author | Dan |
Sun, 01 Jul 2007 14:19:20 -0400 | |
changeset 34 | 80f52593bee9 |
parent 32 | 4d87aad3c4c0 |
child 40 | 723bb7acf914 |
permissions | -rw-r--r-- |
1 | 1 |
/* |
2 |
* AJAX applets |
|
3 |
*/ |
|
4 |
||
5 |
function ajaxGet(uri, f) { |
|
6 |
if (window.XMLHttpRequest) { |
|
7 |
ajax = new XMLHttpRequest(); |
|
8 |
} else { |
|
9 |
if (window.ActiveXObject) { |
|
10 |
ajax = new ActiveXObject("Microsoft.XMLHTTP"); |
|
11 |
} else { |
|
12 |
alert('Enano client-side runtime error: No AJAX support, unable to continue'); |
|
13 |
return; |
|
14 |
} |
|
15 |
} |
|
16 |
ajax.onreadystatechange = f; |
|
17 |
ajax.open('GET', uri, true); |
|
18 |
ajax.setRequestHeader( "If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT" ); |
|
19 |
ajax.send(null); |
|
20 |
} |
|
21 |
||
22 |
function ajaxPost(uri, parms, f) { |
|
23 |
if (window.XMLHttpRequest) { |
|
24 |
ajax = new XMLHttpRequest(); |
|
25 |
} else { |
|
26 |
if (window.ActiveXObject) { |
|
27 |
ajax = new ActiveXObject("Microsoft.XMLHTTP"); |
|
28 |
} else { |
|
29 |
alert('Enano client-side runtime error: No AJAX support, unable to continue'); |
|
30 |
return; |
|
31 |
} |
|
32 |
} |
|
33 |
ajax.onreadystatechange = f; |
|
34 |
ajax.open('POST', uri, true); |
|
35 |
ajax.setRequestHeader("Content-type", "application/x-www-form-urlencoded"); |
|
36 |
ajax.setRequestHeader("Content-length", parms.length); |
|
37 |
ajax.setRequestHeader("Connection", "close"); |
|
38 |
ajax.send(parms); |
|
39 |
} |
|
40 |
||
41 |
function ajaxEscape(text) |
|
42 |
{ |
|
43 |
text = escape(text); |
|
44 |
text = text.replace(/\+/g, '%2B', text); |
|
45 |
return text; |
|
46 |
} |
|
47 |
||
48 |
// Page editor |
|
49 |
||
50 |
function ajaxEditor() { |
|
51 |
setAjaxLoading(); |
|
52 |
ajaxGet(stdAjaxPrefix+'&_mode=getsource', function() { |
|
53 |
if(ajax.readyState == 4) { |
|
54 |
unsetAjaxLoading(); |
|
55 |
if(edit_open) { |
|
56 |
c=confirm('Do you really want to revert your changes?'); |
|
57 |
if(!c) return; |
|
58 |
} |
|
59 |
edit_open = true; |
|
60 |
selectButtonMajor('article'); |
|
61 |
selectButtonMinor('edit'); |
|
62 |
if(in_array('ajaxEditArea', grippied_textareas)) |
|
63 |
{ |
|
64 |
// Allow the textarea grippifier to re-create the resizer control on the textarea |
|
65 |
grippied_textareas.pop(in_array('ajaxEditArea', grippied_textareas)); |
|
66 |
} |
|
67 |
disableUnload('If you do, any changes that you have made to this page will be lost.'); |
|
68 |
var switcher = ( readCookie('enano_editor_mode') == 'tinymce' ) ? |
|
69 |
'<a href="#" onclick="setEditorText(); return false;">wikitext editor</a> | graphical editor' : |
|
70 |
'wikitext editor | <a href="#" onclick="setEditorMCE(); return false;">graphical editor</a>' ; |
|
71 |
document.getElementById('ajaxEditContainer').innerHTML = '\ |
|
72 |
<div id="mdgPreviewContainer"></div> \ |
|
73 |
<span id="switcher">' + switcher + '</span><br />\ |
|
74 |
<form name="mdgAjaxEditor" method="get" action="#" onsubmit="ajaxSavePage(); return false;">\ |
|
75 |
<textarea id="ajaxEditArea" rows="20" cols="60" style="display: block; margin: 1em 0 1em 1em; width: 96.5%;">'+ajax.responseText+'</textarea><br />\ |
|
76 |
Edit summary: <input id="ajaxEditSummary" size="40" /><br />\ |
|
77 |
<input id="ajaxEditMinor" name="minor" type="checkbox" /> <label for="ajaxEditMinor">This is a minor edit</label><br />\ |
|
78 |
<a href="#" onclick="void(ajaxSavePage()); return false;">save changes</a> | <a href="#" onclick="void(ajaxShowPreview()); return false;">preview changes</a> | <a href="#" onclick="void(ajaxEditor()); return false;">revert changes</a> | <a href="#" onclick="void(ajaxDiscard()); return false;">discard changes</a> | <a href="#" onclick="ajaxWikiEditHelp(); return false;">formatting help</a>\ |
|
79 |
<br />\ |
|
80 |
'+editNotice+'\ |
|
81 |
</form>'; |
|
82 |
// initTextareas(); |
|
83 |
if(readCookie('enano_editor_mode') == 'tinymce') |
|
84 |
{ |
|
85 |
$('ajaxEditArea').switchToMCE(); |
|
86 |
} |
|
87 |
} |
|
88 |
}); |
|
89 |
} |
|
90 |
||
91 |
function setEditorMCE() |
|
92 |
{ |
|
93 |
$('ajaxEditArea').switchToMCE(); |
|
94 |
createCookie('enano_editor_mode', 'tinymce', 365); |
|
95 |
$('switcher').object.innerHTML = '<a href="#" onclick="setEditorText(); return false;">wikitext editor</a> | graphical editor'; |
|
96 |
} |
|
97 |
||
98 |
function setEditorText() |
|
99 |
{ |
|
100 |
$('ajaxEditArea').destroyMCE(); |
|
101 |
createCookie('enano_editor_mode', 'text', 365); |
|
102 |
$('switcher').object.innerHTML = 'wikitext editor | <a href="#" onclick="setEditorMCE(); return false;">graphical editor</a>'; |
