Enano CMS (1.1.x): ajax.php@7365c9bf2106 (annotated)

321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	1	<?php
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	2
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	3	/*
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	4	* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
1081 745200a9cc2a Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7 Dan parents: 1068 diff changeset	5	* Copyright (C) 2006-2009 Dan Fuhry
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	6	*
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	7	* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	8	* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	9	*
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	10	* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	11	* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	12	*/
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	13
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	14	define('ENANO_INTERFACE_AJAX', '');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	15
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	16	require('includes/common.php');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	17
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	18	global $db, $session, $paths, $template, $plugins; // Common objects
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	19	if(!isset($_GET['_mode'])) die('This script cannot be accessed directly.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	20
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	21	$_ob = '';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	22
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	23	switch($_GET['_mode']) {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	24	case "checkusername":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	25	require_once(ENANO_ROOT.'/includes/pageutils.php');
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	26	echo PageUtils::checkusername($_GET['name']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	27	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	28	case "getsource":
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	29	header('Content-type: text/plain');
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	30	$password = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
408 7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	31	$revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0;
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	32	$page = new PageProcessor($paths->page_id, $paths->namespace, $revid);
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	33	$page->password = $password;
800 9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY]. Dan parents: 714 diff changeset	34
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	35	$have_draft = false;
1161 9c0c519066ac Drafts saved on nonexistent pages now show up. Fixes issue 7. Dan parents: 1108 diff changeset	36	// Kinda hacky fix for issue 7: draft restore not offered for nonexistent pages
1162 daa091452877 Crap, broke page editing. Fixed it. Dan parents: 1161 diff changeset	37	if ( ($src = $page->fetch_source()) \|\| !$page->exists() )
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	38	{
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	39	$allowed = true;
832 7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	40	$q = $db->sql_query('SELECT author, time_id, page_text, edit_summary, page_format FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	41	AND page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	42	AND namespace = \'' . $db->escape($paths->namespace) . '\'
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	43	AND is_draft = 1;');
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	44	if ( !$q )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	45	$db->die_json();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	46
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	47	if ( $db->numrows() > 0 )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	48	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	49	$have_draft = true;
419 b8b4e38825db Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links. Dan parents: 417 diff changeset	50	$draft_row = $db->fetchrow($q);
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	51	}
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	52	}
325 e17cc42d77cf Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses Dan parents: 324 diff changeset	53	else if ( $src !== false )
e17cc42d77cf Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses Dan parents: 324 diff changeset	54	{
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	55	$allowed = true;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	56	$src = '';
325 e17cc42d77cf Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses Dan parents: 324 diff changeset	57	}
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	58	else
16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	59	{
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	60	$allowed = false;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	61	$src = '';
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	62	}
336 bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	63
1102 faef5e62e1e0 Fixed a couple bugs with read-only mode and protected pages in the AJAX editor Dan parents: 1068 diff changeset	64	$auth_edit = ( $session->get_permissions('edit_page') && ( $session->get_permissions('even_when_protected') \|\| !$page->ns->page_protected ) );
387 92664d2efab8 Rebranded source code as 1.1.1; added TinyMCE ACL rule as per Vadi's request: http://forum.enanocms.org/viewtopic.php?f=7&t=54 Dan parents: 378 diff changeset	65	$auth_wysiwyg = ( $session->get_permissions('edit_wysiwyg') );
336 bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	66
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	67	$return = array(
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	68	'mode' => 'editor',
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	69	'src' => $src,
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	70	'auth_view_source' => $allowed,
336 bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	71	'auth_edit' => $auth_edit,
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	72	'time' => time(),
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	73	'require_captcha' => false,
408 7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	74	'allow_wysiwyg' => $auth_wysiwyg,
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	75	'revid' => $revid,
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	76	'have_draft' => false
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	77	);
336 bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	78
1108 c1be67a50d81 Removed the $userpage parameter from Namespace_Default::error_404(). It screwed up a couple plugins. (Thanks Mazza for discovering the issue) Dan parents: 1103 diff changeset	79	$return['page_format'] = $page->ns->cdata['page_format'];
832 7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	80	if ( $return['page_format'] == 'xhtml' )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	81	{
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	82	// gently process headings to make tinymce format them correctly
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	83	if ( preg_match_all('/^ ?(={1,6}) (.+?) \\1 $/m', $return['src'], $matches) )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	84	{
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	85	foreach ( $matches[0] as $i => $match )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	86	{
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	87	$hi = strlen($matches[1][$i]);
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	88	$heading = "<h{$hi}>{$matches[2][$i]}</h{$hi}>";
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	89	$return['src'] = str_replace_once($match, $heading, $return['src']);
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	90	}
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	91	}
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	92	}
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	93
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	94	if ( $have_draft )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	95	{
419 b8b4e38825db Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links. Dan parents: 417 diff changeset	96	$row =& $draft_row;
