diff -r 1f85c1c609fd -r 608dee512bf0 ajax.php --- a/ajax.php Wed Jul 25 18:09:21 2007 -0400 +++ b/ajax.php Sat Jul 28 18:08:58 2007 -0400 @@ -104,11 +104,6 @@ case "setpass": echo PageUtils::setpass($paths->cpage['urlname_nons'], $paths->namespace, $_POST['password']); break; - case "wikihelp": - $html = file_get_contents('http://enanocms.org/ajax.php?title=Help:Wiki_formatting&_mode=getpage&nofooters'); - $html = str_replace('src="/Special', 'src="http://enanocms.org/Special', $html); - echo '

Wiki formatting guide

'.$html.'
'; - break; case "fillusername": $name = (isset($_GET['name'])) ? $db->escape($_GET['name']) : false; if ( !$name ) @@ -225,6 +220,34 @@ die( $db->get_error() ); die('GOOD'); break; + case 'get_tags': + $json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE); + + $ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create')); + $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NULL AS used_in_acl, t.user FROM '.table_prefix.'tags AS t + LEFT JOIN '.table_prefix.'page_groups AS pg + ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) ) + WHERE t.page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';'); + if ( !$q ) + $db->_die(); + + while ( $row = $db->fetchrow() ) + { + $can_del = ( + ( $session->get_permissions('tag_delete_own') && $row['user'] == $session->user_id && $session->user_logged_in ) || // User created the tag and can remove own tags + ( $session->get_permissions('tag_delete_other') && $row['used_in_acl'] != 1 ) || // User can remove tags and the tag isn't used in an ACL (page group) + ( $row['used_in_acl'] == 1 && $session->get_permissions('tag_delete_own') && $session->get_permissions('tag_delete_other') && ( $session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN ) ) + ); + $ret['tags'][] = array( + 'id' => $row['tag_id'], + 'name' => $row['tag_name'], + 'can_del' => $can_del + ); + } + + echo $json->encode($ret); + + break; default: die('Hacking attempt'); break;