ajax.php
author Dan Fuhry <dan@enanocms.org>
Thu, 01 Jul 2010 18:24:11 -0400
branch1.1.7-maintenance
changeset 1257 7365c9bf2106
parent 1175 1e2c9819ede3
child 1227 bdac73ed481e
permissions -rw-r--r--
Integrated XSS patch for 1.1.7 maintenance branch
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
     1
<?php
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
     2
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
     3
/*
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
     4
 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
1081
745200a9cc2a Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents: 1068
diff changeset
     5
 * Copyright (C) 2006-2009 Dan Fuhry
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
     6
 *
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
     7
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
     8
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
     9
 *
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    10
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    11
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    12
 */
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    13
 
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    14
  define('ENANO_INTERFACE_AJAX', '');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    15
 
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    16
  require('includes/common.php');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    17
  
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    18
  global $db, $session, $paths, $template, $plugins; // Common objects
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    19
  if(!isset($_GET['_mode'])) die('This script cannot be accessed directly.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    20
  
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    21
  $_ob = '';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    22
  
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    23
  switch($_GET['_mode']) {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    24
    case "checkusername":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
    25
      require_once(ENANO_ROOT.'/includes/pageutils.php');
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    26
      echo PageUtils::checkusername($_GET['name']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    27
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    28
    case "getsource":
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    29
      header('Content-type: text/plain');
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
    30
      $password = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
408
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
    31
      $revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0;
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
    32
      $page = new PageProcessor($paths->page_id, $paths->namespace, $revid);
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
    33
      $page->password = $password;
800
9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
parents: 714
diff changeset
    34
      
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    35
      $have_draft = false;
1161
9c0c519066ac Drafts saved on nonexistent pages now show up. Fixes issue 7.
Dan
parents: 1108
diff changeset
    36
      // Kinda hacky fix for issue 7: draft restore not offered for nonexistent pages
1162
daa091452877 Crap, broke page editing. Fixed it.
Dan
parents: 1161
diff changeset
    37
      if ( ($src = $page->fetch_source()) || !$page->exists() )
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
    38
      {
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
    39
        $allowed = true;
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
    40
        $q = $db->sql_query('SELECT author, time_id, page_text, edit_summary, page_format FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    41
                               AND page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    42
                               AND namespace = \'' . $db->escape($paths->namespace) . '\'
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    43
                               AND is_draft = 1;');
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    44
        if ( !$q )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    45
          $db->die_json();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    46
        
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    47
        if ( $db->numrows() > 0 )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    48
        {
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    49
          $have_draft = true;
419
b8b4e38825db Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents: 417
diff changeset
    50
          $draft_row = $db->fetchrow($q);
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    51
        }
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
    52
      }
325
e17cc42d77cf Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
parents: 324
diff changeset
    53
      else if ( $src !== false )
e17cc42d77cf Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
parents: 324
diff changeset
    54
      {
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
    55
        $allowed = true;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
    56
        $src = '';
325
e17cc42d77cf Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
parents: 324
diff changeset
    57
      }
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
    58
      else
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
    59
      {
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
    60
        $allowed = false;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
    61
        $src = '';
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
    62
      }
336
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
    63
      
1102
faef5e62e1e0 Fixed a couple bugs with read-only mode and protected pages in the AJAX editor
Dan
parents: 1068
diff changeset
    64
      $auth_edit = ( $session->get_permissions('edit_page') && ( $session->get_permissions('even_when_protected') || !$page->ns->page_protected ) );
387
92664d2efab8 Rebranded source code as 1.1.1; added TinyMCE ACL rule as per Vadi's request: http://forum.enanocms.org/viewtopic.php?f=7&t=54
Dan
parents: 378
diff changeset
    65
      $auth_wysiwyg = ( $session->get_permissions('edit_wysiwyg') );
336
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
    66
      
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
    67
      $return = array(
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
    68
          'mode' => 'editor',
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
    69
          'src' => $src,
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
    70
          'auth_view_source' => $allowed,
336
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
    71
          'auth_edit' => $auth_edit,
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
    72
          'time' => time(),
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
    73
          'require_captcha' => false,
408
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
    74
          'allow_wysiwyg' => $auth_wysiwyg,
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    75
          'revid' => $revid,
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    76
          'have_draft' => false
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
    77
        );
336
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
    78
      