|
103 |
} |
|
104 |
||
105 |
function ajaxViewSource() { |
|
106 |
setAjaxLoading(); |
|
107 |
ajaxGet(stdAjaxPrefix+'&_mode=getsource', function() { |
|
108 |
if(ajax.readyState == 4) { |
|
109 |
unsetAjaxLoading(); |
|
110 |
if(edit_open) { |
|
111 |
c=confirm('Do you really want to revert your changes?'); |
|
112 |
if(!c) return; |
|
113 |
} |
|
114 |
edit_open = true; |
|
115 |
selectButtonMajor('article'); |
|
116 |
selectButtonMinor('edit'); |
|
117 |
if(in_array('ajaxEditArea', grippied_textareas)) |
|
118 |
{ |
|
119 |
// Allow the textarea grippifier to re-create the resizer control on the textarea |
|
120 |
grippied_textareas.pop(in_array('ajaxEditArea', grippied_textareas)); |
|
121 |
} |
|
122 |
document.getElementById('ajaxEditContainer').innerHTML = '\ |
|
123 |
<form method="get" action="#" onsubmit="ajaxSavePage(); return false;">\ |
|
124 |
<textarea readonly="readonly" id="ajaxEditArea" rows="20" cols="60" style="display: block; margin: 1em 0 1em 1em; width: 96.5%;">'+ajax.responseText+'</textarea><br />\ |
|
125 |
<a href="#" onclick="void(ajaxReset()); return false;">close viewer</a>\ |
|
126 |
</form>'; |
|
127 |
initTextareas(); |
|
128 |
} |
|
129 |
}); |
|
130 |
} |
|
131 |
||
132 |
function ajaxShowPreview() |
|
133 |
{ |
|
134 |
goBusy('Loading preview...'); |
|
135 |
var text = ajaxEscape($('ajaxEditArea').getContent()); |
|
136 |
if(document.mdgAjaxEditor.minor.checked) minor='&minor'; |
|
137 |
else minor=''; |
|
138 |
ajaxPost(stdAjaxPrefix+'&_mode=preview', 'summary='+document.getElementById('ajaxEditSummary').value+minor+'&text='+text, function() { |
|
139 |
if(ajax.readyState == 4) { |
|
140 |
unBusy(); |
|
141 |
edit_open = false; |
|
142 |
document.getElementById('mdgPreviewContainer').innerHTML = ajax.responseText; |
|
143 |
} |
|
144 |
}); |
|
145 |
} |
|
146 |
||
147 |
function ajaxSavePage() { |
|
148 |
goBusy('Saving page...'); |
|
149 |
var text = ajaxEscape($('ajaxEditArea').getContent()); |
|
150 |
if(document.mdgAjaxEditor.minor.checked) minor='&minor'; |
|
151 |
else minor=''; |
|
152 |
ajaxPost(stdAjaxPrefix+'&_mode=savepage', 'summary='+document.getElementById('ajaxEditSummary').value+minor+'&text='+text, function() { |
|
153 |
if(ajax.readyState == 4) { |
|
154 |
unBusy(); |
|
155 |
edit_open = false; |
|
156 |
document.getElementById('ajaxEditContainer').innerHTML = ajax.responseText; |
|
157 |
enableUnload(); |
|
158 |
unselectAllButtonsMinor(); |
|
159 |
} |
|
160 |
}); |
|
161 |
} |
|
162 |
||
163 |
function ajaxDiscard() { |
|
164 |
c = confirm('Do you really want to discard your changes?'); |
|
165 |
if(!c) return; |
|
166 |
ajaxReset(); |
|
167 |
} |
|
168 |
||
169 |
function ajaxReset() { |
|
170 |
enableUnload(); |
|
171 |
setAjaxLoading(); |
|
172 |
ajaxGet(stdAjaxPrefix+'&_mode=getpage&noheaders', function() { |
|
173 |
if(ajax.readyState == 4) { |
|
174 |
unsetAjaxLoading(); |
|
175 |
edit_open = false; |
|
176 |
document.getElementById('ajaxEditContainer').innerHTML = ajax.responseText; |
|
177 |
selectButtonMajor('article'); |
|
178 |
unselectAllButtonsMinor(); |
|
179 |
} |
|
180 |
}); |
|
181 |
} |
|
182 |
||
183 |
// Miscellaneous AJAX applets |
|
184 |
||
185 |
function ajaxProtect(l) { |
|
186 |
if(shift) { |
|
187 |
r = 'NO_REASON'; |
|
188 |
} else { |
|
189 |
r = prompt('Reason for (un)protecting:'); |
|
190 |
if(!r || r=='') return; |
|
191 |
} |
|
192 |
setAjaxLoading(); |
|
193 |
document.getElementById('protbtn_0').style.textDecoration = 'none'; |
|
194 |
document.getElementById('protbtn_1').style.textDecoration = 'none'; |
|
195 |
document.getElementById('protbtn_2').style.textDecoration = 'none'; |
|
196 |
document.getElementById('protbtn_'+l).style.textDecoration = 'underline'; |
|
197 |
ajaxPost(stdAjaxPrefix+'&_mode=protect', 'reason='+escape(r)+'&level='+l, function() { |
|
198 |
if(ajax.readyState == 4) { |
|
199 |
unsetAjaxLoading(); |
|
200 |
if(ajax.responseText != 'good') |
|
201 |
alert(ajax.responseText); |
|
202 |
} |
|
203 |
}); |
|
204 |
} |
|
205 |
||
206 |
function ajaxRename() { |
|
207 |
r = prompt('What title should this page be renamed to?\nNote: This does not and will never change the URL of this page, that must be done from the admin panel.'); |
|
208 |
if(!r || r=='') return; |
|
209 |
setAjaxLoading(); |
|
210 |
ajaxPost(stdAjaxPrefix+'&_mode=rename', 'newtitle='+escape(r), function() { |
|
211 |
if(ajax.readyState == 4) { |
|
212 |
unsetAjaxLoading(); |
|
213 |
alert(ajax.responseText); |
|
214 |
} |
|
215 |
}); |
