includes/functions.php
changeset 261 5f1cd51bf1be
parent 259 112debff64bd
child 264 e17cc42d77cf
equal deleted inserted replaced
259:112debff64bd 261:5f1cd51bf1be
   563   {
   563   {
   564     // Show member pages and subcategories
   564     // Show member pages and subcategories
   565     $q = $db->sql_query('SELECT p.urlname, p.namespace, p.name, p.namespace=\'Category\' AS is_category FROM '.table_prefix.'categories AS c
   565     $q = $db->sql_query('SELECT p.urlname, p.namespace, p.name, p.namespace=\'Category\' AS is_category FROM '.table_prefix.'categories AS c
   566                            LEFT JOIN '.table_prefix.'pages AS p
   566                            LEFT JOIN '.table_prefix.'pages AS p
   567                              ON ( p.urlname = c.page_id AND p.namespace = c.namespace )
   567                              ON ( p.urlname = c.page_id AND p.namespace = c.namespace )
   568                            WHERE c.category_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\'
   568                            WHERE c.category_id=\'' . $db->escape($paths->page_id) . '\'
   569                            ORDER BY is_category DESC, p.name ASC;');
   569                            ORDER BY is_category DESC, p.name ASC;');
   570     if ( !$q )
   570     if ( !$q )
   571     {
   571     {
   572       $db->_die();
   572       $db->_die();
   573     }
   573     }
   675     echo '<div style="float: right;">';
   675     echo '<div style="float: right;">';
   676     echo '(<a href="#" onclick="ajaxCatToTag(); return false;">show page tags</a>)';
   676     echo '(<a href="#" onclick="ajaxCatToTag(); return false;">show page tags</a>)';
   677     echo '</div>';
   677     echo '</div>';
   678     echo '<div id="mdgCatBox">Categories: ';
   678     echo '<div id="mdgCatBox">Categories: ';
   679     
   679     
   680     $where = '( c.page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND c.namespace=\'' . $db->escape($paths->namespace) . '\' )';
   680     $where = '( c.page_id=\'' . $db->escape($paths->page_id) . '\' AND c.namespace=\'' . $db->escape($paths->namespace) . '\' )';
   681     $prefix = table_prefix;
   681     $prefix = table_prefix;
   682     $sql = <<<EOF
   682     $sql = <<<EOF
   683 SELECT c.category_id FROM {$prefix}categories AS c
   683 SELECT c.category_id FROM {$prefix}categories AS c
   684   LEFT JOIN {$prefix}pages AS p
   684   LEFT JOIN {$prefix}pages AS p
   685     ON ( ( p.urlname = c.page_id AND p.namespace = c.namespace ) OR ( p.urlname IS NULL AND p.namespace IS NULL ) )
   685     ON ( ( p.urlname = c.page_id AND p.namespace = c.namespace ) OR ( p.urlname IS NULL AND p.namespace IS NULL ) )
   727 
   727 
   728 function show_file_info()
   728 function show_file_info()
   729 {
   729 {
   730   global $db, $session, $paths, $template, $plugins; // Common objects
   730   global $db, $session, $paths, $template, $plugins; // Common objects
   731   if($paths->namespace != 'File') return null; // Prevent unnecessary work
   731   if($paths->namespace != 'File') return null; // Prevent unnecessary work
   732   $selfn = $paths->cpage['urlname_nons']; // substr($paths->page, strlen($paths->nslist['File']), strlen($paths->cpage));
   732   $selfn = $paths->page_id; // substr($paths->page, strlen($paths->nslist['File']), strlen($paths->cpage));
   733   if(substr($paths->cpage['name'], 0, strlen($paths->nslist['File']))==$paths->nslist['File']) $selfn = substr($paths->cpage['urlname_nons'], strlen($paths->nslist['File']), strlen($paths->cpage['urlname_nons']));
   733   if(substr($paths->cpage['name'], 0, strlen($paths->nslist['File']))==$paths->nslist['File']) $selfn = substr($paths->page_id, strlen($paths->nslist['File']), strlen($paths->page_id));
   734   $q = $db->sql_query('SELECT mimetype,time_id,size FROM '.table_prefix.'files WHERE page_id=\''.$selfn.'\' ORDER BY time_id DESC;');
   734   $q = $db->sql_query('SELECT mimetype,time_id,size FROM '.table_prefix.'files WHERE page_id=\''.$selfn.'\' ORDER BY time_id DESC;');
   735   if(!$q) $db->_die('The file type could not be fetched.');
   735   if(!$q) $db->_die('The file type could not be fetched.');
   736   if($db->numrows() < 1) { echo '<div class="mdg-comment" style="margin-left: 0;"><h3>Uploaded file</h3><p>There are no files uploaded with this name yet. <a href="'.makeUrlNS('Special', 'UploadFile/'.$paths->cpage['urlname_nons']).'">Upload a file...</a></p></div><br />'; return; }
   736   if($db->numrows() < 1) { echo '<div class="mdg-comment" style="margin-left: 0;"><h3>Uploaded file</h3><p>There are no files uploaded with this name yet. <a href="'.makeUrlNS('Special', 'UploadFile/'.$paths->page_id).'">Upload a file...</a></p></div><br />'; return; }
   737   $r = $db->fetchrow();
   737   $r = $db->fetchrow();
   738   $mimetype = $r['mimetype'];
   738   $mimetype = $r['mimetype'];
   739   $datestring = date('F d, Y h:i a', (int)$r['time_id']);
   739   $datestring = date('F d, Y h:i a', (int)$r['time_id']);
   740   echo '<div class="mdg-comment" style="margin-left: 0;"><p><h3>Uploaded file</h3></p><p>Type: '.$r['mimetype'].'<br />Size: ';
   740   echo '<div class="mdg-comment" style="margin-left: 0;"><p><h3>Uploaded file</h3></p><p>Type: '.$r['mimetype'].'<br />Size: ';
   741   $fs = $r['size'];
   741   $fs = $r['size'];
  2416  * @return string Cleaned text
  2416  * @return string Cleaned text
  2417  */
  2417  */
  2418 
  2418 
  2419 function sanitize_page_id($page_id)
  2419 function sanitize_page_id($page_id)
  2420 {
  2420 {
  2421 
       