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	97	$return['have_draft'] = true;
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	98	$return['draft_author'] = $row['author'];
1081 745200a9cc2a Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7 Dan parents: 1068 diff changeset	99	$return['draft_time'] = enano_date(ED_DATE \| ED_TIME, intval($row['time_id']));
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	100	if ( isset($_GET['get_draft']) && @$_GET['get_draft'] === '1' )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	101	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	102	$return['src'] = $row['page_text'];
417 b76ebe229548 Edit summary should now be carried over when a draft is restored Dan parents: 416 diff changeset	103	$return['edit_summary'] = $row['edit_summary'];
832 7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	104	$return['page_format'] = $row['page_format'];
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	105	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	106	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	107
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	108	$return['undo_info'] = array();
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	109
408 7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	110	if ( $revid > 0 )
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	111	{
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	112	// Retrieve information about this revision and the current one
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	113	$q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	114	LEFT JOIN ' . table_prefix . 'logs AS l2
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	115	ON ( l2.log_id = ' . $revid . '
408 7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	116	AND l2.log_type = \'page\'
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	117	AND l2.action = \'edit\'
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	118	AND l2.page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	119	AND l2.namespace = \'' . $db->escape($paths->namespace) . '\'
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	120	AND l2.is_draft != 1
408 7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	121	)
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	122	WHERE l1.log_type = \'page\'
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	123	AND l1.action = \'edit\'
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	124	AND l1.page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	125	AND l1.namespace = \'' . $db->escape($paths->namespace) . '\'
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	126	AND l1.time_id > ' . $page->revision_time . '
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	127	AND l1.is_draft != 1
408 7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	128	ORDER BY l1.time_id DESC;');
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	129	if ( !$q )
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	130	$db->die_json();
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	131
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	132	if ( $db->numrows() > 0 )
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	133	{
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	134	$rev_count = $db->numrows() - 1;
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	135	if ( $rev_count == -1 )
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	136	{
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	137	$return = array(
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	138	'mode' => 'error',
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	139	'error' => '[Internal] No rows returned by revision info query. SQL:<pre>' . $db->latest_query . '</pre>'
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	140	);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	141	}
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	142	else
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	143	{
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	144	$row = $db->fetchrow();
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	145	$return['undo_info'] = array(
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	146	'old_author' => $row['oldrev_author'],
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	147	'current_author' => $row['currentrev_author'],
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	148	'undo_count' => $rev_count
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	149	);
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	150	}
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	151	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	152	else
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	153	{
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	154	$return['revid'] = $revid = 0;
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	155	}
408 7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	156	}
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	157
336 bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	158	if ( $auth_edit && !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	159	{
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	160	$return['require_captcha'] = true;
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	161	$return['captcha_id'] = $session->make_captcha();
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	162	}
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	163
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	164	$template->load_theme();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	165	$return['toolbar_templates'] = $template->extract_vars('toolbar.tpl');
1068 4bcefa85649c Editor: completely moved wiki edit notice to AJAX fetch, so it's not shipped with the page anymore. Dan parents: 1017 diff changeset	166	$return['edit_notice'] = $template->get_wiki_edit_notice();
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	167
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	168	echo enano_json_encode($return);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	169	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	170	case "getpage":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	171	// echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
800 9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY]. Dan parents: 714 diff changeset	172	$output = new Output_Striptease();
9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY]. Dan parents: 714 diff changeset	173
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	174	$revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	175	$page = new PageProcessor( $paths->page_id, $paths->namespace, $revision_id );
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	176
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	177	$pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : '';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	178	$page->password = $pagepass;
963 b572ce1114f1 Wikitext redirects should work again + get_redirect() added to Namespace_* to allow plugins to extend Dan parents: 880 diff changeset	179	$page->allow_redir = ( !isset($_GET['redirect']) \|\| (isset($_GET['redirect']) && $_GET['redirect'] !== 'no') );
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	180
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	181	$page->send();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	182	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	183	case "savepage":
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	184	/* ** OBSOLETE ** */
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	185
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	186	break;
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	187	case "savepage_json":
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	188	header('Content-type: application/json');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	189	if ( !isset($_POST['r']) )
550 685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	190	die('Invalid request');
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	191
880 218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now Dan parents: 870 diff changeset	192	try
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now Dan parents: 870 diff changeset	193	{
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now Dan parents: 870 diff changeset	194	$request = enano_json_decode($_POST['r']);