|
216 |
} |
|
217 |
||
218 |
function ajaxMakePage() { |
|
219 |
setAjaxLoading(); |
|
220 |
ajaxPost(ENANO_SPECIAL_CREATEPAGE, ENANO_CREATEPAGE_PARAMS, function() { |
|
221 |
if(ajax.readyState == 4) { |
|
222 |
unsetAjaxLoading(); |
|
223 |
window.location.reload(); |
|
224 |
} |
|
225 |
}); |
|
226 |
} |
|
227 |
||
228 |
function ajaxDeletePage() { |
|
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
229 |
var reason = prompt('Please enter your reason for deleting this page.'); |
28 | 230 |
if ( !reason || reason == '' ) |
231 |
{ |
|
232 |
return false; |
|
233 |
} |
|
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
parents:
30
diff
changeset
|
234 |
c = confirm('You are about to REVERSIBLY delete this page. Do you REALLY want to do this?\n\n(Comments and categorization data, as well as any attached files, will be permanently lost)'); |
28 | 235 |
if(!c) |
236 |
{ |
|
237 |
return; |
|
238 |
} |
|
1 | 239 |
setAjaxLoading(); |
28 | 240 |
ajaxPost(stdAjaxPrefix+'&_mode=deletepage', 'reason=' + escape(reason), function() { |
1 | 241 |
if(ajax.readyState == 4) { |
242 |
unsetAjaxLoading(); |
|
243 |
alert(ajax.responseText); |
|
244 |
window.location.reload(); |
|
245 |
} |
|
246 |
}); |
|
247 |
} |
|
248 |
||
249 |
function ajaxDelVote() { |
|
250 |
c = confirm('Are you sure that you want to vote that this page be deleted?'); |
|
251 |
if(!c) return; |
|
252 |
setAjaxLoading(); |
|
253 |
ajaxGet(stdAjaxPrefix+'&_mode=delvote', function() { |
|
254 |
if(ajax.readyState == 4) { |
|
255 |
unsetAjaxLoading(); |
|
256 |
alert(ajax.responseText); |
|
257 |
} |
|
258 |
}); |
|
259 |
} |
|
260 |
||
261 |
function ajaxResetDelVotes() { |
|
262 |
c = confirm('This will reset the number of votes against this page to zero. Do you really want to do this?'); |
|
263 |
if(!c) return; |
|
264 |
setAjaxLoading(); |
|
265 |
ajaxGet(stdAjaxPrefix+'&_mode=resetdelvotes', function() { |
|
266 |
if(ajax.readyState == 4) { |
|
267 |
unsetAjaxLoading(); |
|
268 |
alert(ajax.responseText); |
|
269 |
item = document.getElementById('mdgDeleteVoteNoticeBox'); |
|
270 |
if(item) |
|
271 |
{ |
|
272 |
opacity('mdgDeleteVoteNoticeBox', 100, 0, 1000); |
|
273 |
setTimeout("document.getElementById('mdgDeleteVoteNoticeBox').style.display = 'none';", 1000); |
|
274 |
} |
|
275 |
} |
|
276 |
}); |
|
277 |
} |
|
278 |
||
279 |
function ajaxSetWikiMode(val) { |
|
280 |
setAjaxLoading(); |
|
281 |
document.getElementById('wikibtn_0').style.textDecoration = 'none'; |
|
282 |
document.getElementById('wikibtn_1').style.textDecoration = 'none'; |
|
283 |
document.getElementById('wikibtn_2').style.textDecoration = 'none'; |
|
284 |
document.getElementById('wikibtn_'+val).style.textDecoration = 'underline'; |
|
285 |
ajaxGet(stdAjaxPrefix+'&_mode=setwikimode&mode='+val, function() { |
|
286 |
if(ajax.readyState == 4) { |
|
287 |
unsetAjaxLoading(); |
|
288 |
if(ajax.responseText!='GOOD') |
|
289 |
{ |
|
290 |
alert(ajax.responseText); |
|
291 |
} |
|
292 |
} |
|
293 |
}); |
|
294 |
} |
|
295 |
||
296 |
// Editing/saving category information |
|
297 |
// This was not easy to write, I hope enjoy it, and dang I swear I'm gonna |
|
298 |
// find someone to work on just the Javascript part of Enano... |
|
299 |
||
300 |
function ajaxCatEdit() { |
|
301 |
setAjaxLoading(); |
|
302 |
ajaxGet(stdAjaxPrefix+'&_mode=catedit', function() { |
|
303 |
if(ajax.readyState == 4) { |
|
304 |
unsetAjaxLoading(); |
|
305 |
edit_open = false; |
|
306 |
eval(ajax.responseText); |
|
307 |
} |
|
308 |
}); |
|
309 |
} |
|
310 |
||
311 |
function ajaxCatSave() |
|
312 |
{ |
|
313 |
if(!catlist) |
|
314 |
{ |
|
315 |
alert('Var catlist has no properties'); |
|
316 |
return; |
|
317 |
} |
|
318 |
query=''; |
|
319 |
for(i=0;i<catlist.length;i++) |
|
320 |
{ |
|
321 |
l = 'if(document.forms.mdgCatForm.mdgCat_'+catlist[i]+'.checked) s = true; else s = false;'; |
|
322 |
eval(l); |
|
323 |
if(s) query = query + '&' + catlist[i] + '=true'; |
|
324 |
} |
|
325 |
setAjaxLoading(); |
|
326 |
query = query.substring(1, query.length); |
|
327 |
ajaxPost(stdAjaxPrefix+'&_mode=catsave', query, function() { |
|
328 |
if(ajax.readyState == 4) { |
|
329 |
unsetAjaxLoading(); |
|
330 |
edit_open = false; |
|
331 |
if(ajax.responseText != 'GOOD') alert(ajax.responseText); |
|
332 |
ajaxReset(); |
|
333 |
} |
|
334 |
}); |
|
335 |
} |
|
336 |
||
337 |
// History stuff |
|
338 |
||
339 |
function ajaxHistory() { |
|
340 |
setAjaxLoading(); |
|
341 |
ajaxGet(stdAjaxPrefix+'&_mode=histlist', function() { |
|
342 |
if(ajax.readyState == 4) { |
|
343 |