1108
c1be67a50d81 Removed the $userpage parameter from Namespace_Default::error_404(). It screwed up a couple plugins. (Thanks Mazza for discovering the issue)
Dan
parents: 1103
diff changeset
    79
      $return['page_format'] = $page->ns->cdata['page_format'];
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
    80
      if ( $return['page_format'] == 'xhtml' )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
    81
      {
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
    82
        // gently process headings to make tinymce format them correctly
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
    83
        if ( preg_match_all('/^ *?(={1,6}) *(.+?) *\\1 *$/m', $return['src'], $matches) )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
    84
        {
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
    85
          foreach ( $matches[0] as $i => $match )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
    86
          {
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
    87
            $hi = strlen($matches[1][$i]);
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
    88
            $heading = "<h{$hi}>{$matches[2][$i]}</h{$hi}>";
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
    89
            $return['src'] = str_replace_once($match, $heading, $return['src']);
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
    90
          }
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
    91
        }
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
    92
      }
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
    93
      
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    94
      if ( $have_draft )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    95
      {
419
b8b4e38825db Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents: 417
diff changeset
    96
        $row =& $draft_row;
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    97
        $return['have_draft'] = true;
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    98
        $return['draft_author'] = $row['author'];
1081
745200a9cc2a Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents: 1068
diff changeset
    99
        $return['draft_time'] = enano_date(ED_DATE | ED_TIME, intval($row['time_id']));
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   100
        if ( isset($_GET['get_draft']) && @$_GET['get_draft'] === '1' )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   101
        {
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   102
          $return['src'] = $row['page_text'];
417
b76ebe229548 Edit summary should now be carried over when a draft is restored
Dan
parents: 416
diff changeset
   103
          $return['edit_summary'] = $row['edit_summary'];
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   104
          $return['page_format'] = $row['page_format'];
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   105
        }
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   106
      }
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   107
      
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   108
      $return['undo_info'] = array();
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   109
      
408
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   110
      if ( $revid > 0 )
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   111
      {
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   112
        // Retrieve information about this revision and the current one
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   113
        $q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   114
  LEFT JOIN ' . table_prefix . 'logs AS l2
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   115
    ON ( l2.log_id = ' . $revid . '
408
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   116
         AND l2.log_type  = \'page\'
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   117
         AND l2.action    = \'edit\'
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   118
         AND l2.page_id   = \'' . $db->escape($paths->page_id)   . '\'
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   119
         AND l2.namespace = \'' . $db->escape($paths->namespace) . '\'
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   120
         AND l2.is_draft != 1
408
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   121
        )
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   122
  WHERE l1.log_type  = \'page\'
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   123
    AND l1.action    = \'edit\'
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   124
    AND l1.page_id   = \'' . $db->escape($paths->page_id)   . '\'
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   125
    AND l1.namespace = \'' . $db->escape($paths->namespace) . '\'
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   126
    AND l1.time_id   > ' . $page->revision_time . '
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   127
    AND l1.is_draft != 1
408
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   128
  ORDER BY l1.time_id DESC;');
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   129
        if ( !$q )
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   130
          $db->die_json();
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   131
        
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   132
        if ( $db->numrows() > 0 )
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   133
        {
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   134
          $rev_count = $db->numrows() - 1;
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   135
          if ( $rev_count == -1 )
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   136
          {
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   137
            $return = array(
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   138
                'mode' => 'error',
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   139
                'error' => '[Internal] No rows returned by revision info query. SQL:<pre>' . $db->latest_query . '</pre>'
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   140
              );
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   141
          }
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   142
          else
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   143
          {
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   144
            $row = $db->fetchrow();
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   145
            $return['undo_info'] = array(
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   146
              'old_author'     => $row['oldrev_author'],
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   147
              'current_author' => $row['currentrev_author'],
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   148
              'undo_count'     => $rev_count
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   149
            );
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   150
          }
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   151
        }
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   152
        else
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   153
        {
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   154
          $return['revid'] = $revid = 0;
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   155
        }
408
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   156
      }
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   157
      
336
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   158
      if ( $auth_edit && !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   159
      {
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   160
        $return['require_captcha'] = true;
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   161
        $return['captcha_id'] = $session->make_captcha();
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   162
      }
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   163
      
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   164
      $template->load_theme();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   165
      $return['toolbar_templates'] = $template->extract_vars('toolbar.tpl');
1068
4bcefa85649c Editor: completely moved wiki edit notice to AJAX fetch, so it's not shipped with the page anymore.
Dan
parents: 1017
diff changeset
   166
      $return['edit_notice'] = $template->get_wiki_edit_notice();
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   167
      
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   168
      echo enano_json_encode($return);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   169
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   170
    case "getpage":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   171
      // echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
800
9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
parents: 714
diff changeset
   172
      $output = new Output_Striptease();
9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY].
Dan
parents: 714
diff changeset
   173
      