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now Dan parents: 870 diff changeset	195	if ( !isset($request['src']) \|\| !isset($request['summary']) \|\| !isset($request['minor_edit']) \|\| !isset($request['time']) \|\| !isset($request['draft']) )
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now Dan parents: 870 diff changeset	196	die('Invalid request');
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now Dan parents: 870 diff changeset	197	}
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now Dan parents: 870 diff changeset	198	catch(Zend_Json_Exception $e)
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now Dan parents: 870 diff changeset	199	{
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now Dan parents: 870 diff changeset	200	die("JSON parsing failed. View as HTML to see full report.\n<br /><br />\n<pre>" . htmlspecialchars(strval($e)) . "</pre><br />Request: <pre>" . htmlspecialchars($_POST['r']) . "</pre>");
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now Dan parents: 870 diff changeset	201	}
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	202
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	203	$time = intval($request['time']);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	204
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	205	if ( $request['draft'] )
336 bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	206	{
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	207	//
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	208	// The user wants to save a draft version of the page.
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	209	//
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	210
550 685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	211	// Validate permissions
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	212	if ( !$session->get_permissions('edit_page') )
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	213	{
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	214	$return = array(
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	215	'mode' => 'error',
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	216	'error' => 'access_denied'
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	217	);
550 685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	218	}
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	219	else
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	220	{
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	221	// Delete any draft copies if they exist
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	222	$q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	223	AND page_id = \'' . $db->escape($paths->page_id) . '\'
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	224	AND namespace = \'' . $db->escape($paths->namespace) . '\'
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	225	AND is_draft = 1;');
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	226	if ( !$q )
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	227	$db->die_json();
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	228
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	229	// are we just supposed to delete the draft?
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	230	if ( $request['src'] === -1 )
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	231	{
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	232	$return = array(
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	233	'mode' => 'success',
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	234	'is_draft' => 'delete'
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	235	);
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	236	}
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	237	else
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	238	{
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	239	$src = RenderMan::preprocess_text($request['src'], false, false);
832 7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	240	$draft_format = $request['format'];
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	241	if ( !in_array($draft_format, array('xhtml', 'wikitext')) )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	242	{
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	243	$return = array(
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	244	'mode' => 'error',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	245	'error' => 'invalid_format'
550 685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	246	);
832 7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	247	}
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	248	else
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	249	{
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	250	// Save the draft
1175 1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6. Dan parents: 1162 diff changeset	251	$q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs ( log_type, action, page_id, namespace, author, author_uid, edit_summary, page_text, is_draft, time_id, page_format )
832 7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	252	VALUES (
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	253	\'page\',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	254	\'edit\',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	255	\'' . $db->escape($paths->page_id) . '\',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	256	\'' . $db->escape($paths->namespace) . '\',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	257	\'' . $db->escape($session->username) . '\',
1175 1e2c9819ede3 Logs: Fully integrated an author_uid column. Logs are now linked by user ID instead of just username, so they survive username changes better. Database is changed. Fixes issue 6. Dan parents: 1162 diff changeset	258	' . $session->user_id . ',
832 7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	259	\'' . $db->escape($request['summary']) . '\',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	260	\'' . $db->escape($src) . '\',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	261	1,
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	262	' . time() . ',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	263	\'' . $draft_format . '\'
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	264	);');
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	265
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	266	// Done!
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	267	$return = array(
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	268	'mode' => 'success',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	269	'is_draft' => true
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	270	);
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	271	}
550 685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	272	}
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	273	}
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	274	}
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	275	else
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	276	{
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	277	// Verify that no edits have been made since the editor was requested
416 53fcdf309a82 [Minor] Fixed obsolete trigger upon attempt at page save after draft autosave Dan parents: 413 diff changeset	278	$q = $db->sql_query('SELECT time_id, author FROM ' . table_prefix . "logs WHERE log_type = 'page' AND action = 'edit' AND page_id = '{$paths->page_id}' AND namespace = '{$paths->namespace}' AND is_draft != 1 ORDER BY time_id DESC LIMIT 1;");
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	279	if ( !$q )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	280	$db->die_json();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	281
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	282	$row = $db->fetchrow();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	283	$db->free_result();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	284
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	285	if ( $row['time_id'] > $time )
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	286	{
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	287	$return = array(
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	288	'mode' => 'obsolete',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	289	'author' => $row['author'],
1081 745200a9cc2a Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7 Dan parents: 1068 diff changeset	290	'date_string' => enano_date(ED_DATE \| ED_TIME, $row['time_id']),
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	291	'time' => $row['time_id'] // time() ???