unsetAjaxLoading(); |
|
344 |
edit_open = false; |
|
345 |
selectButtonMajor('article'); |
|
346 |
selectButtonMinor('history'); |
|
347 |
document.getElementById('ajaxEditContainer').innerHTML = ajax.responseText; |
|
348 |
buildDiffList(); |
|
349 |
} |
|
350 |
}); |
|
351 |
} |
|
352 |
||
353 |
function ajaxHistView(oldid, tit) { |
|
354 |
if(!tit) tit=title; |
|
355 |
setAjaxLoading(); |
|
356 |
ajaxGet(append_sid(scriptPath+'/ajax.php?title='+tit+'&_mode=getpage&oldid='+oldid), function() { |
|
357 |
if(ajax.readyState == 4) { |
|
358 |
unsetAjaxLoading(); |
|
359 |
edit_open = false; |
|
360 |
document.getElementById('ajaxEditContainer').innerHTML = ajax.responseText; |
|
361 |
} |
|
362 |
}); |
|
363 |
} |
|
364 |
||
365 |
function ajaxRollback(id) { |
|
366 |
setAjaxLoading(); |
|
367 |
ajaxGet(stdAjaxPrefix+'&_mode=rollback&id='+id, function() { |
|
368 |
if(ajax.readyState == 4) { |
|
369 |
unsetAjaxLoading(); |
|
370 |
alert(ajax.responseText); |
|
371 |
} |
|
372 |
}); |
|
373 |
} |
|
374 |
||
375 |
function ajaxClearLogs() { |
|
376 |
c = confirm('You are about to DESTROY all log entries for this page. As opposed to (example) deleting this page, this action is completely IRREVERSIBLE and should not be used except in dire circumstances. Do you REALLY want to do this?'); |
|
377 |
if(!c) return; |
|
378 |
c = confirm('You\'re ABSOLUTELY sure???'); |
|
379 |
if(!c) return; |
|
380 |
setAjaxLoading(); |
|
381 |
ajaxGet(stdAjaxPrefix+'&_mode=flushlogs', function() { |
|
382 |
if(ajax.readyState == 4) { |
|
383 |
unsetAjaxLoading(); |
|
384 |
alert(ajax.responseText); |
|
385 |
window.location.reload(); |
|
386 |
} |
|
387 |
}); |
|
388 |
} |
|
389 |
||
390 |
var timelist; |
|
391 |
||
392 |
function buildDiffList() |
|
393 |
{ |
|
394 |
arrDiff1Buttons = getElementsByClassName(document, 'input', 'clsDiff1Radio'); |
|
395 |
arrDiff2Buttons = getElementsByClassName(document, 'input', 'clsDiff2Radio'); |
|
396 |
var len = arrDiff1Buttons.length; |
|
397 |
if ( len < 1 ) |
|
398 |
return false; |
|
399 |
timelist = new Array(); |
|
400 |
for ( var i = 0; i < len; i++ ) |
|
401 |
{ |
|
402 |
timelist.push( arrDiff2Buttons[i].id.substr(6) ); |
|
403 |
} |
|
404 |
timelist.push( arrDiff1Buttons[len-1].id.substr(6) ); |
|
405 |
delete(timelist.toJSONString); |
|
406 |
for ( var i = 1; i < timelist.length-1; i++ ) |
|
407 |
{ |
|
408 |
if ( i >= timelist.length ) break; |
|
409 |
arrDiff2Buttons[i].style.display = 'none'; |
|
410 |
} |
|
411 |
} |
|
412 |
||
413 |
function selectDiff1Button(obj) |
|
414 |
{ |
|
415 |
var this_time = obj.id.substr(6); |
|
416 |
var index = parseInt(in_array(this_time, timelist)); |
|
417 |
for ( var i = 0; i < timelist.length - 1; i++ ) |
|
418 |
{ |
|
419 |
if ( i < timelist.length - 1 ) |
|
420 |
{ |
|
421 |
var state = ( i < index ) ? 'inline' : 'none'; |
|
422 |
var id = 'diff2_' + timelist[i]; |
|
423 |
document.getElementById(id).style.display = state; |
|
424 |
||
425 |
// alert("Debug:\nIndex: "+index+"\nState: "+state+"\ni: "+i); |
|
426 |
} |
|
427 |
} |
|
428 |
} |
|
429 |
||
430 |
function selectDiff2Button(obj) |
|
431 |
{ |
|
432 |
var this_time = obj.id.substr(6); |
|
433 |
var index = parseInt(in_array(this_time, timelist)); |
|
434 |
for ( var i = 1; i < timelist.length; i++ ) |
|
435 |
{ |
|
436 |
if ( i < timelist.length - 1 ) |
|
437 |
{ |
|
438 |
var state = ( i > index ) ? 'inline' : 'none'; |
|
439 |
var id = 'diff1_' + timelist[i]; |
|
440 |
document.getElementById(id).style.display = state; |
|
441 |
||
442 |
// alert("Debug:\nIndex: "+index+"\nState: "+state+"\ni: "+i); |
|
443 |
} |
|
444 |
} |
|
445 |
} |
|
446 |
||
447 |
function ajaxHistDiff() |
|
448 |
{ |
|
449 |
var id1=false; |
|
450 |
var id2=false; |
|
451 |
for ( i = 0; i < arrDiff1Buttons.length; i++ ) |
|
452 |
{ |
|
453 |
k = i + ''; |
|
454 |
kpp = i + 1; |
|
455 |
kpp = kpp + ''; |
|
456 |
if(arrDiff1Buttons[k].checked) id1 = arrDiff1Buttons[k].id.substr(6); |
|
457 |
if(arrDiff2Buttons[k].checked) id2 = arrDiff2Buttons[k].id.substr(6); |
|
458 |
} |
|
459 |
if(!id1 || !id2) { alert('BUG: Couldn\'t get checked radiobutton state'); return; } |
|
460 |
setAjaxLoading(); |
|
461 |
ajaxGet(stdAjaxPrefix+'&_mode=pagediff&diff1='+id1+'&diff2='+id2, function() |
|
462 |
{ |
|
463 |
if(ajax.readyState==4) |
|
464 |
{ |
|
465 |
unsetAjaxLoading(); |
|
466 |
document.getElementById('ajaxEditContainer').innerHTML = ajax.responseText; |
|
467 |
} |
|
468 |
}); |
|
469 |
} |
|
470 |
||
471 |
// Change the user's preferred style/theme |
|
472 |
||
473 |