  2422   // Remove character escapes
  2421   // Remove character escapes
  2423   $page_id = dirtify_page_id($page_id);
  2422   $page_id = dirtify_page_id($page_id);
  2424 
  2423 
  2425   $pid_clean = preg_replace('/[\w\.\/:;\(\)@\[\]_-]/', 'X', $page_id);
  2424   $pid_clean = preg_replace('/[\w\.\/:;\(\)@\[\]_-]/', 'X', $page_id);
  2426   $pid_dirty = enano_str_split($pid_clean, 1);
  2425   $pid_dirty = enano_str_split($pid_clean, 1);
  2471   global $db, $session, $paths, $template, $plugins; // Common objects
  2470   global $db, $session, $paths, $template, $plugins; // Common objects
  2472   // First, replace spaces with underscores
  2471   // First, replace spaces with underscores
  2473   $page_id = str_replace(' ', '_', $page_id);
  2472   $page_id = str_replace(' ', '_', $page_id);
  2474 
  2473 
  2475   // Exception for userpages for IP addresses
  2474   // Exception for userpages for IP addresses
  2476   if ( preg_match('/^' . preg_quote($paths->nslist['User']) . '/', $page_id) )
  2475   if ( isset($paths->nslist['User']) )
  2477   {
  2476   {
  2478     $ip = preg_replace('/^' . preg_quote($paths->nslist['User']) . '/', '', $page_id);
  2477     if ( preg_match('/^' . preg_quote($paths->nslist['User']) . '/', $page_id) )
  2479     if ( is_valid_ip($ip) )
  2478     {
  2480       return $page_id;
  2479       $ip = preg_replace('/^' . preg_quote($paths->nslist['User']) . '/', '', $page_id);
       
  2480       if ( is_valid_ip($ip) )
       
  2481       {
       
  2482         die('valid IP');
       
  2483         return $page_id;
       
  2484       }
       
  2485     }
  2481   }
  2486   }
  2482 
  2487 
  2483   preg_match_all('/\.[A-Fa-f0-9][A-Fa-f0-9]/', $page_id, $matches);
  2488   preg_match_all('/\.[A-Fa-f0-9][A-Fa-f0-9]/', $page_id, $matches);
  2484 
  2489 
  2485   foreach ( $matches[0] as $id => $char )
  2490   foreach ( $matches[0] as $id => $char )