ajax.php
author Dan
Mon, 11 Aug 2008 21:43:04 -0400
changeset 684 15dbbe7e7674
parent 593 4f9bec0d65c1
child 685 17ebe24cdf85
permissions -rw-r--r--
A few fixes in SpecialUserFuncs: made avatars have a +30-day expiry date and made full login form show encryption blurb even when user_level > USER_LEVEL_MEMBER. Added expanding user-info blocks in memberlist (experimental).
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
     1
<?php
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
     2
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
     3
/*
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
     4
 * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
536
218a627eb53e Rebrand as 1.1.4 (Caoineag alpha 4)
Dan
parents: 481
diff changeset
     5
 * Version 1.1.4 (Caoineag alpha 4)
218a627eb53e Rebrand as 1.1.4 (Caoineag alpha 4)
Dan
parents: 481
diff changeset
     6
 * Copyright (C) 2006-2008 Dan Fuhry
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
     7
 *
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
     8
 * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
     9
 * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    10
 *
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    11
 * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    12
 * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    13
 */
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    14
 
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    15
  define('ENANO_INTERFACE_AJAX', '');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    16
 
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    17
  require('includes/common.php');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    18
  
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    19
  global $db, $session, $paths, $template, $plugins; // Common objects
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    20
  if(!isset($_GET['_mode'])) die('This script cannot be accessed directly.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    21
  
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    22
  $_ob = '';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    23
  
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    24
  switch($_GET['_mode']) {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    25
    case "checkusername":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
    26
      require_once(ENANO_ROOT.'/includes/pageutils.php');
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    27
      echo PageUtils::checkusername($_GET['name']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    28
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
    29
    case "getsource":
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    30
      header('Content-type: text/plain');
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
    31
      $password = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
408
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
    32
      $revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0;
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
    33
      $page = new PageProcessor($paths->page_id, $paths->namespace, $revid);
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
    34
      $page->password = $password;
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    35
      $have_draft = false;
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
    36
      if ( $src = $page->fetch_source() )
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
    37
      {
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
    38
        $allowed = true;
417
b76ebe229548 Edit summary should now be carried over when a draft is restored
Dan
parents: 416
diff changeset
    39
        $q = $db->sql_query('SELECT author, time_id, page_text, edit_summary FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    40
                               AND page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    41
                               AND namespace = \'' . $db->escape($paths->namespace) . '\'
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    42
                               AND is_draft = 1;');
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    43
        if ( !$q )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    44
          $db->die_json();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    45
        
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    46
        if ( $db->numrows() > 0 )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    47
        {
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    48
          $have_draft = true;
419
b8b4e38825db Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents: 417
diff changeset
    49
          $draft_row = $db->fetchrow($q);
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    50
        }
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
    51
      }
325
e17cc42d77cf Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
parents: 324
diff changeset
    52
      else if ( $src !== false )
e17cc42d77cf Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
parents: 324
diff changeset
    53
      {
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
    54
        $allowed = true;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
    55
        $src = '';
325
e17cc42d77cf Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
parents: 324
diff changeset
    56
      }
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
    57
      else
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
    58
      {
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
    59
        $allowed = false;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
    60
        $src = '';
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
    61
      }
336
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
    62
      
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
    63
      $auth_edit = ( $session->get_permissions('edit_page') && ( $session->get_permissions('even_when_protected') || !$paths->page_protected ) );
387
92664d2efab8 Rebranded source code as 1.1.1; added TinyMCE ACL rule as per Vadi's request: http://forum.enanocms.org/viewtopic.php?f=7&t=54
Dan
parents: 378
diff changeset
    64
      $auth_wysiwyg = ( $session->get_permissions('edit_wysiwyg') );
336
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
    65
      
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
    66
      $return = array(
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
    67
          'mode' => 'editor',
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
    68
          'src' => $src,
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
    69
          'auth_view_source' => $allowed,
336
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
    70
          'auth_edit' => $auth_edit,
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
    71
          'time' => time(),
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
    72
          'require_captcha' => false,
408
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
    73
          'allow_wysiwyg' => $auth_wysiwyg,
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    74
          'revid' => $revid,
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    75
          'have_draft' => false
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
    76
        );
336
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
    77
      