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   174
      $revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   175
      $page = new PageProcessor( $paths->page_id, $paths->namespace, $revision_id );
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   176
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   177
      $pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : '';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   178
      $page->password = $pagepass;
963
b572ce1114f1 Wikitext redirects should work again + get_redirect() added to Namespace_* to allow plugins to extend
Dan
parents: 880
diff changeset
   179
      $page->allow_redir = ( !isset($_GET['redirect']) || (isset($_GET['redirect']) && $_GET['redirect'] !== 'no') );
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   180
            
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   181
      $page->send();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   182
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   183
    case "savepage":
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   184
      /* **** OBSOLETE **** */
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   185
      
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   186
      break;
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   187
    case "savepage_json":
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   188
      header('Content-type: application/json');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   189
      if ( !isset($_POST['r']) )
550
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   190
        die('Invalid request');
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   191
      
880
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now
Dan
parents: 870
diff changeset
   192
      try
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now
Dan
parents: 870
diff changeset
   193
      {
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now
Dan
parents: 870
diff changeset
   194
        $request = enano_json_decode($_POST['r']);
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now
Dan
parents: 870
diff changeset
   195
        if ( !isset($request['src']) || !isset($request['summary']) || !isset($request['minor_edit']) || !isset($request['time']) || !isset($request['draft']) )
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now
Dan
parents: 870
diff changeset
   196
          die('Invalid request');
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now
Dan
parents: 870
diff changeset
   197
      }
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now
Dan
parents: 870
diff changeset
   198
      catch(Zend_Json_Exception $e)
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now
Dan
parents: 870
diff changeset
   199
      {
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now
Dan
parents: 870
diff changeset
   200
        die("JSON parsing failed. View as HTML to see full report.\n<br /><br />\n<pre>" . htmlspecialchars(strval($e)) . "</pre><br />Request: <pre>" . htmlspecialchars($_POST['r']) . "</pre>");
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now
Dan
parents: 870
diff changeset
   201
      }
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   202
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   203
      $time = intval($request['time']);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   204
      
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   205
      if ( $request['draft'] )
336
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   206
      {
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   207
        //
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   208
        // The user wants to save a draft version of the page.
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   209
        //
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   210
        
550
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   211
        // Validate permissions
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   212
        if ( !$session->get_permissions('edit_page') )
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   213
        {
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   214
          $return = array(
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   215
            'mode' => 'error',
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   216
            'error' => 'access_denied'
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   217
          );
550
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   218
        }
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   219
        else
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   220
        {
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   221
          // Delete any draft copies if they exist
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   222
          $q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   223
                                 AND page_id = \'' . $db->escape($paths->page_id) . '\'
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   224
                                 AND namespace = \'' . $db->escape($paths->namespace) . '\'
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   225
                                 AND is_draft = 1;');
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   226
          if ( !$q )
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   227
            $db->die_json();
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   228
          
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   229
          // are we just supposed to delete the draft?
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   230
          if ( $request['src'] === -1 )
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   231
          {
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   232
            $return = array(
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   233
              'mode' => 'success',
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   234
              'is_draft' => 'delete'
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   235
            );
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   236
          }
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   237
          else
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   238
          {
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   239
            $src = RenderMan::preprocess_text($request['src'], false, false);
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   240
            $draft_format = $request['format'];
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   241
            if ( !in_array($draft_format, array('xhtml', 'wikitext')) )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   242
            {
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   243
              $return = array(
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   244
                'mode' => 'error',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   245
                'error' => 'invalid_format'
550
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   246
              );
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   247
            }
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   248
            else
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   249
            {
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   250
              // Save the draft
1175
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1162
diff changeset
   251
              $q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs ( log_type, action, page_id, namespace, author, author_uid, edit_summary, page_text, is_draft, time_id, page_format )
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   252
                                     VALUES (
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   253
                                       \'page\',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   254
                                       \'edit\',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   255
                                       \'' . $db->escape($paths->page_id) . '\',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   256
                                       \'' . $db->escape($paths->namespace) . '\',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   257
                                       \'' . $db->escape($session->username) . '\',
1175
1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6.
Dan
parents: 1162
diff changeset
   258
                                       ' . $session->user_id . ',
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   259
                                       \'' . $db->escape($request['summary']) . '\',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   260
                                       \'' . $db->escape($src) . '\',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   261
                                       1,
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   262
                                       ' . time() . ',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   263
                                       \'' . $draft_format . '\'
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   264
                                     );');
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   265
              
