   131       else
   123       {
   132       {
   124         echo '<p>Error saving the page: '.$e.'</p>';
   133         echo '<p>Error saving the page: '.$e.'</p>';
   125       }
   134       }
   126       break;
   135       break;
   127     case "protect":
   136     case "protect":
   128       echo PageUtils::protect($paths->cpage['urlname_nons'], $paths->namespace, (int)$_POST['level'], $_POST['reason']);
   137       echo PageUtils::protect($paths->page_id, $paths->namespace, (int)$_POST['level'], $_POST['reason']);
   129       break;
   138       break;
   130     case "histlist":
   139     case "histlist":
   131       echo PageUtils::histlist($paths->cpage['urlname_nons'], $paths->namespace);
   140       echo PageUtils::histlist($paths->page_id, $paths->namespace);
   132       break;
   141       break;
   133     case "rollback":
   142     case "rollback":
   134       echo PageUtils::rollback( (int)$_GET['id'] );
   143       echo PageUtils::rollback( (int)$_GET['id'] );
   135       break;
   144       break;
   136     case "comments":
   145     case "comments":
   137       $comments = new Comments($paths->cpage['urlname_nons'], $paths->namespace);
   146       $comments = new Comments($paths->page_id, $paths->namespace);
   138       if ( isset($_POST['data']) )
   147       if ( isset($_POST['data']) )
   139       {
   148       {
   140         $comments->process_json($_POST['data']);
   149         $comments->process_json($_POST['data']);
   141       }
   150       }
   142       else
   151       else
   143       {
   152       {
   144         die('{ "mode" : "error", "error" : "No input" }');
   153         die('{ "mode" : "error", "error" : "No input" }');
   145       }
   154       }
   146       break;
   155       break;
   147     case "rename":
   156     case "rename":
   148       echo PageUtils::rename($paths->cpage['urlname_nons'], $paths->namespace, $_POST['newtitle']);
   157       echo PageUtils::rename($paths->page_id, $paths->namespace, $_POST['newtitle']);
   149       break;
   158       break;
   150     case "flushlogs":
   159     case "flushlogs":
   151       echo PageUtils::flushlogs($paths->cpage['urlname_nons'], $paths->namespace);
   160       echo PageUtils::flushlogs($paths->page_id, $paths->namespace);
   152       break;
   161       break;
   153     case "deletepage":
   162     case "deletepage":
   154       $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
   163       $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
   155       if ( empty($reason) )
   164       if ( empty($reason) )
   156         die('Please enter a reason for deleting this page.');
   165         die('Please enter a reason for deleting this page.');
   157       echo PageUtils::deletepage($paths->cpage['urlname_nons'], $paths->namespace, $reason);
   166       echo PageUtils::deletepage($paths->page_id, $paths->namespace, $reason);
   158       break;
   167       break;
   159     case "delvote":
   168     case "delvote":
   160       echo PageUtils::delvote($paths->cpage['urlname_nons'], $paths->namespace);
   169       echo PageUtils::delvote($paths->page_id, $paths->namespace);
   161       break;
   170       break;
   162     case "resetdelvotes":
   171     case "resetdelvotes":
   163       echo PageUtils::resetdelvotes($paths->cpage['urlname_nons'], $paths->namespace);
   172       echo PageUtils::resetdelvotes($paths->page_id, $paths->namespace);
   164       break;
   173       break;
   165     case "getstyles":
   174     case "getstyles":
   166       echo PageUtils::getstyles($_GET['id']);
   175       echo PageUtils::getstyles($_GET['id']);
   167       break;
   176       break;
   168     case "catedit":
   177     case "catedit":
   169       echo PageUtils::catedit($paths->cpage['urlname_nons'], $paths->namespace);
   178       echo PageUtils::catedit($paths->page_id, $paths->namespace);
   170       break;
   179       break;
   171     case "catsave":
   180     case "catsave":
   172       echo PageUtils::catsave($paths->cpage['urlname_nons'], $paths->namespace, $_POST);
   181       echo PageUtils::catsave($paths->page_id, $paths->namespace, $_POST);
   173       break;
   182       break;
   174     case "setwikimode":
   183     case "setwikimode":
   175       echo PageUtils::setwikimode($paths->cpage['urlname_nons'], $paths->namespace, (int)$_GET['mode']);
   184       echo PageUtils::setwikimode($paths->page_id, $paths->namespace, (int)$_GET['mode']);
   176       break;
   185       break;
   177     case "setpass":
   186     case "setpass":
   178       echo PageUtils::setpass($paths->cpage['urlname_nons'], $paths->namespace, $_POST['password']);
   187       echo PageUtils::setpass($paths->page_id, $paths->namespace, $_POST['password']);
   179       break;
   188       break;
   180     case "fillusername":
   189     case "fillusername":
   181       break;
   190       break;
   182     case "fillpagename":
   191     case "fillpagename":
   183       $name = (isset($_GET['name'])) ? $_GET['name'] : false;
   192       $name = (isset($_GET['name'])) ? $_GET['name'] : false;