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    78
      if ( $have_draft )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    79
      {
419
b8b4e38825db Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links.
Dan
parents: 417
diff changeset
    80
        $row =& $draft_row;
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    81
        $return['have_draft'] = true;
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    82
        $return['draft_author'] = $row['author'];
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    83
        $return['draft_time'] = enano_date('d M Y h:i a', intval($row['time_id']));
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    84
        if ( isset($_GET['get_draft']) && @$_GET['get_draft'] === '1' )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    85
        {
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    86
          $return['src'] = $row['page_text'];
417
b76ebe229548 Edit summary should now be carried over when a draft is restored
Dan
parents: 416
diff changeset
    87
          $return['edit_summary'] = $row['edit_summary'];
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    88
        }
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    89
      }
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
    90
      
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
    91
      $return['undo_info'] = array();
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
    92
      
408
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
    93
      if ( $revid > 0 )
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
    94
      {
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
    95
        // Retrieve information about this revision and the current one
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
    96
        $q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
    97
  LEFT JOIN ' . table_prefix . 'logs AS l2
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
    98
    ON ( l2.log_id = ' . $revid . '
408
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
    99
         AND l2.log_type  = \'page\'
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   100
         AND l2.action    = \'edit\'
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   101
         AND l2.page_id   = \'' . $db->escape($paths->page_id)   . '\'
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   102
         AND l2.namespace = \'' . $db->escape($paths->namespace) . '\'
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   103
         AND l2.is_draft != 1
408
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   104
        )
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   105
  WHERE l1.log_type  = \'page\'
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   106
    AND l1.action    = \'edit\'
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   107
    AND l1.page_id   = \'' . $db->escape($paths->page_id)   . '\'
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   108
    AND l1.namespace = \'' . $db->escape($paths->namespace) . '\'
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   109
    AND l1.time_id   > ' . $page->revision_time . '
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   110
    AND l1.is_draft != 1
408
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   111
  ORDER BY l1.time_id DESC;');
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   112
        if ( !$q )
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   113
          $db->die_json();
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   114
        
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   115
        if ( $db->numrows() > 0 )
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   116
        {
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   117
          $rev_count = $db->numrows() - 1;
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   118
          if ( $rev_count == -1 )
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   119
          {
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   120
            $return = array(
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   121
                'mode' => 'error',
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   122
                'error' => '[Internal] No rows returned by revision info query. SQL:<pre>' . $db->latest_query . '</pre>'
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   123
              );
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   124
          }
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   125
          else
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   126
          {
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   127
            $row = $db->fetchrow();
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   128
            $return['undo_info'] = array(
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   129
              'old_author'     => $row['oldrev_author'],
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   130
              'current_author' => $row['currentrev_author'],
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   131
              'undo_count'     => $rev_count
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   132
            );
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   133
          }
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   134
        }
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   135
        else
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   136
        {
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   137
          $return['revid'] = $revid = 0;
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   138
        }
408
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   139
      }
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents: 387
diff changeset
   140
      
336
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   141
      if ( $auth_edit && !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   142
      {
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   143
        $return['require_captcha'] = true;
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   144
        $return['captcha_id'] = $session->make_captcha();
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   145
      }
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   146
      
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   147
      $template->load_theme();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   148
      $return['toolbar_templates'] = $template->extract_vars('toolbar.tpl');
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   149
      
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   150
      echo enano_json_encode($return);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   151
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   152
    case "getpage":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   153
      // echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   154
      $revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   155
      $page = new PageProcessor( $paths->page_id, $paths->namespace, $revision_id );
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   156
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   157
      $pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : '';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   158
      $page->password = $pagepass;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   159
            
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   160
      $page->send();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   161
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   162
    case "savepage":
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   163
      /* **** OBSOLETE **** */
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   164
      
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   165
      break;
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   166
    case "savepage_json":
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   167
      header('Content-type: application/json');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   168
      if ( !isset($_POST['r']) )
550
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   169
        die('Invalid request');
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   170
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   171
      $request = enano_json_decode($_POST['r']);
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   172
      if ( !isset($request['src']) || !isset($request['summary']) || !isset($request['minor_edit']) || !isset($request['time']) || !isset($request['draft']) )
550
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   173
        die('Invalid request');
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   174
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   175
      $time = intval($request['time']);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   176
      
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   177
      if ( $request['draft'] )
336
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   178
      {
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   179
        //
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   180
        // The user wants to save a draft version of the page.
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   181
        //
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   182
        