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   266
              // Done!
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   267
              $return = array(
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   268
                  'mode' => 'success',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   269
                  'is_draft' => true
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   270
                );
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   271
            }
550
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   272
          }
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   273
        }
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   274
      }
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   275
      else
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   276
      {
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   277
        // Verify that no edits have been made since the editor was requested
416
53fcdf309a82 [Minor] Fixed obsolete trigger upon attempt at page save after draft autosave
Dan
parents: 413
diff changeset
   278
        $q = $db->sql_query('SELECT time_id, author FROM ' . table_prefix . "logs WHERE log_type = 'page' AND action = 'edit' AND page_id = '{$paths->page_id}' AND namespace = '{$paths->namespace}' AND is_draft != 1 ORDER BY time_id DESC LIMIT 1;");
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   279
        if ( !$q )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   280
          $db->die_json();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   281
        
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   282
        $row = $db->fetchrow();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   283
        $db->free_result();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   284
        
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   285
        if ( $row['time_id'] > $time )
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   286
        {
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   287
          $return = array(
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   288
            'mode' => 'obsolete',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   289
            'author' => $row['author'],
1081
745200a9cc2a Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents: 1068
diff changeset
   290
            'date_string' => enano_date(ED_DATE | ED_TIME, $row['time_id']),
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   291
            'time' => $row['time_id'] // time() ???
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   292
            );
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   293
          echo enano_json_encode($return);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   294
          break;
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   295
        }
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   296
        
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   297
        // Verify captcha, if needed
555
ac4c6a7f01d8 Added user preference for disabling visual effects in Javascript applets; added re-import button to installed plugins
Dan
parents: 550
diff changeset
   298
        if ( false && !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
336
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   299
        {
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   300
          if ( !isset($request['captcha_id']) || !isset($request['captcha_code']) )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   301
          {
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   302
            die('Invalid request, need captcha metadata');
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   303
          }
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   304
          $code_correct = strtolower($session->get_captcha($request['captcha_id']));
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   305
          $code_input = strtolower($request['captcha_code']);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   306
          if ( $code_correct !== $code_input )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   307
          {
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   308
            $return = array(
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   309
              'mode' => 'errors',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   310
              'errors' => array($lang->get('editor_err_captcha_wrong')),
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   311
              'new_captcha' => $session->make_captcha()
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   312
            );
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   313
            echo enano_json_encode($return);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   314
            break;
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   315
          }
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   316
        }
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   317
        
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   318
        // Verification complete. Start the PageProcessor and let it do the dirty work for us.
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   319
        $page = new PageProcessor($paths->page_id, $paths->namespace);
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   320
        if ( $page->update_page($request['src'], $request['summary'], ( $request['minor_edit'] == 1 ), $request['format']) )
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   321
        {
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   322
          $return = array(
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   323
              'mode' => 'success',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   324
              'is_draft' => false
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   325
            );
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   326
        }
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   327
        else
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   328
        {
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   329
          $errors = array();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   330
          while ( $err = $page->pop_error() )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   331
          {
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   332
            $errors[] = $err;
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   333
          }
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   334
          $return = array(
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   335
            'mode' => 'errors',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   336
            'errors' => array_values($errors)
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   337
            );
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   338
          if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   339
          {
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   340
            $return['new_captcha'] = $session->make_captcha();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   341
          }
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   342
        }
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   343
      }
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   344
      
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   345
      // If this is based on a draft version, delete the draft - we no longer need it.
472
bc4b58034f4d Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
parents: 468
diff changeset
   346
      if ( @$request['used_draft'] && !$request['draft'] )
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   347
      {
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   348
        $q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   349
                               AND page_id = \'' . $db->escape($paths->page_id) . '\'
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   350
                               AND namespace = \'' . $db->escape($paths->namespace) . '\'
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   351
                               AND is_draft = 1;');
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   352
      }
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   353
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   354
      echo enano_json_encode($return);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   355
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   356
      break;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   357
    case "diff_cur":
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   358
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   359
      // Lie about our content type to fool ad scripts
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   360
      header('Content-type: application/xhtml+xml');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   361
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   362
      if ( !isset($_POST['text']) )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   363
        die('Invalid request');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   364
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   365
      $page = new PageProcessor($paths->page_id, $paths->namespace);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   366
      if ( !($src = $page->fetch_source()) )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   367
      {
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   368
        die('Access denied');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   369
      }
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   370
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   371
      $diff = RenderMan::diff($src, $_POST['text']);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   372
      if ( $diff == '<table class="diff"></table>' )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   373
      {
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   374
        $diff = '<p>' . $lang->get('editor_msg_diff_empty') . '</p>';
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   375
      }
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   376
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   377
      echo '<div class="info-box">' . $lang->get('editor_msg_diff') . '</div>';
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   378
      echo $diff;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   379
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   380
      break;
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   381
    case "protect":
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   382
      // echo PageUtils::protect($paths->page_id, $paths->namespace, (int)$_POST['level'], $_POST['reason']);
481
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents: 472
diff changeset
   383
      