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	292	);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	293	echo enano_json_encode($return);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	294	break;
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	295	}
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	296
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	297	// Verify captcha, if needed
555 ac4c6a7f01d8 Added user preference for disabling visual effects in Javascript applets; added re-import button to installed plugins Dan parents: 550 diff changeset	298	if ( false && !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
336 bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	299	{
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	300	if ( !isset($request['captcha_id']) \|\| !isset($request['captcha_code']) )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	301	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	302	die('Invalid request, need captcha metadata');
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	303	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	304	$code_correct = strtolower($session->get_captcha($request['captcha_id']));
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	305	$code_input = strtolower($request['captcha_code']);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	306	if ( $code_correct !== $code_input )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	307	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	308	$return = array(
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	309	'mode' => 'errors',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	310	'errors' => array($lang->get('editor_err_captcha_wrong')),
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	311	'new_captcha' => $session->make_captcha()
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	312	);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	313	echo enano_json_encode($return);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	314	break;
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	315	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	316	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	317
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	318	// Verification complete. Start the PageProcessor and let it do the dirty work for us.
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	319	$page = new PageProcessor($paths->page_id, $paths->namespace);
832 7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	320	if ( $page->update_page($request['src'], $request['summary'], ( $request['minor_edit'] == 1 ), $request['format']) )
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	321	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	322	$return = array(
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	323	'mode' => 'success',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	324	'is_draft' => false
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	325	);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	326	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	327	else
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	328	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	329	$errors = array();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	330	while ( $err = $page->pop_error() )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	331	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	332	$errors[] = $err;
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	333	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	334	$return = array(
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	335	'mode' => 'errors',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	336	'errors' => array_values($errors)
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	337	);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	338	if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	339	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	340	$return['new_captcha'] = $session->make_captcha();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	341	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	342	}
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	343	}
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	344
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	345	// If this is based on a draft version, delete the draft - we no longer need it.
472 bc4b58034f4d Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug Dan parents: 468 diff changeset	346	if ( @$request['used_draft'] && !$request['draft'] )
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	347	{
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	348	$q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	349	AND page_id = \'' . $db->escape($paths->page_id) . '\'
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	350	AND namespace = \'' . $db->escape($paths->namespace) . '\'
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	351	AND is_draft = 1;');
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	352	}
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	353
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	354	echo enano_json_encode($return);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	355
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	356	break;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	357	case "diff_cur":
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	358
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	359	// Lie about our content type to fool ad scripts
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	360	header('Content-type: application/xhtml+xml');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	361
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	362	if ( !isset($_POST['text']) )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	363	die('Invalid request');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	364
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	365	$page = new PageProcessor($paths->page_id, $paths->namespace);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	366	if ( !($src = $page->fetch_source()) )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	367	{
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	368	die('Access denied');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	369	}
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	370
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	371	$diff = RenderMan::diff($src, $_POST['text']);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	372	if ( $diff == '<table class="diff"></table>' )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	373	{
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	374	$diff = '<p>' . $lang->get('editor_msg_diff_empty') . '</p>';
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	375	}
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	376
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	377	echo '<div class="info-box">' . $lang->get('editor_msg_diff') . '</div>';
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	378	echo $diff;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	379
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	380	break;
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	381	case "protect":
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	382	// echo PageUtils::protect($paths->page_id, $paths->namespace, (int)$_POST['level'], $_POST['reason']);
481 07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface Dan parents: 472 diff changeset	383
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface Dan parents: 472 diff changeset	384	if ( @$_POST['reason'] === '__ROLLBACK__' )
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface Dan parents: 472 diff changeset	385	{
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface Dan parents: 472 diff changeset	386	// __ROLLBACK__ is a keyword for log entries.