550
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   183
        // Validate permissions
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   184
        if ( !$session->get_permissions('edit_page') )
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   185
        {
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   186
          $return = array(
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   187
            'mode' => 'error',
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   188
            'error' => 'access_denied'
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   189
          );
550
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   190
        }
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   191
        else
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   192
        {
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   193
          // Delete any draft copies if they exist
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   194
          $q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   195
                                 AND page_id = \'' . $db->escape($paths->page_id) . '\'
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   196
                                 AND namespace = \'' . $db->escape($paths->namespace) . '\'
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   197
                                 AND is_draft = 1;');
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   198
          if ( !$q )
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   199
            $db->die_json();
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   200
          
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   201
          // are we just supposed to delete the draft?
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   202
          if ( $request['src'] === -1 )
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   203
          {
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   204
            $return = array(
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   205
              'mode' => 'success',
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   206
              'is_draft' => 'delete'
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   207
            );
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   208
          }
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   209
          else
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   210
          {
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   211
            $src = RenderMan::preprocess_text($request['src'], false, false);
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   212
            
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   213
            // Save the draft
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   214
            $q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs ( log_type, action, page_id, namespace, author, edit_summary, page_text, is_draft, time_id )
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   215
                                   VALUES (
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   216
                                     \'page\',
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   217
                                     \'edit\',
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   218
                                     \'' . $db->escape($paths->page_id) . '\',
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   219
                                     \'' . $db->escape($paths->namespace) . '\',
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   220
                                     \'' . $db->escape($session->username) . '\',
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   221
                                     \'' . $db->escape($request['summary']) . '\',
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   222
                                     \'' . $db->escape($src) . '\',
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   223
                                     1,
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   224
                                     ' . time() . '
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   225
                                   );');
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   226
            
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   227
            // Done!
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   228
            $return = array(
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   229
                'mode' => 'success',
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   230
                'is_draft' => true
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   231
              );
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   232
          }
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
Dan
parents: 536
diff changeset
   233
        }
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   234
      }
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   235
      else
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   236
      {
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   237
        // Verify that no edits have been made since the editor was requested
416
53fcdf309a82 [Minor] Fixed obsolete trigger upon attempt at page save after draft autosave
Dan
parents: 413
diff changeset
   238
        $q = $db->sql_query('SELECT time_id, author FROM ' . table_prefix . "logs WHERE log_type = 'page' AND action = 'edit' AND page_id = '{$paths->page_id}' AND namespace = '{$paths->namespace}' AND is_draft != 1 ORDER BY time_id DESC LIMIT 1;");
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   239
        if ( !$q )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   240
          $db->die_json();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   241
        
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   242
        $row = $db->fetchrow();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   243
        $db->free_result();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   244
        
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   245
        if ( $row['time_id'] > $time )
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   246
        {
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   247
          $return = array(
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   248
            'mode' => 'obsolete',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   249
            'author' => $row['author'],
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   250
            'date_string' => enano_date('d M Y h:i a', $row['time_id']),
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   251
            'time' => $row['time_id'] // time() ???
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   252
            );
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   253
          echo enano_json_encode($return);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   254
          break;
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   255
        }
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   256
        
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   257
        // Verify captcha, if needed
555
ac4c6a7f01d8 Added user preference for disabling visual effects in Javascript applets; added re-import button to installed plugins
Dan
parents: 550
diff changeset
   258
        if ( false && !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
336
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY)
Dan
parents: 335
diff changeset
   259
        {
413
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   260
          if ( !isset($request['captcha_id']) || !isset($request['captcha_code']) )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   261
          {
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   262
            die('Invalid request, need captcha metadata');
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   263
          }
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   264
          $code_correct = strtolower($session->get_captcha($request['captcha_id']));
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   265
          $code_input = strtolower($request['captcha_code']);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   266
          if ( $code_correct !== $code_input )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   267
          {
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   268
            $return = array(
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   269
              'mode' => 'errors',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   270
              'errors' => array($lang->get('editor_err_captcha_wrong')),
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   271
              'new_captcha' => $session->make_captcha()
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   272
            );
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   273
            echo enano_json_encode($return);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   274
            break;
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   275
          }
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   276
        }
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   277
        