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents: 472
diff changeset
   384
      if ( @$_POST['reason'] === '__ROLLBACK__' )
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents: 472
diff changeset
   385
      {
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents: 472
diff changeset
   386
        // __ROLLBACK__ is a keyword for log entries.
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents: 472
diff changeset
   387
        die('"__ROLLBACK__" ain\'t gonna do it, buddy. Try to _not_ use reserved keywords next time, ok?');
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents: 472
diff changeset
   388
      }
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents: 472
diff changeset
   389
      
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   390
      $page = new PageProcessor($paths->page_id, $paths->namespace);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   391
      header('Content-type: application/json');
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   392
      
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   393
      $result = $page->protect_page(intval($_POST['level']), $_POST['reason']);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   394
      echo enano_json_encode($result);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   395
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   396
    case "histlist":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   397
      require_once(ENANO_ROOT.'/includes/pageutils.php');
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   398
      echo PageUtils::histlist($paths->page_id, $paths->namespace);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   399
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   400
    case "rollback":
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   401
      $id = intval(@$_GET['id']);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   402
      $page = new PageProcessor($paths->page_id, $paths->namespace);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   403
      header('Content-type: application/json');
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   404
      
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   405
      $result = $page->rollback_log_entry($id);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   406
      echo enano_json_encode($result);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   407
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   408
    case "comments":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   409
      require_once(ENANO_ROOT.'/includes/comment.php');
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   410
      $comments = new Comments($paths->page_id, $paths->namespace);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   411
      if ( isset($_POST['data']) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   412
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   413
        $comments->process_json($_POST['data']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   414
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   415
      else
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   416
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   417
        die('{ "mode" : "error", "error" : "No input" }');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   418
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   419
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   420
    case "rename":
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   421
      $page = new PageProcessor($paths->page_id, $paths->namespace);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   422
      header('Content-type: application/json');
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   423
      
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   424
      $result = $page->rename_page($_POST['newtitle']);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   425
      echo enano_json_encode($result);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   426
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   427
    case "flushlogs":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   428
      require_once(ENANO_ROOT.'/includes/pageutils.php');
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   429
      echo PageUtils::flushlogs($paths->page_id, $paths->namespace);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   430
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   431
    case "deletepage":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   432
      require_once(ENANO_ROOT.'/includes/pageutils.php');
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   433
      $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   434
      if ( empty($reason) )
378
c1c7fa6b329f Got Enano to load even if there are no plugins; added caching for decrypted session keys to significantly improve performance (in theory at least)
Dan
parents: 345
diff changeset
   435
        die($lang->get('page_err_need_reason'));
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   436
      echo PageUtils::deletepage($paths->page_id, $paths->namespace, $reason);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   437
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   438
    case "delvote":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   439
      require_once(ENANO_ROOT.'/includes/pageutils.php');
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   440
      echo PageUtils::delvote($paths->page_id, $paths->namespace);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   441
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   442
    case "resetdelvotes":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   443
      require_once(ENANO_ROOT.'/includes/pageutils.php');
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   444
      echo PageUtils::resetdelvotes($paths->page_id, $paths->namespace);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   445
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   446
    case "getstyles":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   447
      require_once(ENANO_ROOT.'/includes/pageutils.php');
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   448
      echo PageUtils::getstyles($_GET['id']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   449
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   450
    case "catedit":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   451
      require_once(ENANO_ROOT.'/includes/pageutils.php');
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   452
      echo PageUtils::catedit($paths->page_id, $paths->namespace);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   453
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   454
    case "catsave":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   455
      require_once(ENANO_ROOT.'/includes/pageutils.php');
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   456
      echo PageUtils::catsave($paths->page_id, $paths->namespace, $_POST);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   457
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   458
    case "setwikimode":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   459
      require_once(ENANO_ROOT.'/includes/pageutils.php');
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   460
      echo PageUtils::setwikimode($paths->page_id, $paths->namespace, (int)$_GET['mode']);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   461
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   462
    case "setpass":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   463
      require_once(ENANO_ROOT.'/includes/pageutils.php');
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   464
      echo PageUtils::setpass($paths->page_id, $paths->namespace, $_POST['password']);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   465
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   466
    case "fillusername":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   467
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   468
    case "fillpagename":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   469
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   470
    case "preview":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   471
      require_once(ENANO_ROOT.'/includes/pageutils.php');
714
2f1706c4231f Fixed nonworking editor preview due to uninitialized template
Dan
parents: 685
diff changeset
   472
      $template->init_vars();
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   473
      echo PageUtils::genPreview($_POST['text']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   474
      break;
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   475
    case "transform":
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   476
      header('Content-type: text/javascript');
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   477
      if ( !isset($_GET['to']) )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   478
      {
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   479
        echo enano_json_encode(array(
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   480
            'mode' => 'error',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   481
            'error' => '"to" not specified'
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   482
          ));
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   483
        break;
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   484
      }
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   485
      if ( !isset($_POST['text']) )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   486
      {
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   487
        echo enano_json_encode(array(
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   488
            'mode' => 'error',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   489
            'error' => '"text" not specified (must be on POST)'
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   490
          ));
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   491
        break;
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   492
      }
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   493
      switch($_GET['to'])
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   494
      {
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   495
        case 'xhtml':
1108
c1be67a50d81 Removed the $userpage parameter from Namespace_Default::error_404(). It screwed up a couple plugins. (Thanks Mazza for discovering the issue)
Dan
parents: 1103
diff changeset
   496
          $result = RenderMan::render($_POST['text'], RENDER_BLOCK | RENDER_NOSMILIES, false);
832
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   497
          break;
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   498
        case 'wikitext':
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   499
          $result = RenderMan::reverse_render($_POST['text']);
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   500
          break;
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   501
        default:
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   502
          $text =& $_POST['text'];
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   503
          $result = false;
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   504
          $code = $plugins->setHook('ajax_transform');
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   505
          foreach ( $code as $cmd )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   506
          {
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   507
            eval($cmd);
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   508
          }
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   509
          if ( !$result )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   510
          {
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   511
            echo enano_json_encode(array(
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   512
                'mode' => 'error',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   513
                'error' => 'Invalid target format'
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   514
              ));
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   515
            break;
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   516
          }
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   517
          break;
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   518
      }
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   519
      
