ajax.php
changeset 261 5f1cd51bf1be
parent 259 112debff64bd
child 263 16d0c9f33466
--- a/ajax.php	Sat Dec 15 18:10:14 2007 -0500
+++ b/ajax.php	Tue Dec 18 23:44:55 2007 -0500
@@ -97,13 +97,22 @@
       echo PageUtils::checkusername($_GET['name']);
       break;
     case "getsource":
-      $p = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
-      echo PageUtils::getsource($paths->page, $p);
+      $password = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
+      $page = new PageProcessor($paths->page_id, $paths->namespace);
+      $page->password = $password;
+      if ( $src = $page->fetch_source() )
+      {
+        echo $src;
+      }
+      else
+      {
+        echo 'err_access_denied';
+      }
       break;
     case "getpage":
       // echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
       $revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
-      $page = new PageProcessor( $paths->cpage['urlname_nons'], $paths->namespace, $revision_id );
+      $page = new PageProcessor( $paths->page_id, $paths->namespace, $revision_id );
       
       $pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : '';
       $page->password = $pagepass;
@@ -113,10 +122,10 @@
     case "savepage":
       $summ = ( isset($_POST['summary']) ) ? $_POST['summary'] : '';
       $minor = isset($_POST['minor']);
-      $e = PageUtils::savepage($paths->cpage['urlname_nons'], $paths->namespace, $_POST['text'], $summ, $minor);
+      $e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['text'], $summ, $minor);
       if($e=='good')
       {
-        $page = new PageProcessor($paths->cpage['urlname_nons'], $paths->namespace);
+        $page = new PageProcessor($paths->page_id, $paths->namespace);
         $page->send();
       }
       else
@@ -125,16 +134,16 @@
       }
       break;
     case "protect":
-      echo PageUtils::protect($paths->cpage['urlname_nons'], $paths->namespace, (int)$_POST['level'], $_POST['reason']);
+      echo PageUtils::protect($paths->page_id, $paths->namespace, (int)$_POST['level'], $_POST['reason']);
       break;
     case "histlist":
-      echo PageUtils::histlist($paths->cpage['urlname_nons'], $paths->namespace);
+      echo PageUtils::histlist($paths->page_id, $paths->namespace);
       break;
     case "rollback":
       echo PageUtils::rollback( (int)$_GET['id'] );
       break;
     case "comments":
-      $comments = new Comments($paths->cpage['urlname_nons'], $paths->namespace);
+      $comments = new Comments($paths->page_id, $paths->namespace);
       if ( isset($_POST['data']) )
       {
         $comments->process_json($_POST['data']);
@@ -145,37 +154,37 @@
       }
       break;
     case "rename":
-      echo PageUtils::rename($paths->cpage['urlname_nons'], $paths->namespace, $_POST['newtitle']);
+      echo PageUtils::rename($paths->page_id, $paths->namespace, $_POST['newtitle']);
       break;
     case "flushlogs":
-      echo PageUtils::flushlogs($paths->cpage['urlname_nons'], $paths->namespace);
+      echo PageUtils::flushlogs($paths->page_id, $paths->namespace);
       break;
     case "deletepage":
       $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
       if ( empty($reason) )
         die('Please enter a reason for deleting this page.');
-      echo PageUtils::deletepage($paths->cpage['urlname_nons'], $paths->namespace, $reason);
+      echo PageUtils::deletepage($paths->page_id, $paths->namespace, $reason);
       break;
     case "delvote":
-      echo PageUtils::delvote($paths->cpage['urlname_nons'], $paths->namespace);
+      echo PageUtils::delvote($paths->page_id, $paths->namespace);
       break;
     case "resetdelvotes":
-      echo PageUtils::resetdelvotes($paths->cpage['urlname_nons'], $paths->namespace);
+      echo PageUtils::resetdelvotes($paths->page_id, $paths->namespace);
       break;
     case "getstyles":
       echo PageUtils::getstyles($_GET['id']);
       break;
     case "catedit":
-      echo PageUtils::catedit($paths->cpage['urlname_nons'], $paths->namespace);
+      echo PageUtils::catedit($paths->page_id, $paths->namespace);
       break;
     case "catsave":
-      echo PageUtils::catsave($paths->cpage['urlname_nons'], $paths->namespace, $_POST);
+      echo PageUtils::catsave($paths->page_id, $paths->namespace, $_POST);
       break;
     case "setwikimode":
-      echo PageUtils::setwikimode($paths->cpage['urlname_nons'], $paths->namespace, (int)$_GET['mode']);
+      echo PageUtils::setwikimode($paths->page_id, $paths->namespace, (int)$_GET['mode']);
       break;
     case "setpass":
-      echo PageUtils::setpass($paths->cpage['urlname_nons'], $paths->namespace, $_POST['password']);
+      echo PageUtils::setpass($paths->page_id, $paths->namespace, $_POST['password']);
       break;
     case "fillusername":
       break;
@@ -230,7 +239,7 @@
       if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
       if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) ||
          !preg_match('#^([0-9]+)$#', (string)$_GET['diff2']  )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
-      echo PageUtils::pagediff($paths->cpage['urlname_nons'], $paths->namespace, $id1, $id2);
+      echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2);
       break;
     case "jsres":
       die('// ERROR: this section is deprecated and has moved to includes/clientside/static/enano-lib-basic.js.');
@@ -278,7 +287,7 @@
       $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user_id FROM '.table_prefix.'tags AS t
         LEFT JOIN '.table_prefix.'page_groups AS pg
           ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
-        WHERE t.page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
+        WHERE t.page_id=\'' . $db->escape($paths->page_id) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
       if ( !$q )
         $db->_die();
       
@@ -338,7 +347,7 @@
       }
       
       // check if tag is already on page
-      $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';');
+      $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';');
       if ( !$q )
         $db->_die();
       if ( $db->numrows() > 0 )
@@ -362,7 +371,7 @@
       $db->free_result();
       
       // we're good
-      $q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user_id) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
+      $q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user_id) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->page_id) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
       if ( !$q )
         $db->_die();
       
@@ -392,7 +401,7 @@
       $row = $db->fetchrow();
       $db->free_result();
       
-      if ( $row['page_id'] == $paths->cpage['urlname_nons'] && $row['namespace'] == $paths->namespace )
+      if ( $row['page_id'] == $paths->page_id && $row['namespace'] == $paths->namespace )
         $perms =& $session;
       else
         $perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);