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   278
        // Verification complete. Start the PageProcessor and let it do the dirty work for us.
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   279
        $page = new PageProcessor($paths->page_id, $paths->namespace);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   280
        if ( $page->update_page($request['src'], $request['summary'], ( $request['minor_edit'] == 1 )) )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   281
        {
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   282
          $return = array(
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   283
              'mode' => 'success',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   284
              'is_draft' => false
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   285
            );
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   286
        }
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   287
        else
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   288
        {
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   289
          $errors = array();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   290
          while ( $err = $page->pop_error() )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   291
          {
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   292
            $errors[] = $err;
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   293
          }
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   294
          $return = array(
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   295
            'mode' => 'errors',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   296
            'errors' => array_values($errors)
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   297
            );
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   298
          if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   299
          {
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   300
            $return['new_captcha'] = $session->make_captcha();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   301
          }
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd.
Dan
parents: 408
diff changeset
   302
        }
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   303
      }
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   304
      
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   305
      // If this is based on a draft version, delete the draft - we no longer need it.
472
bc4b58034f4d Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug
Dan
parents: 468
diff changeset
   306
      if ( @$request['used_draft'] && !$request['draft'] )
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   307
      {
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   308
        $q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   309
                               AND page_id = \'' . $db->escape($paths->page_id) . '\'
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   310
                               AND namespace = \'' . $db->escape($paths->namespace) . '\'
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   311
                               AND is_draft = 1;');
335
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   312
      }
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   313
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   314
      echo enano_json_encode($return);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   315
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   316
      break;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   317
    case "diff_cur":
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   318
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   319
      // Lie about our content type to fool ad scripts
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   320
      header('Content-type: application/xhtml+xml');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   321
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   322
      if ( !isset($_POST['text']) )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   323
        die('Invalid request');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   324
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   325
      $page = new PageProcessor($paths->page_id, $paths->namespace);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   326
      if ( !($src = $page->fetch_source()) )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   327
      {
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   328
        die('Access denied');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   329
      }
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   330
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   331
      $diff = RenderMan::diff($src, $_POST['text']);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   332
      if ( $diff == '<table class="diff"></table>' )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   333
      {
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   334
        $diff = '<p>' . $lang->get('editor_msg_diff_empty') . '</p>';
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   335
      }
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   336
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   337
      echo '<div class="info-box">' . $lang->get('editor_msg_diff') . '</div>';
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   338
      echo $diff;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   339
      
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
parents: 334
diff changeset
   340
      break;
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   341
    case "protect":
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   342
      // echo PageUtils::protect($paths->page_id, $paths->namespace, (int)$_POST['level'], $_POST['reason']);
481
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents: 472
diff changeset
   343
      
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents: 472
diff changeset
   344
      if ( @$_POST['reason'] === '__ROLLBACK__' )
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents: 472
diff changeset
   345
      {
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents: 472
diff changeset
   346
        // __ROLLBACK__ is a keyword for log entries.
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents: 472
diff changeset
   347
        die('"__ROLLBACK__" ain\'t gonna do it, buddy. Try to _not_ use reserved keywords next time, ok?');
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents: 472
diff changeset
   348
      }
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents: 472
diff changeset
   349
      
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   350
      $page = new PageProcessor($paths->page_id, $paths->namespace);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   351
      header('Content-type: application/json');
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   352
      
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   353
      $result = $page->protect_page(intval($_POST['level']), $_POST['reason']);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   354
      echo enano_json_encode($result);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   355
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   356
    case "histlist":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   357
      require_once(ENANO_ROOT.'/includes/pageutils.php');
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   358
      echo PageUtils::histlist($paths->page_id, $paths->namespace);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   359
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   360
    case "rollback":
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   361
      $id = intval(@$_GET['id']);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   362
      $page = new PageProcessor($paths->page_id, $paths->namespace);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   363
      header('Content-type: application/json');
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   364
      
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   365
      $result = $page->rollback_log_entry($id);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   366
      echo enano_json_encode($result);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   367
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   368
    case "comments":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   369
      require_once(ENANO_ROOT.'/includes/comment.php');
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   370
      $comments = new Comments($paths->page_id, $paths->namespace);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   371
      if ( isset($_POST['data']) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   372
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   373
        $comments->process_json($_POST['data']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   374
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   375
      else
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   376
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   377
        die('{ "mode" : "error", "error" : "No input" }');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   378
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   379
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   380
    case "rename":
468
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   381
      $page = new PageProcessor($paths->page_id, $paths->namespace);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   382
      header('Content-type: application/json');
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   383
      