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   520
      // mostly for debugging, but I suppose this could be useful elsewhere.
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   521
      if ( isset($_POST['plaintext']) )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   522
        die($result);
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   523
      
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   524
      echo enano_json_encode(array(
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   525
          'mode' => 'transformed_text',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   526
          'text' => $result
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   527
        ));
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message)
Dan
parents: 801
diff changeset
   528
      break;
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   529
    case "pagediff":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   530
      require_once(ENANO_ROOT.'/includes/pageutils.php');
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   531
      $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   532
      $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   533
      if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   534
      if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) ||
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   535
         !preg_match('#^([0-9]+)$#', (string)$_GET['diff2']  )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   536
      echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   537
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   538
    case "jsres":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   539
      die('// ERROR: this section is deprecated and has moved to includes/clientside/static/enano-lib-basic.js.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   540
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   541
    case "rdns":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   542
      if(!$session->get_permissions('mod_misc')) die('Go somewhere else for your reverse DNS info!');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   543
      $ip = $_GET['ip'];
1005
b7c7f7e2e93b AJAX rdns call now calls is_valid_ip() (security?)
Dan
parents: 968
diff changeset
   544
      if ( !is_valid_ip($ip) )
b7c7f7e2e93b AJAX rdns call now calls is_valid_ip() (security?)
Dan
parents: 968
diff changeset
   545
      {
b7c7f7e2e93b AJAX rdns call now calls is_valid_ip() (security?)
Dan
parents: 968
diff changeset
   546
        echo $lang->get('acpsl_err_invalid_ip');
b7c7f7e2e93b AJAX rdns call now calls is_valid_ip() (security?)
Dan
parents: 968
diff changeset
   547
      }
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   548
      $rdns = gethostbyaddr($ip);
1005
b7c7f7e2e93b AJAX rdns call now calls is_valid_ip() (security?)
Dan
parents: 968
diff changeset
   549
      if ( $rdns == $ip )
b7c7f7e2e93b AJAX rdns call now calls is_valid_ip() (security?)
Dan
parents: 968
diff changeset
   550
        echo $lang->get('acpsl_err_ptr_no_resolve');
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   551
      else echo $rdns;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   552
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   553
    case 'acljson':
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   554
      require_once(ENANO_ROOT.'/includes/pageutils.php');
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   555
      $parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   556
      echo PageUtils::acl_json($parms);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   557
      break;
870
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   558
    case 'theme_list':
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   559
      header('Content-type: application/json');
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   560
      
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   561
      $return = array();
968
105a24b4de8f ajax: theme selector: no longer lists disallowed themes
Dan
parents: 963
diff changeset
   562
      foreach ( $template->theme_list as $theme )
870
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   563
      {
1017
d0d3da40c391 Theme selector: fixed disabled themes being displayed
Dan
parents: 1005
diff changeset
   564
        if ( $theme['enabled'] != 1 )
d0d3da40c391 Theme selector: fixed disabled themes being displayed
Dan
parents: 1005
diff changeset
   565
          continue;
d0d3da40c391 Theme selector: fixed disabled themes being displayed
Dan
parents: 1005
diff changeset
   566
        