function ajaxChangeStyle() |
|
474 |
{ |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
11
diff
changeset
|
475 |
var inner_html = ''; |
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
476 |
inner_html += '<p><label>Theme: '; |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
477 |
inner_html += ' <select id="chtheme_sel_theme" onchange="ajaxGetStyles(this.value);">'; |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
478 |
inner_html += ' <option value="_blank" selected="selected">[Select]</option>'; |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
479 |
inner_html += ENANO_THEME_LIST; |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
480 |
inner_html += ' </select>'; |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
481 |
inner_html += '</label></p>'; |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
482 |
var chtheme_mb = new messagebox(MB_OKCANCEL|MB_ICONQUESTION, 'Change your theme', inner_html); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
483 |
chtheme_mb.onbeforeclick['OK'] = ajaxChangeStyleComplete; |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
484 |
} |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
485 |
|
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
486 |
function ajaxGetStyles(id) |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
487 |
{ |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
488 |
var thediv = document.getElementById('chtheme_sel_style_parent'); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
489 |
if ( thediv ) |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
490 |
{ |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
491 |
thediv.parentNode.removeChild(thediv); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
492 |
} |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
493 |
if ( id == '_blank' ) |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
494 |
{ |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
495 |
return null; |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
496 |
} |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
497 |
ajaxGet(stdAjaxPrefix + '&_mode=getstyles&id=' + id, function() { |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
498 |
if ( ajax.readyState == 4 ) |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
499 |
{ |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
500 |
// IE doesn't like substr() on ajax.responseText |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
501 |
var response = String(ajax.responseText + ' '); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
502 |
response = response.substr(0, response.length - 1); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
503 |
if ( response.substr(0,1) != '[' ) |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
504 |
{ |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
505 |
alert('Invalid or unexpected JSON response from server:\n' + response); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
506 |
return null; |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
507 |
} |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
508 |
|
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
509 |
// Build a selector and matching label |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
510 |
var data = parseJSON(response); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
511 |
var options = new Array(); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
512 |
for( var i in data ) |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
513 |
{ |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
514 |
var item = data[i]; |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
515 |
var title = themeid_to_title(item); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
516 |
var option = document.createElement('option'); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
517 |
option.value = item; |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
518 |
option.appendChild(document.createTextNode(title)); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
519 |
options.push(option); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
520 |
} |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
521 |
var p_parent = document.createElement('p'); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
522 |
var label = document.createElement('label'); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
523 |
p_parent.id = 'chtheme_sel_style_parent'; |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
524 |