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface Dan parents: 472 diff changeset	387	die('"__ROLLBACK__" ain\'t gonna do it, buddy. Try to _not_ use reserved keywords next time, ok?');
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface Dan parents: 472 diff changeset	388	}
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface Dan parents: 472 diff changeset	389
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	390	$page = new PageProcessor($paths->page_id, $paths->namespace);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	391	header('Content-type: application/json');
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	392
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	393	$result = $page->protect_page(intval($_POST['level']), $_POST['reason']);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	394	echo enano_json_encode($result);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	395	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	396	case "histlist":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	397	require_once(ENANO_ROOT.'/includes/pageutils.php');
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	398	echo PageUtils::histlist($paths->page_id, $paths->namespace);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	399	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	400	case "rollback":
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	401	$id = intval(@$_GET['id']);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	402	$page = new PageProcessor($paths->page_id, $paths->namespace);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	403	header('Content-type: application/json');
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	404
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	405	$result = $page->rollback_log_entry($id);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	406	echo enano_json_encode($result);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	407	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	408	case "comments":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	409	require_once(ENANO_ROOT.'/includes/comment.php');
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	410	$comments = new Comments($paths->page_id, $paths->namespace);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	411	if ( isset($_POST['data']) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	412	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	413	$comments->process_json($_POST['data']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	414	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	415	else
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	416	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	417	die('{ "mode" : "error", "error" : "No input" }');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	418	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	419	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	420	case "rename":
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	421	$page = new PageProcessor($paths->page_id, $paths->namespace);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	422	header('Content-type: application/json');
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	423
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	424	$result = $page->rename_page($_POST['newtitle']);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	425	echo enano_json_encode($result);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	426	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	427	case "flushlogs":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	428	require_once(ENANO_ROOT.'/includes/pageutils.php');
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	429	echo PageUtils::flushlogs($paths->page_id, $paths->namespace);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	430	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	431	case "deletepage":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	432	require_once(ENANO_ROOT.'/includes/pageutils.php');
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	433	$reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	434	if ( empty($reason) )
378 c1c7fa6b329f Got Enano to load even if there are no plugins; added caching for decrypted session keys to significantly improve performance (in theory at least) Dan parents: 345 diff changeset	435	die($lang->get('page_err_need_reason'));
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	436	echo PageUtils::deletepage($paths->page_id, $paths->namespace, $reason);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	437	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	438	case "delvote":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	439	require_once(ENANO_ROOT.'/includes/pageutils.php');
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	440	echo PageUtils::delvote($paths->page_id, $paths->namespace);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	441	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	442	case "resetdelvotes":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	443	require_once(ENANO_ROOT.'/includes/pageutils.php');
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	444	echo PageUtils::resetdelvotes($paths->page_id, $paths->namespace);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	445	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	446	case "getstyles":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	447	require_once(ENANO_ROOT.'/includes/pageutils.php');
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	448	echo PageUtils::getstyles($_GET['id']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	449	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	450	case "catedit":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	451	require_once(ENANO_ROOT.'/includes/pageutils.php');
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	452	echo PageUtils::catedit($paths->page_id, $paths->namespace);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	453	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	454	case "catsave":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	455	require_once(ENANO_ROOT.'/includes/pageutils.php');
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	456	echo PageUtils::catsave($paths->page_id, $paths->namespace, $_POST);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	457	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	458	case "setwikimode":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	459	require_once(ENANO_ROOT.'/includes/pageutils.php');
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	460	echo PageUtils::setwikimode($paths->page_id, $paths->namespace, (int)$_GET['mode']);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	461	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	462	case "setpass":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	463	require_once(ENANO_ROOT.'/includes/pageutils.php');
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	464	echo PageUtils::setpass($paths->page_id, $paths->namespace, $_POST['password']);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	465	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	466	case "fillusername":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	467	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	468	case "fillpagename":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	469	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	470	case "preview":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	471	require_once(ENANO_ROOT.'/includes/pageutils.php');
714 2f1706c4231f Fixed nonworking editor preview due to uninitialized template Dan parents: 685 diff changeset	472	$template->init_vars();
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	473	echo PageUtils::genPreview($_POST['text']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	474	break;
832 7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	475	case "transform":
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	476	header('Content-type: text/javascript');
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	477	if ( !isset($_GET['to']) )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	478	{
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	479	echo enano_json_encode(array(
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	480	'mode' => 'error',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	481	'error' => '"to" not specified'
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	482	));
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	483	break;
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	484	}
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	485	if ( !isset($_POST['text']) )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	486	{
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	487	echo enano_json_encode(array(
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	488	'mode' => 'error',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	489	'error' => '"text" not specified (must be on POST)'
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	490	));
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	491	break;
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	492	}
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	493	switch($_GET['to'])
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	494	{
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	495	case 'xhtml':
1108 c1be67a50d81 Removed the $userpage parameter from Namespace_Default::error_404(). It screwed up a couple plugins. (Thanks Mazza for discovering the issue) Dan parents: 1103 diff changeset	496	$result = RenderMan::render($_POST['text'], RENDER_BLOCK \| RENDER_NOSMILIES, false);
832 7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	497	break;
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	498	case 'wikitext':
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	499	$result = RenderMan::reverse_render($_POST['text']);
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	500	break;
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	501	default:
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	502	$text =& $_POST['text'];
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	503	$result = false;
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	504	$code = $plugins->setHook('ajax_transform');
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	505	foreach ( $code as $cmd )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	506	{
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	507	eval($cmd);
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	508	}
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	509	if ( !$result )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	510	{
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	511	echo enano_json_encode(array(
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	512	'mode' => 'error',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	513	'error' => 'Invalid target format'
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	514	));
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	515	break;
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	516	}
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	517	break;
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	518	}
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	519
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	520	// mostly for debugging, but I suppose this could be useful elsewhere.