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   384
      $result = $page->rename_page($_POST['newtitle']);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents: 419
diff changeset
   385
      echo enano_json_encode($result);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   386
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   387
    case "flushlogs":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   388
      require_once(ENANO_ROOT.'/includes/pageutils.php');
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   389
      echo PageUtils::flushlogs($paths->page_id, $paths->namespace);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   390
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   391
    case "deletepage":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   392
      require_once(ENANO_ROOT.'/includes/pageutils.php');
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   393
      $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   394
      if ( empty($reason) )
378
c1c7fa6b329f Got Enano to load even if there are no plugins; added caching for decrypted session keys to significantly improve performance (in theory at least)
Dan
parents: 345
diff changeset
   395
        die($lang->get('page_err_need_reason'));
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   396
      echo PageUtils::deletepage($paths->page_id, $paths->namespace, $reason);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   397
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   398
    case "delvote":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   399
      require_once(ENANO_ROOT.'/includes/pageutils.php');
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   400
      echo PageUtils::delvote($paths->page_id, $paths->namespace);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   401
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   402
    case "resetdelvotes":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   403
      require_once(ENANO_ROOT.'/includes/pageutils.php');
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   404
      echo PageUtils::resetdelvotes($paths->page_id, $paths->namespace);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   405
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   406
    case "getstyles":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   407
      require_once(ENANO_ROOT.'/includes/pageutils.php');
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   408
      echo PageUtils::getstyles($_GET['id']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   409
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   410
    case "catedit":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   411
      require_once(ENANO_ROOT.'/includes/pageutils.php');
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   412
      echo PageUtils::catedit($paths->page_id, $paths->namespace);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   413
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   414
    case "catsave":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   415
      require_once(ENANO_ROOT.'/includes/pageutils.php');
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   416
      echo PageUtils::catsave($paths->page_id, $paths->namespace, $_POST);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   417
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   418
    case "setwikimode":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   419
      require_once(ENANO_ROOT.'/includes/pageutils.php');
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   420
      echo PageUtils::setwikimode($paths->page_id, $paths->namespace, (int)$_GET['mode']);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   421
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   422
    case "setpass":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   423
      require_once(ENANO_ROOT.'/includes/pageutils.php');
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   424
      echo PageUtils::setpass($paths->page_id, $paths->namespace, $_POST['password']);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   425
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   426
    case "fillusername":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   427
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   428
    case "fillpagename":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   429
      $name = (isset($_GET['name'])) ? $_GET['name'] : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   430
      if(!$name) die('userlist = new Array(); namelist = new Array(); errorstring=\'Invalid URI\'');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   431
      $nd = RenderMan::strToPageID($name);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   432
      $c = 0;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   433
      $u = Array();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   434
      $n = Array();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   435
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   436
      $name = sanitize_page_id($name);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   437
      $name = str_replace('_', ' ', $name);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   438
      