label.appendChild(document.createTextNode('Style: ')); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
525 |
var select = document.createElement('select'); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
526 |
select.id = 'chtheme_sel_style'; |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
527 |
for ( var i in options ) |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
528 |
{ |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
529 |
select.appendChild(options[i]); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
530 |
} |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
531 |
label.appendChild(select); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
532 |
p_parent.appendChild(label); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
533 |
|
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
534 |
// Stick it onto the messagebox |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
535 |
var div = document.getElementById('messageBox'); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
536 |
var kid = div.firstChild.nextSibling; |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
537 |
|
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
538 |
kid.appendChild(p_parent); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
539 |
|
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
540 |
} |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
541 |
}); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
542 |
} |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
543 |
|
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
544 |
function ajaxChangeStyleComplete() |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
545 |
{ |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
546 |
var theme = $('chtheme_sel_theme'); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
547 |
var style = $('chtheme_sel_style'); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
548 |
if ( !theme.object || !style.object ) |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
549 |
{ |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
550 |
alert('Please select a theme from the list.'); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
551 |
return true; |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
552 |
} |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
553 |
var theme_id = theme.object.value; |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
554 |
var style_id = style.object.value; |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
555 |
|
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
556 |
if ( typeof(theme_id) != 'string' || typeof(style_id) != 'string' ) |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
557 |
{ |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
558 |
alert('Couldn\'t get theme or style ID'); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
559 |
return true; |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
560 |
} |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
561 |
|
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
562 |
if ( theme_id.length < 1 || style_id.length < 1 ) |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
563 |
{ |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
564 |
alert('Theme or style ID is zero length'); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
565 |
return true; |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
566 |
} |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
567 |
|
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
568 |
ajaxPost(stdAjaxPrefix + '&_mode=change_theme', 'theme_id=' + escape(theme_id) + '&style_id=' + escape(style_id), function() |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
569 |
{ |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
570 |
if ( ajax.readyState == 4 ) |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
571 |
{ |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
572 |
if ( ajax.responseText == 'GOOD' ) |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
573 |
{ |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
574 |
var c = confirm('Your theme preference has been changed.\nWould you like to reload the page now to see the changes?'); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
575 |
if ( c ) |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
576 |
window.location.reload(); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
577 |
} |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
578 |