968
105a24b4de8f ajax: theme selector: no longer lists disallowed themes
Dan
parents: 963
diff changeset
   567
        $return[] = array(
105a24b4de8f ajax: theme selector: no longer lists disallowed themes
Dan
parents: 963
diff changeset
   568
            'theme_name' => $theme['theme_name'],
105a24b4de8f ajax: theme selector: no longer lists disallowed themes
Dan
parents: 963
diff changeset
   569
            'theme_id' => $theme['theme_id'],
105a24b4de8f ajax: theme selector: no longer lists disallowed themes
Dan
parents: 963
diff changeset
   570
            'have_thumb' => file_exists(ENANO_ROOT . "/themes/{$theme['theme_id']}/preview.png")
105a24b4de8f ajax: theme selector: no longer lists disallowed themes
Dan
parents: 963
diff changeset
   571
          );
870
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   572
      }
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   573
      
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   574
      echo enano_json_encode($return);
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   575
      
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   576
      break;
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   577
    case "get_styles":
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   578
      if ( !preg_match('/^[a-z0-9_-]+$/', $_GET['theme_id']) )
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   579
        die(enano_json_encode(array()));
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   580
      
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   581
      $theme_id = $_GET['theme_id'];
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   582
      $return = array();
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   583
      
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   584
      if ( $dr = @opendir(ENANO_ROOT . "/themes/$theme_id/css/") )
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   585
      {
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   586
        while ( $dh = @readdir($dr) )
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   587
        {
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   588
          if ( preg_match('/\.css$/', $dh) && $dh != '_printable.css' )
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   589
          {
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   590
            $return[] = preg_replace('/\.css$/', '', $dh);
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   591
          }
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   592
        }
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   593
      }
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   594
      else
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   595
      {
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   596
        $return = array(
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   597
            'mode' => 'error',
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   598
            'error' => 'Could not open directory.'
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   599
          );
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   600
      }
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   601
      echo enano_json_encode($return);
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   602
      break;
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   603
    case "change_theme":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   604
      if ( !isset($_POST['theme_id']) || !isset($_POST['style_id']) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   605
      {
870
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   606
        die(enano_json_encode(array('mode' => 'error', 'error' => 'Invalid parameter')));
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   607
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   608
      if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme_id']) || !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style_id']) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   609
      {
870
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   610
        die(enano_json_encode(array('mode' => 'error', 'error' => 'Invalid parameter')));
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   611
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   612
      if ( !file_exists(ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css') )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   613
      {
870
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   614
        die(enano_json_encode(array('mode' => 'error', 'error' => 'Can\'t find theme file: ' . ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css')));;
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   615
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   616
      if ( !$session->user_logged_in )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   617
      {
870
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   618
        die(enano_json_encode(array('mode' => 'error', 'error' => 'You must be logged in to change your theme')));
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   619
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   620
      // Just in case something slipped through...
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   621
      $theme_id = $db->escape($_POST['theme_id']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   622
      $style_id = $db->escape($_POST['style_id']);
870
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   623
      $e = $db->sql_query('UPDATE ' . table_prefix . "users SET theme = '$theme_id', style = '$style_id' WHERE user_id = $session->user_id;");
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   624
      if ( !$e )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   625
        die( $db->get_error() );
870
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   626
      
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   627
      echo enano_json_encode(array(
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   628
          'success' => true
82bbfe3dc8a0 Swapped in a new theme selector.
Dan
parents: 832
diff changeset
   629
        ));
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   630
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   631
    case 'get_tags':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   632
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   633
      $ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   634
      $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user_id FROM '.table_prefix.'tags AS t
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   635
        LEFT JOIN '.table_prefix.'page_groups AS pg
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   636
          ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   637
        WHERE t.page_id=\'' . $db->escape($paths->page_id) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   638
      if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   639
        $db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   640
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   641
      while ( $row = $db->fetchrow() )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   642
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   643
        $can_del = true;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   644
        
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   645
        $perm = ( $row['user_id'] != $session->user_id ) ?
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   646
                'tag_delete_other' :
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   647
                'tag_delete_own';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   648
        
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   649
        if ( $row['user_id'] == 1 && !$session->user_logged_in )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   650
          // anonymous user trying to delete tag (hardcode blacklisted)
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   651
          $can_del = false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   652
          
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   653
        if ( !$session->get_permissions($perm) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   654
          $can_del = false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   655
        
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   656
        if ( $row['used_in_acl'] == 1 && !$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   657
          $can_del = false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   658
        
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   659
        $ret['tags'][] = array(
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   660
          'id' => $row['tag_id'],
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   661
          'name' => $row['tag_name'],
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   662
          'can_del' => $can_del,
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   663
          'acl' => ( $row['used_in_acl'] == 1 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   664
        );
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   665
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   666
      