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	521	if ( isset($_POST['plaintext']) )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	522	die($result);
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	523
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	524	echo enano_json_encode(array(
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	525	'mode' => 'transformed_text',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	526	'text' => $result
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	527	));
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	528	break;
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	529	case "pagediff":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	530	require_once(ENANO_ROOT.'/includes/pageutils.php');
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	531	$id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	532	$id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	533	if(!$id1 \|\| !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	534	if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) \|\|
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	535	!preg_match('#^([0-9]+)$#', (string)$_GET['diff2'] )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	536	echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	537	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	538	case "jsres":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	539	die('// ERROR: this section is deprecated and has moved to includes/clientside/static/enano-lib-basic.js.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	540	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	541	case "rdns":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	542	if(!$session->get_permissions('mod_misc')) die('Go somewhere else for your reverse DNS info!');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	543	$ip = $_GET['ip'];
1005 b7c7f7e2e93b AJAX rdns call now calls is_valid_ip() (security?) Dan parents: 968 diff changeset	544	if ( !is_valid_ip($ip) )
b7c7f7e2e93b AJAX rdns call now calls is_valid_ip() (security?) Dan parents: 968 diff changeset	545	{
b7c7f7e2e93b AJAX rdns call now calls is_valid_ip() (security?) Dan parents: 968 diff changeset	546	echo $lang->get('acpsl_err_invalid_ip');
b7c7f7e2e93b AJAX rdns call now calls is_valid_ip() (security?) Dan parents: 968 diff changeset	547	}
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	548	$rdns = gethostbyaddr($ip);
1005 b7c7f7e2e93b AJAX rdns call now calls is_valid_ip() (security?) Dan parents: 968 diff changeset	549	if ( $rdns == $ip )
b7c7f7e2e93b AJAX rdns call now calls is_valid_ip() (security?) Dan parents: 968 diff changeset	550	echo $lang->get('acpsl_err_ptr_no_resolve');
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	551	else echo $rdns;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	552	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	553	case 'acljson':
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	554	require_once(ENANO_ROOT.'/includes/pageutils.php');
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	555	$parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	556	echo PageUtils::acl_json($parms);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	557	break;
870 82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	558	case 'theme_list':
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	559	header('Content-type: application/json');
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	560
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	561	$return = array();
968 105a24b4de8f ajax: theme selector: no longer lists disallowed themes Dan parents: 963 diff changeset	562	foreach ( $template->theme_list as $theme )
870 82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	563	{
1017 d0d3da40c391 Theme selector: fixed disabled themes being displayed Dan parents: 1005 diff changeset	564	if ( $theme['enabled'] != 1 )
d0d3da40c391 Theme selector: fixed disabled themes being displayed Dan parents: 1005 diff changeset	565	continue;
d0d3da40c391 Theme selector: fixed disabled themes being displayed Dan parents: 1005 diff changeset	566
968 105a24b4de8f ajax: theme selector: no longer lists disallowed themes Dan parents: 963 diff changeset	567	$return[] = array(
105a24b4de8f ajax: theme selector: no longer lists disallowed themes Dan parents: 963 diff changeset	568	'theme_name' => $theme['theme_name'],
105a24b4de8f ajax: theme selector: no longer lists disallowed themes Dan parents: 963 diff changeset	569	'theme_id' => $theme['theme_id'],
105a24b4de8f ajax: theme selector: no longer lists disallowed themes Dan parents: 963 diff changeset	570	'have_thumb' => file_exists(ENANO_ROOT . "/themes/{$theme['theme_id']}/preview.png")
105a24b4de8f ajax: theme selector: no longer lists disallowed themes Dan parents: 963 diff changeset	571	);
870 82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	572	}
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	573
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	574	echo enano_json_encode($return);
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	575
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	576	break;
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	577	case "get_styles":
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	578	if ( !preg_match('/^[a-z0-9_-]+$/', $_GET['theme_id']) )
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	579	die(enano_json_encode(array()));
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	580
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	581	$theme_id = $_GET['theme_id'];
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	582	$return = array();
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	583
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	584	if ( $dr = @opendir(ENANO_ROOT . "/themes/$theme_id/css/") )
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	585	{
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	586	while ( $dh = @readdir($dr) )
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	587	{
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	588	if ( preg_match('/\.css$/', $dh) && $dh != '_printable.css' )
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	589	{
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	590	$return[] = preg_replace('/\.css$/', '', $dh);
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	591	}
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	592	}
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	593	}
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	594	else
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	595	{
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	596	$return = array(
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	597	'mode' => 'error',