else |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
579 |
{ |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
580 |
alert('Error occurred during attempt to change theme:\n' + ajax.responseText); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
581 |
} |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
582 |
} |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
583 |
}); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
584 |
|
30 | 585 |
return false; |
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
586 |
|
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
587 |
} |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
588 |
|
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
589 |
function themeid_to_title(id) |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
590 |
{ |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
591 |
if ( typeof(id) != 'string' ) |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
592 |
return false; |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
593 |
id = id.substr(0, 1).toUpperCase() + id.substr(1); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
594 |
id = id.replace(/_/g, ' '); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
595 |
id = id.replace(/-/g, ' '); |
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
parents:
28
diff
changeset
|
596 |
return id; |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
11
diff
changeset
|
597 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
11
diff
changeset
|
598 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
11
diff
changeset
|
599 |
/* |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
11
diff
changeset
|
600 |
function ajaxChangeStyle() |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
11
diff
changeset
|
601 |
{ |
1 | 602 |
var win = document.getElementById("cn2"); |
603 |
win.innerHTML = ' \ |
|
604 |
<form action="'+ENANO_SPECIAL_CHANGESTYLE+'" onsubmit="jws.closeWin(\'root2\');" method="post" style="text-align: center"> \ |
|
605 |
<h3>Select a theme...</h3>\ |
|
606 |
<select id="mdgThemeID" name="theme" onchange="ajaxGetStyles(this.value);"> \ |
|
607 |
'+ENANO_THEME_LIST+' \ |
|
608 |
</select> \ |
|
609 |
<div id="styleSelector"></div>\ |
|
610 |
<br /><br />\ |
|
611 |
<input type="hidden" name="return_to" value="'+title+'" />\ |
|
612 |
<input id="styleSubmitter" type="submit" style="display: none; font-weight: bold" value="Change theme" /> \ |
|
613 |
<input type="button" value="Cancel" onclick="jws.closeWin(\'root2\');" /> \ |
|
614 |
</form> \ |
|
615 |
'; |
|
616 |
ajaxGetStyles(ENANO_CURRENT_THEME); |
|
617 |
jws.openWin('root2', 340, 300); |
|
618 |
} |
|
619 |
||
620 |
function ajaxGetStyles(id) { |
|
621 |
setAjaxLoading(); |
|
622 |
ajaxGet(stdAjaxPrefix+'&_mode=getstyles&id='+id, function() { |
|
623 |
if(ajax.readyState == 4) { |
|
624 |
unsetAjaxLoading(); |
|
625 |
eval(ajax.responseText); |
|
626 |
html = '<h3>And a style...</h3><select id="mdgStyleID" name="style">'; |
|
627 |
for(i=0;i<list.length;i++) { |
|
628 |
lname = list[i].substr(0, 1).toUpperCase() + list[i].substr(1, list[i].length); |
|
629 |
html = html + '<option value="'+list[i]+'">'+lname+'</option>'; |
|
630 |
} |
|
631 |
html = html + '</select>'; |
|
632 |
document.getElementById('styleSelector').innerHTML = html; |
|
633 |
document.getElementById('styleSubmitter').style.display = 'inline'; |
|
634 |
} |
|
635 |
}); |
|
636 |
} |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
11
diff
changeset
|
637 |
*/ |
1 | 638 |
|
639 |
function ajaxSwapCSS() { |
|
640 |
setAjaxLoading(); |
|
641 |
if(_css) { |
|
642 |
document.getElementById('mdgCss').href = main_css; |
|
643 |
_css = false; |
|
644 |
} else { |
|
645 |
document.getElementById('mdgCss').href = print_css; |
|
646 |
_css = true; |
|
647 |
} |
|
648 |
unsetAjaxLoading(); |
|
649 |
menuOff(); |
|
650 |
} |
|
651 |
||
652 |
function ajaxSetPassword() |
|
653 |
{ |
|
654 |
pass = hex_sha1(document.getElementById('mdgPassSetField').value); |
|
655 |
setAjaxLoading(); |
|
656 |
ajaxPost(stdAjaxPrefix+'&_mode=setpass', 'password='+pass, function() |
|
657 |
{ |
|
658 |
unsetAjaxLoading(); |
|
659 |
if(ajax.readyState==4) |
|
660 |
{ |
|
661 |
alert(ajax.responseText); |
|
662 |
} |
|
663 |
} |
|
664 |
); |
|
665 |
} |
|
666 |
||
667 |
function ajaxWikiEditHelp() |
|
668 |
{ |
|
669 |
jws.openWin('root3', 640, 480); |
|
670 |
setAjaxLoading(); |
|
671 |
ajaxGet(stdAjaxPrefix+'&_mode=wikihelp', function() { |
|
672 |
if(ajax.readyState==4) |
|
673 |
{ |
|
674 |
unsetAjaxLoading(); |