593
4f9bec0d65c1 More optimization work. Moved special page init functions to common instead of common_post hook. Allowed paths to cache page metadata on filesystem. Phased out the redundancy in $paths->pages that paired a number with every urlname as foreach loops are allowed now (and have been for some time). Fixed missing includes for several functions. Rewrote str_replace_once to be a lot more efficient.
Dan
parents: 592
diff changeset
   439
      foreach ( $paths->pages as $i => $_ )
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   440
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   441
        if( ( 
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   442
            preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['name']) ||
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   443
            preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname']) ||
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   444
            preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname_nons']) ||
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   445
            preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['name']) ||
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   446
            preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname']) ||
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   447
            preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname_nons'])
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   448
            ) &&
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   449
           ( ( $nd[1] != 'Article' && $paths->pages[$i]['namespace'] == $nd[1] ) || $nd[1] == 'Article' )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   450
            && $paths->pages[$i]['visible']
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   451
           )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   452
        {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   453
          $c++;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   454
          $u[] = $paths->pages[$i]['name'];
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   455
          $n[] = $paths->pages[$i]['urlname'];
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   456
        }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   457
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   458
      if($c > 0)
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   459
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   460
        echo 'userlist = new Array(); namelist = new Array(); errorstring = false; '."\n";
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   461
        for($i=0;$i<sizeof($u);$i++) // Can't use foreach because we need the value of $i and we need to use both $u and $n
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   462
        {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   463
          echo "userlist[$i] = '".addslashes($n[$i])."';\n";
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   464
          echo "namelist[$i] = '".addslashes(htmlspecialchars($u[$i]))."';\n";
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   465
        }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   466
      } else {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   467
        die('userlist = new Array(); namelist = new Array(); errorstring=\'No page matches found.\'');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   468
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   469
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   470
    case "preview":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   471
      require_once(ENANO_ROOT.'/includes/pageutils.php');
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   472
      echo PageUtils::genPreview($_POST['text']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   473
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   474
    case "pagediff":
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   475
      require_once(ENANO_ROOT.'/includes/pageutils.php');
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   476
      $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   477
      $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   478
      if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   479
      if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) ||
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   480
         !preg_match('#^([0-9]+)$#', (string)$_GET['diff2']  )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   481
      echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   482
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   483
    case "jsres":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   484
      die('// ERROR: this section is deprecated and has moved to includes/clientside/static/enano-lib-basic.js.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   485
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   486
    case "rdns":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   487
      if(!$session->get_permissions('mod_misc')) die('Go somewhere else for your reverse DNS info!');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   488
      $ip = $_GET['ip'];
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   489
      $rdns = gethostbyaddr($ip);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   490
      if($rdns == $ip) echo 'Unable to get reverse DNS information. Perhaps the DNS server is down or the PTR record no longer exists.';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   491
      else echo $rdns;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   492
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   493
    case 'acljson':
592
27377179fe58 Another sweep from the optimization monster.
Dan
parents: 555
diff changeset
   494
      require_once(ENANO_ROOT.'/includes/pageutils.php');
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   495
      $parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   496
      echo PageUtils::acl_json($parms);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   497
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   498
    case "change_theme":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   499
      if ( !isset($_POST['theme_id']) || !isset($_POST['style_id']) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   500
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   501
        die('Invalid input');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   502
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   503
      if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme_id']) || !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style_id']) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   504
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   505
        die('Invalid input');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   506
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   507
      if ( !file_exists(ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css') )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   508
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   509
        die('Can\'t find theme file: ' . ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   510
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   511
      if ( !$session->user_logged_in )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   512
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   513
        die('You must be logged in to change your theme');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   514
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   515
      // Just in case something slipped through...
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   516
      $theme_id = $db->escape($_POST['theme_id']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   517
      $style_id = $db->escape($_POST['style_id']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   518
      $e = $db->sql_query('UPDATE ' . table_prefix . "users SET theme='$theme_id', style='$style_id' WHERE user_id=$session->user_id;");
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   519
      if ( !$e )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   520
        die( $db->get_error() );
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   521
      die('GOOD');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   522
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   523
    case 'get_tags':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   524
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   525
      $ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   526
      $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user_id FROM '.table_prefix.'tags AS t
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   527
        LEFT JOIN '.table_prefix.'page_groups AS pg
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   528
          ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   529
        WHERE t.page_id=\'' . $db->escape($paths->page_id) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   530
      if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   531
        $db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   532
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   533
      while ( $row = $db->fetchrow() )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   534
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   535
        $can_del = true;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   536
        
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   537
        $perm = ( $row['user_id'] != $session->user_id ) ?
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   538
                'tag_delete_other' :
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   539
                'tag_delete_own';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   540
        
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   541
        if ( $row['user_id'] == 1 && !$session->user_logged_in )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   542
          // anonymous user trying to delete tag (hardcode blacklisted)
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   543
          $can_del = false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   544
          
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   545
        if ( !$session->get_permissions($perm) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   546
          $can_del = false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   547
        
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   548
        if ( $row['used_in_acl'] == 1 && !$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   549
          $can_del = false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   550
        
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   551
        $ret['tags'][] = array(
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   552
          'id' => $row['tag_id'],
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   553
          'name' => $row['tag_name'],
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   554
          'can_del' => $can_del,
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   555
          'acl' => ( $row['used_in_acl'] == 1 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   556
        );
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   557
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   558
      