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	598	'error' => 'Could not open directory.'
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	599	);
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	600	}
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	601	echo enano_json_encode($return);
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	602	break;
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	603	case "change_theme":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	604	if ( !isset($_POST['theme_id']) \|\| !isset($_POST['style_id']) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	605	{
870 82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	606	die(enano_json_encode(array('mode' => 'error', 'error' => 'Invalid parameter')));
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	607	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	608	if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme_id']) \|\| !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style_id']) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	609	{
870 82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	610	die(enano_json_encode(array('mode' => 'error', 'error' => 'Invalid parameter')));
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	611	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	612	if ( !file_exists(ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css') )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	613	{
870 82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	614	die(enano_json_encode(array('mode' => 'error', 'error' => 'Can\'t find theme file: ' . ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css')));;
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	615	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	616	if ( !$session->user_logged_in )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	617	{
870 82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	618	die(enano_json_encode(array('mode' => 'error', 'error' => 'You must be logged in to change your theme')));
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	619	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	620	// Just in case something slipped through...
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	621	$theme_id = $db->escape($_POST['theme_id']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	622	$style_id = $db->escape($_POST['style_id']);
870 82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	623	$e = $db->sql_query('UPDATE ' . table_prefix . "users SET theme = '$theme_id', style = '$style_id' WHERE user_id = $session->user_id;");
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	624	if ( !$e )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	625	die( $db->get_error() );
870 82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	626
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	627	echo enano_json_encode(array(
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	628	'success' => true
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	629	));
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	630	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	631	case 'get_tags':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	632
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	633	$ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	634	$q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user_id FROM '.table_prefix.'tags AS t
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	635	LEFT JOIN '.table_prefix.'page_groups AS pg
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	636	ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	637	WHERE t.page_id=\'' . $db->escape($paths->page_id) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	638	if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	639	$db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	640
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	641	while ( $row = $db->fetchrow() )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	642	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	643	$can_del = true;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	644
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	645	$perm = ( $row['user_id'] != $session->user_id ) ?
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	646	'tag_delete_other' :
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	647	'tag_delete_own';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	648
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	649	if ( $row['user_id'] == 1 && !$session->user_logged_in )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	650	// anonymous user trying to delete tag (hardcode blacklisted)
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	651	$can_del = false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	652
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	653	if ( !$session->get_permissions($perm) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	654	$can_del = false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	655
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	656	if ( $row['used_in_acl'] == 1 && !$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	657	$can_del = false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	658
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	659	$ret['tags'][] = array(
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	660	'id' => $row['tag_id'],
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	661	'name' => $row['tag_name'],
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	662	'can_del' => $can_del,
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	663	'acl' => ( $row['used_in_acl'] == 1 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	664	);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	665	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	666
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 326 diff changeset	667	echo enano_json_encode($ret);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	668
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	669	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	670	case 'addtag':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	671	$resp = array(
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	672	'success' => false,
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	673	'error' => 'No error',
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	674	'can_del' => ( $session->get_permissions('tag_delete_own') && $session->user_logged_in ),
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	675	'in_acl' => false
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	676	);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	677
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	678	// first of course, are we allowed to tag pages?