   228       $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
   237       $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
   229       $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
   238       $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
   230       if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
   239       if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
   231       if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) ||
   240       if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) ||
   232          !preg_match('#^([0-9]+)$#', (string)$_GET['diff2']  )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
   241          !preg_match('#^([0-9]+)$#', (string)$_GET['diff2']  )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
   233       echo PageUtils::pagediff($paths->cpage['urlname_nons'], $paths->namespace, $id1, $id2);
   242       echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2);
   234       break;
   243       break;
   235     case "jsres":
   244     case "jsres":
   236       die('// ERROR: this section is deprecated and has moved to includes/clientside/static/enano-lib-basic.js.');
   245       die('// ERROR: this section is deprecated and has moved to includes/clientside/static/enano-lib-basic.js.');
   237       break;
   246       break;
   238     case "rdns":
   247     case "rdns":
   276       
   285       
   277       $ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
   286       $ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
   278       $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user_id FROM '.table_prefix.'tags AS t
   287       $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user_id FROM '.table_prefix.'tags AS t
   279         LEFT JOIN '.table_prefix.'page_groups AS pg
   288         LEFT JOIN '.table_prefix.'page_groups AS pg
   280           ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
   289           ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
   281         WHERE t.page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
   290         WHERE t.page_id=\'' . $db->escape($paths->page_id) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
   282       if ( !$q )
   291       if ( !$q )
   283         $db->_die();
   292         $db->_die();
   284       
   293       
   285       while ( $row = $db->fetchrow() )
   294       while ( $row = $db->fetchrow() )
   286       {
   295       {
   336         $resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.';
   345         $resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.';
   337         die($json->encode($resp));
   346         die($json->encode($resp));
   338       }
   347       }
   339       
   348       
   340       // check if tag is already on page
   349       // check if tag is already on page
   341       $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';');
   350       $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';');
   342       if ( !$q )
   351       if ( !$q )
   343         $db->_die();
   352         $db->_die();
   344       if ( $db->numrows() > 0 )
   353       if ( $db->numrows() > 0 )
   345       {
   354       {
   346         $resp['error'] = 'This page already has this tag.';
   355         $resp['error'] = 'This page already has this tag.';
   360       }
   369       }
   361       $resp['in_acl'] = ( $db->numrows() > 0 );
   370       $resp['in_acl'] = ( $db->numrows() > 0 );
   362       $db->free_result();
   371       $db->free_result();
   363       
   372       
   364       // we're good
   373       // we're good
   365       $q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user_id) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
   374       $q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user_id) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->page_id) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
   366       if ( !$q )
   375       if ( !$q )
   367         $db->_die();
   376         $db->_die();
   368       
   377       
   369       $resp['success'] = true;
   378       $resp['success'] = true;
   370       $resp['tag'] = $tag;
   379       $resp['tag'] = $tag;
   390         die('Could not find a tag with that ID');
   399         die('Could not find a tag with that ID');
   391       
   400       
   392       $row = $db->fetchrow();
   401       $row = $db->fetchrow();
   393       $db->free_result();
   402       $db->free_result();
   394       
   403       
   395       if ( $row['page_id'] == $paths->cpage['urlname_nons'] && $row['namespace'] == $paths->namespace )
   404       if ( $row['page_id'] == $paths->page_id && $row['namespace'] == $paths->namespace )
   396         $perms =& $session;
   405         $perms =& $session;
   397       else
   406       else
   398         $perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);
   407         $perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);
   399         
   408         
   400       $perm = ( $row['user_id'] != $session->user_id ) ?
   409       $perm = ( $row['user_id'] != $session->user_id ) ?