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 326
diff changeset
   559
      echo enano_json_encode($ret);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   560
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   561
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   562
    case 'addtag':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   563
      $resp = array(
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   564
          'success' => false,
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   565
          'error' => 'No error',
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   566
          'can_del' => ( $session->get_permissions('tag_delete_own') && $session->user_logged_in ),
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   567
          'in_acl' => false
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   568
        );
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   569
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   570
      // first of course, are we allowed to tag pages?
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   571
      if ( !$session->get_permissions('tag_create') )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   572
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   573
        $resp['error'] = 'You are not permitted to tag pages.';
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 326
diff changeset
   574
        die(enano_json_encode($resp));
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   575
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   576
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   577
      // sanitize the tag name
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   578
      $tag = sanitize_tag($_POST['tag']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   579
      $tag = $db->escape($tag);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   580
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   581
      if ( strlen($tag) < 2 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   582
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   583
        $resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.';
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 326
diff changeset
   584
        die(enano_json_encode($resp));
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   585
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   586
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   587
      // check if tag is already on page
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   588
      $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';');
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   589
      if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   590
        $db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   591
      if ( $db->numrows() > 0 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   592
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   593
        $resp['error'] = 'This page already has this tag.';
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 326
diff changeset
   594
        die(enano_json_encode($resp));
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   595
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   596
      $db->free_result();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   597
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   598
      // tricky: make sure this tag isn't being used in some page group, and thus adding it could affect page access
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   599
      $can_edit_acl = ( $session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN );
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   600
      $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'page_groups WHERE pg_type=' . PAGE_GRP_TAGGED . ' AND pg_target=\'' . $tag . '\';');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   601
      if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   602
        $db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   603
      if ( $db->numrows() > 0 && !$can_edit_acl )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   604
      {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   605
        $resp['error'] = 'This tag is used in an ACL page group, and thus can\'t be added to a page by people without administrator privileges.';
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 326
diff changeset
   606
        die(enano_json_encode($resp));
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   607
      }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   608
      $resp['in_acl'] = ( $db->numrows() > 0 );
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   609
      $db->free_result();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   610
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   611
      // we're good
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   612
      $q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user_id) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->page_id) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   613
      if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   614
        $db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   615
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   616
      $resp['success'] = true;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   617
      $resp['tag'] = $tag;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   618
      $resp['tag_id'] = $db->insert_id();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   619
      
334
c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files.
Dan
parents: 326
diff changeset
   620
      echo enano_json_encode($resp);
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   621
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   622
    case 'deltag':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   623
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   624
      $tag_id = intval($_POST['tag_id']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   625
      if ( empty($tag_id) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   626
        die('Invalid tag ID');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   627
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   628
      $q = $db->sql_query('SELECT t.tag_id, t.user_id, t.page_id, t.namespace, pg.pg_target IS NOT NULL AS used_in_acl FROM '.table_prefix.'tags AS t
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   629
  LEFT JOIN '.table_prefix.'page_groups AS pg
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   630
    ON ( pg.pg_id IS NULL OR ( pg.pg_target = t.tag_name AND pg.pg_type = ' . PAGE_GRP_TAGGED . ' ) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   631
  WHERE t.tag_id=' . $tag_id . ';');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   632
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   633
      if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   634
        $db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   635
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   636
      if ( $db->numrows() < 1 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   637
        die('Could not find a tag with that ID');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   638
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   639
      $row = $db->fetchrow();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   640
      $db->free_result();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   641
      
324
16d0c9f33466 Merging in a few stray changes from the MySQL branch
Dan
parents: 322 321
diff changeset
   642
      if ( $row['page_id'] == $paths->page_id && $row['namespace'] == $paths->namespace )
321
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   643
        $perms =& $session;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   644
      else
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   645
        $perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   646
        
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   647
      $perm = ( $row['user_id'] != $session->user_id ) ?
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   648
                'tag_delete_other' :
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   649
                'tag_delete_own';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   650
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   651
      if ( $row['user_id'] == 1 && !$session->user_logged_in )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   652
        // anonymous user trying to delete tag (hardcode blacklisted)
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   653
        die('You are not authorized to delete this tag.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   654
        
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   655
      if ( !$perms->get_permissions($perm) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   656
        die('You are not authorized to delete this tag.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   657
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   658
      if ( $row['used_in_acl'] == 1 && !$perms->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   659
        die('You are not authorized to delete this tag.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   660
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   661
      // We're good
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   662
      $q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE tag_id = ' . $tag_id . ';');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   663
      if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   664
        $db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   665
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   666
      echo 'success';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   667
      
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   668
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   669
    case 'ping':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   670
      echo 'pong';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   671
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   672
    default:
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   673
      die('Hacking attempt');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   674
      break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   675
  }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection
Dan
parents: 320
diff changeset
   676
  
0
902822492a68 Initial population
dan@scribus.fuhry.local.fuhry.local
parents:
diff changeset
   677
?>