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	679	if ( !$session->get_permissions('tag_create') )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	680	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	681	$resp['error'] = 'You are not permitted to tag pages.';
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 326 diff changeset	682	die(enano_json_encode($resp));
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	683	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	684
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	685	// sanitize the tag name
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	686	$tag = sanitize_tag($_POST['tag']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	687	$tag = $db->escape($tag);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	688
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	689	if ( strlen($tag) < 2 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	690	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	691	$resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.';
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 326 diff changeset	692	die(enano_json_encode($resp));
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	693	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	694
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	695	// check if tag is already on page
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	696	$q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';');
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	697	if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	698	$db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	699	if ( $db->numrows() > 0 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	700	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	701	$resp['error'] = 'This page already has this tag.';
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 326 diff changeset	702	die(enano_json_encode($resp));
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	703	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	704	$db->free_result();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	705
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	706	// tricky: make sure this tag isn't being used in some page group, and thus adding it could affect page access
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	707	$can_edit_acl = ( $session->get_permissions('edit_acl') \|\| $session->user_level >= USER_LEVEL_ADMIN );
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	708	$q = $db->sql_query('SELECT 1 FROM '.table_prefix.'page_groups WHERE pg_type=' . PAGE_GRP_TAGGED . ' AND pg_target=\'' . $tag . '\';');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	709	if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	710	$db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	711	if ( $db->numrows() > 0 && !$can_edit_acl )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	712	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	713	$resp['error'] = 'This tag is used in an ACL page group, and thus can\'t be added to a page by people without administrator privileges.';
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 326 diff changeset	714	die(enano_json_encode($resp));
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	715	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	716	$resp['in_acl'] = ( $db->numrows() > 0 );
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	717	$db->free_result();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	718
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	719	// we're good
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	720	$q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user_id) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->page_id) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	721	if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	722	$db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	723
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	724	$resp['success'] = true;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	725	$resp['tag'] = $tag;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	726	$resp['tag_id'] = $db->insert_id();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	727
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 326 diff changeset	728	echo enano_json_encode($resp);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	729	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	730	case 'deltag':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	731
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	732	$tag_id = intval($_POST['tag_id']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	733	if ( empty($tag_id) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	734	die('Invalid tag ID');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	735
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	736	$q = $db->sql_query('SELECT t.tag_id, t.user_id, t.page_id, t.namespace, pg.pg_target IS NOT NULL AS used_in_acl FROM '.table_prefix.'tags AS t
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	737	LEFT JOIN '.table_prefix.'page_groups AS pg
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	738	ON ( pg.pg_id IS NULL OR ( pg.pg_target = t.tag_name AND pg.pg_type = ' . PAGE_GRP_TAGGED . ' ) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	739	WHERE t.tag_id=' . $tag_id . ';');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	740
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	741	if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	742	$db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	743
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	744	if ( $db->numrows() < 1 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	745	die('Could not find a tag with that ID');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	746
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	747	$row = $db->fetchrow();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	748	$db->free_result();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	749
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	750	if ( $row['page_id'] == $paths->page_id && $row['namespace'] == $paths->namespace )
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	751	$perms =& $session;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	752	else
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	753	$perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	754
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	755	$perm = ( $row['user_id'] != $session->user_id ) ?
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	756	'tag_delete_other' :
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	757	'tag_delete_own';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	758
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	759	if ( $row['user_id'] == 1 && !$session->user_logged_in )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	760	// anonymous user trying to delete tag (hardcode blacklisted)
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	761	die('You are not authorized to delete this tag.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	762
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	763	if ( !$perms->get_permissions($perm) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	764	die('You are not authorized to delete this tag.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	765
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	766	if ( $row['used_in_acl'] == 1 && !$perms->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	767	die('You are not authorized to delete this tag.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	768
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	769	// We're good
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	770	$q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE tag_id = ' . $tag_id . ';');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	771	if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	772	$db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	773
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	774	echo 'success';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	775
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	776	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	777	case 'ping':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	778	echo 'pong';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	779	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	780	default:
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	781	die('Hacking attempt');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	782	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	783	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	784
0 902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	785	?>

author	Dan Fuhry <dan@enanocms.org>
	Thu, 01 Jul 2010 18:24:11 -0400
branch	1.1.7-maintenance
changeset 1257	7365c9bf2106
parent 1175	1e2c9819ede3
child 1227	bdac73ed481e
permissions	-rw-r--r--