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 326
diff changeset
   667
      echo enano_json_encode($ret);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   668
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   669
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   670
    case 'addtag':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   671
      $resp = array(
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   672
          'success' => false,
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   673
          'error' => 'No error',
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   674
          'can_del' => ( $session->get_permissions('tag_delete_own') && $session->user_logged_in ),
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   675
          'in_acl' => false
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   676
        );
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   677
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   678
      // first of course, are we allowed to tag pages?
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   679
      if ( !$session->get_permissions('tag_create') )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   680
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   681
        $resp['error'] = 'You are not permitted to tag pages.';
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 326
diff changeset
   682
        die(enano_json_encode($resp));
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   683
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   684
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   685
      // sanitize the tag name
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   686
      $tag = sanitize_tag($_POST['tag']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   687
      $tag = $db->escape($tag);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   688
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   689
      if ( strlen($tag) < 2 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   690
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   691
        $resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.';
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 326
diff changeset
   692
        die(enano_json_encode($resp));
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   693
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   694
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   695
      // check if tag is already on page
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   696
      $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';');
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   697
      if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   698
        $db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   699
      if ( $db->numrows() > 0 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   700
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   701
        $resp['error'] = 'This page already has this tag.';
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 326
diff changeset
   702
        die(enano_json_encode($resp));
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   703
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   704
      $db->free_result();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   705
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   706
      // tricky: make sure this tag isn't being used in some page group, and thus adding it could affect page access
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   707
      $can_edit_acl = ( $session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN );
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   708
      $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'page_groups WHERE pg_type=' . PAGE_GRP_TAGGED . ' AND pg_target=\'' . $tag . '\';');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   709
      if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   710
        $db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   711
      if ( $db->numrows() > 0 && !$can_edit_acl )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   712
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   713
        $resp['error'] = 'This tag is used in an ACL page group, and thus can\'t be added to a page by people without administrator privileges.';
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 326
diff changeset
   714
        die(enano_json_encode($resp));
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   715
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   716
      $resp['in_acl'] = ( $db->numrows() > 0 );
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   717
      $db->free_result();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   718
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   719
      // we're good
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   720
      $q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user_id) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->page_id) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   721
      if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   722
        $db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   723
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   724
      $resp['success'] = true;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   725
      $resp['tag'] = $tag;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   726
      $resp['tag_id'] = $db->insert_id();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   727
      
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 326
diff changeset
   728
      echo enano_json_encode($resp);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   729
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   730
    case 'deltag':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   731
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   732
      $tag_id = intval($_POST['tag_id']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   733
      if ( empty($tag_id) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   734
        die('Invalid tag ID');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   735
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   736
      $q = $db->sql_query('SELECT t.tag_id, t.user_id, t.page_id, t.namespace, pg.pg_target IS NOT NULL AS used_in_acl FROM '.table_prefix.'tags AS t
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   737
  LEFT JOIN '.table_prefix.'page_groups AS pg
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   738
    ON ( pg.pg_id IS NULL OR ( pg.pg_target = t.tag_name AND pg.pg_type = ' . PAGE_GRP_TAGGED . ' ) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   739
  WHERE t.tag_id=' . $tag_id . ';');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   740
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   741
      if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   742
        $db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   743
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   744
      if ( $db->numrows() < 1 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   745
        die('Could not find a tag with that ID');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   746
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   747
      $row = $db->fetchrow();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   748
      $db->free_result();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   749
      
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   750
      if ( $row['page_id'] == $paths->page_id && $row['namespace'] == $paths->namespace )
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   751
        $perms =& $session;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   752
      else
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   753
        $perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   754
        
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   755
      $perm = ( $row['user_id'] != $session->user_id ) ?
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   756
                'tag_delete_other' :
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   757
                'tag_delete_own';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   758
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   759
      if ( $row['user_id'] == 1 && !$session->user_logged_in )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   760
        // anonymous user trying to delete tag (hardcode blacklisted)
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   761
        die('You are not authorized to delete this tag.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   762
        
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   763
      if ( !$perms->get_permissions($perm) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   764
        die('You are not authorized to delete this tag.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   765
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   766
      if ( $row['used_in_acl'] == 1 && !$perms->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   767
        die('You are not authorized to delete this tag.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   768
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   769
      // We're good
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   770
      $q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE tag_id = ' . $tag_id . ';');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   771
      if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   772
        $db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   773
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   774
      echo 'success';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   775
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   776
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   777
    case 'ping':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   778
      echo 'pong';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   779
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   780
    default:
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   781
      die('Hacking attempt');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   782
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   783
  }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   784
  
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   785
?>