|
675 |
document.getElementById('cn3').innerHTML = ajax.responseText; |
|
676 |
} |
|
677 |
}); |
|
678 |
} |
|
679 |
||
680 |
function ajaxStartLogin() |
|
681 |
{ |
|
682 |
ajaxPromptAdminAuth(function(k) { |
|
683 |
window.location.reload(); |
|
684 |
}, 2); |
|
685 |
} |
|
686 |
||
687 |
function ajaxAdminPage() |
|
688 |
{ |
|
689 |
if ( auth_level < USER_LEVEL_ADMIN ) |
|
690 |
{ |
|
691 |
ajaxPromptAdminAuth(function(k) { |
|
692 |
ENANO_SID = k; |
|
693 |
auth_level = USER_LEVEL_ADMIN; |
|
694 |
var loc = String(window.location + ''); |
|
695 |
window.location = append_sid(loc); |
|
696 |
var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'PageManager&source=ajax&page_id=' + ajaxEscape(title)); |
|
697 |
if ( (ENANO_SID + ' ').length > 1 ) |
|
698 |
window.location = loc; |
|
699 |
}, 9); |
|
700 |
return false; |
|
701 |
} |
|
702 |
var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'PageManager&source=ajax&page_id=' + ajaxEscape(title)); |
|
703 |
window.location = loc; |
|
704 |
} |
|
705 |
||
11
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
706 |
function ajaxDisableEmbeddedPHP() |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
707 |
{ |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
708 |
if ( !confirm('Are you really sure you want to do this? Some pages might not function if this emergency-only feature is activated.') ) |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
709 |
return false; |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
710 |
var $killdiv = $dynano('php_killer'); |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
711 |
if ( !$killdiv.object ) |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
712 |
{ |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
713 |
alert('Can\'t get kill div object'); |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
714 |
return false; |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
715 |
} |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
716 |
$killdiv.object.innerHTML = '<img alt="Loading..." src="' + scriptPath + '/images/loading-big.gif" /><br />Making request...'; |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
717 |
var url = makeUrlNS('Admin', 'Home', 'src=ajax'); |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
718 |
ajaxPost(url, 'act=kill_php', function() { |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
719 |
if ( ajax.readyState == 4 ) |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
720 |
{ |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
721 |
if ( ajax.responseText == '1' ) |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
722 |
{ |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
723 |
var $killdiv = $dynano('php_killer'); |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
724 |
//$killdiv.object.innerHTML = '<img alt="Success" src="' + scriptPath + '/images/error.png" /><br />Embedded PHP in pages has been disabled.'; |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
725 |
$killdiv.object.parentNode.removeChild($killdiv.object); |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
726 |
var newdiv = document.createElement('div'); |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
727 |
// newdiv.style = $killdiv.object.style; |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
728 |
newdiv.className = $killdiv.object.className; |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
729 |
newdiv.innerHTML = '<img alt="Success" src="' + scriptPath + '/images/error.png" /><br />Embedded PHP in pages has been disabled.'; |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
730 |
$killdiv.object.parentNode.appendChild(newdiv); |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
731 |
$killdiv.object.parentNode.removeChild($killdiv.object); |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
732 |
} |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
733 |
else |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
734 |
{ |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
735 |
var $killdiv = $dynano('php_killer'); |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
736 |
$killdiv.object.innerHTML = ajax.responseText; |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
737 |
} |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
738 |
} |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
739 |
}); |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
740 |
} |
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
parents:
1
diff
changeset
|
741 |