diff -r 112debff64bd -r 5f1cd51bf1be ajax.php --- a/ajax.php Sat Dec 15 18:10:14 2007 -0500 +++ b/ajax.php Tue Dec 18 23:44:55 2007 -0500 @@ -97,13 +97,22 @@ echo PageUtils::checkusername($_GET['name']); break; case "getsource": - $p = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false; - echo PageUtils::getsource($paths->page, $p); + $password = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false; + $page = new PageProcessor($paths->page_id, $paths->namespace); + $page->password = $password; + if ( $src = $page->fetch_source() ) + { + echo $src; + } + else + { + echo 'err_access_denied'; + } break; case "getpage": // echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false )); $revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 ); - $page = new PageProcessor( $paths->cpage['urlname_nons'], $paths->namespace, $revision_id ); + $page = new PageProcessor( $paths->page_id, $paths->namespace, $revision_id ); $pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : ''; $page->password = $pagepass; @@ -113,10 +122,10 @@ case "savepage": $summ = ( isset($_POST['summary']) ) ? $_POST['summary'] : ''; $minor = isset($_POST['minor']); - $e = PageUtils::savepage($paths->cpage['urlname_nons'], $paths->namespace, $_POST['text'], $summ, $minor); + $e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['text'], $summ, $minor); if($e=='good') { - $page = new PageProcessor($paths->cpage['urlname_nons'], $paths->namespace); + $page = new PageProcessor($paths->page_id, $paths->namespace); $page->send(); } else @@ -125,16 +134,16 @@ } break; case "protect": - echo PageUtils::protect($paths->cpage['urlname_nons'], $paths->namespace, (int)$_POST['level'], $_POST['reason']); + echo PageUtils::protect($paths->page_id, $paths->namespace, (int)$_POST['level'], $_POST['reason']); break; case "histlist": - echo PageUtils::histlist($paths->cpage['urlname_nons'], $paths->namespace); + echo PageUtils::histlist($paths->page_id, $paths->namespace); break; case "rollback": echo PageUtils::rollback( (int)$_GET['id'] ); break; case "comments": - $comments = new Comments($paths->cpage['urlname_nons'], $paths->namespace); + $comments = new Comments($paths->page_id, $paths->namespace); if ( isset($_POST['data']) ) { $comments->process_json($_POST['data']); @@ -145,37 +154,37 @@ } break; case "rename": - echo PageUtils::rename($paths->cpage['urlname_nons'], $paths->namespace, $_POST['newtitle']); + echo PageUtils::rename($paths->page_id, $paths->namespace, $_POST['newtitle']); break; case "flushlogs": - echo PageUtils::flushlogs($paths->cpage['urlname_nons'], $paths->namespace); + echo PageUtils::flushlogs($paths->page_id, $paths->namespace); break; case "deletepage": $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false; if ( empty($reason) ) die('Please enter a reason for deleting this page.'); - echo PageUtils::deletepage($paths->cpage['urlname_nons'], $paths->namespace, $reason); + echo PageUtils::deletepage($paths->page_id, $paths->namespace, $reason); break; case "delvote": - echo PageUtils::delvote($paths->cpage['urlname_nons'], $paths->namespace); + echo PageUtils::delvote($paths->page_id, $paths->namespace); break; case "resetdelvotes": - echo PageUtils::resetdelvotes($paths->cpage['urlname_nons'], $paths->namespace); + echo PageUtils::resetdelvotes($paths->page_id, $paths->namespace); break; case "getstyles": echo PageUtils::getstyles($_GET['id']); break; case "catedit": - echo PageUtils::catedit($paths->cpage['urlname_nons'], $paths->namespace); + echo PageUtils::catedit($paths->page_id, $paths->namespace); break; case "catsave": - echo PageUtils::catsave($paths->cpage['urlname_nons'], $paths->namespace, $_POST); + echo PageUtils::catsave($paths->page_id, $paths->namespace, $_POST); break; case "setwikimode": - echo PageUtils::setwikimode($paths->cpage['urlname_nons'], $paths->namespace, (int)$_GET['mode']); + echo PageUtils::setwikimode($paths->page_id, $paths->namespace, (int)$_GET['mode']); break; case "setpass": - echo PageUtils::setpass($paths->cpage['urlname_nons'], $paths->namespace, $_POST['password']); + echo PageUtils::setpass($paths->page_id, $paths->namespace, $_POST['password']); break; case "fillusername": break; @@ -230,7 +239,7 @@ if(!$id1 || !$id2) { echo '
Invalid request.
'; $template->footer(); break; } if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) || !preg_match('#^([0-9]+)$#', (string)$_GET['diff2'] )) { echo 'SQL injection attempt
'; $template->footer(); break; } - echo PageUtils::pagediff($paths->cpage['urlname_nons'], $paths->namespace, $id1, $id2); + echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2); break; case "jsres": die('// ERROR: this section is deprecated and has moved to includes/clientside/static/enano-lib-basic.js.'); @@ -278,7 +287,7 @@ $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user_id FROM '.table_prefix.'tags AS t LEFT JOIN '.table_prefix.'page_groups AS pg ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) ) - WHERE t.page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';'); + WHERE t.page_id=\'' . $db->escape($paths->page_id) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';'); if ( !$q ) $db->_die(); @@ -338,7 +347,7 @@ } // check if tag is already on page - $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';'); + $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';'); if ( !$q ) $db->_die(); if ( $db->numrows() > 0 ) @@ -362,7 +371,7 @@ $db->free_result(); // we're good - $q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user_id) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');'); + $q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user_id) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->page_id) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');'); if ( !$q ) $db->_die(); @@ -392,7 +401,7 @@ $row = $db->fetchrow(); $db->free_result(); - if ( $row['page_id'] == $paths->cpage['urlname_nons'] && $row['namespace'] == $paths->namespace ) + if ( $row['page_id'] == $paths->page_id && $row['namespace'] == $paths->namespace ) $perms =& $session; else $perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);