author | Dan |
Mon, 04 Jan 2010 11:09:50 -0500 | |
changeset 1199 | 8d85b52ac9b6 |
parent 1149 | be4feea8872a |
child 1226 | de56132c008d |
permissions | -rw-r--r-- |
0 | 1 |
<?php |
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
parents:
70
diff
changeset
|
2 |
|
166
d53cc29308f4
Rebrand as 1.1.1; everything should now be bumped to "unstable" status
Dan
parents:
160
diff
changeset
|
3 |
/* |
0 | 4 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
parents:
1074
diff
changeset
|
5 |
* Copyright (C) 2006-2009 Dan Fuhry |
0 | 6 |
* |
7 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
8 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
9 |
* |
|
10 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
11 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
12 |
* |
|
246
c9fd175289aa
Cleaned up some HTML in the installer; corrected some phpDoc syntax errors
Dan
parents:
183
diff
changeset
|
13 |
* @package Enano |
c9fd175289aa
Cleaned up some HTML in the installer; corrected some phpDoc syntax errors
Dan
parents:
183
diff
changeset
|
14 |
* @subpackage Frontend |
0 | 15 |
*/ |
246
c9fd175289aa
Cleaned up some HTML in the installer; corrected some phpDoc syntax errors
Dan
parents:
183
diff
changeset
|
16 |
|
1082 | 17 |
define('ENANO_INTERFACE_INDEX', ''); |
18 |
||
19 |
// start up Enano |
|
20 |
require('includes/common.php'); |
|
21 |
||
22 |
// decide on HTML compacting |
|
23 |
$aggressive_optimize_html = !defined('ENANO_DEBUG') && !isset($_GET['nocompress']); |
|
24 |
||
25 |
// Set up gzip encoding before any output is sent |
|
26 |
global $do_gzip; |
|
27 |
// FIXME: make this configurable |
|
28 |
$do_gzip = !defined('ENANO_DEBUG'); |
|
29 |
||
30 |
error_reporting(E_ALL); |
|
31 |
||
32 |
if($aggressive_optimize_html || $do_gzip) |
|
33 |
{ |
|
34 |
ob_start(); |
|
35 |
} |
|
36 |
||
37 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
38 |
$page_timestamp = time(); |
|
39 |
||
40 |
if ( !isset($_GET['do']) ) |
|
41 |
{ |
|
42 |
$_GET['do'] = 'view'; |
|
43 |
} |
|
44 |
switch($_GET['do']) |
|
45 |
{ |
|
46 |
default: |
|
47 |
$code = $plugins->setHook('page_action'); |
|
0 | 48 |
ob_start(); |
1082 | 49 |
foreach ( $code as $cmd ) |
50 |
{ |
|
51 |
eval($cmd); |
|
52 |
} |
|
53 |
if ( $contents = ob_get_contents() ) |
|
54 |
{ |
|
55 |
ob_end_clean(); |
|
56 |
echo $contents; |
|
57 |
} |
|
58 |
else |
|
59 |
{ |
|
60 |
die_friendly('Invalid action', '<p>The action "'.htmlspecialchars($_GET['do']).'" is not defined. Return to <a href="'.makeUrl($paths->page).'">viewing this page\'s text</a>.</p>'); |
|
61 |
} |
|
62 |
break; |
|
63 |
case 'view': |
|
64 |
// echo PageUtils::getpage($paths->page, true, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false )); |
|
65 |
$rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 ); |
|
66 |
$page = new PageProcessor( $paths->page_id, $paths->namespace, $rev_id ); |
|
67 |
// Feed this PageProcessor to the template processor. This prevents $template from starting another |
|
68 |
// PageProcessor when we already have one going. |
|
69 |
$template->set_page($page); |
|
70 |
$page->send_headers = true; |
|
71 |
$page->allow_redir = ( !isset($_GET['redirect']) || (isset($_GET['redirect']) && $_GET['redirect'] !== 'no') ); |
|
72 |
$pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : ''; |
|
73 |
$page->password = $pagepass; |
|
74 |
$page->send(true); |
|
75 |
$page_timestamp = $page->revision_time; |
|
76 |
break; |
|
77 |
case 'comments': |
|
78 |
$output->header(); |
|
79 |
require_once(ENANO_ROOT.'/includes/pageutils.php'); |
|
80 |
$sub = ( isset ($_GET['sub']) ) ? $_GET['sub'] : false; |
|
81 |
switch($sub) |
|
82 |
{ |
|
83 |
case 'admin': |
|
84 |
default: |
|
85 |
$act = ( isset ($_GET['action']) ) ? $_GET['action'] : false; |
|
86 |
$id = ( isset ($_GET['id']) ) ? intval($_GET['id']) : -1; |
|
87 |
echo PageUtils::comments_html($paths->page_id, $paths->namespace, $act, Array('id'=>$id)); |
|
285
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
parents:
256
diff
changeset
|
88 |
break; |
1082 | 89 |
case 'postcomment': |
90 |
if(empty($_POST['name']) || |
|
91 |
empty($_POST['subj']) || |
|
92 |
empty($_POST['text']) |
|
93 |
) { echo 'Invalid request'; break; } |
|
94 |
$cid = ( isset($_POST['captcha_id']) ) ? $_POST['captcha_id'] : false; |
|
95 |
$cin = ( isset($_POST['captcha_input']) ) ? $_POST['captcha_input'] : false; |
|
96 |
||
97 |
require_once('includes/comment.php'); |
|
98 |
$comments = new Comments($paths->page_id, $paths->namespace); |
|
99 |
||
100 |
$submission = array( |
|
101 |
'mode' => 'submit', |
|
102 |
'captcha_id' => $cid, |
|
103 |
'captcha_code' => $cin, |
|
104 |
'name' => $_POST['name'], |
|
105 |
'subj' => $_POST['subj'], |
|
106 |
'text' => $_POST['text'], |
|
107 |
); |
|
108 |
||
109 |
$result = $comments->process_json($submission); |
|
110 |
if ( $result['mode'] == 'error' ) |
|
337
491518997ae5
Made CAPTCHA for guests' page editing work with the non-AJAX interface
Dan
parents:
334
diff
changeset
|
111 |
{ |
1082 | 112 |
echo '<div class="error-box">' . htmlspecialchars($result['error']) . '</div>'; |
468
194a19711346
Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents:
411
diff
changeset
|
113 |
} |
194a19711346
Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents:
411
diff
changeset
|
114 |
else |
194a19711346
Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents:
411
diff
changeset
|
115 |
{ |
1082 | 116 |
echo '<div class="info-box">' . $lang->get('comment_msg_comment_posted') . '</div>'; |
468
194a19711346
Fixed the fact that cron just didn't work at all (brain fart that day or something)
Dan
parents:
411
diff
changeset
|
117 |
} |
1082 | 118 |
|
119 |
echo PageUtils::comments_html($paths->page_id, $paths->namespace); |
|
120 |
break; |
|
121 |
case 'editcomment': |
|
122 |
if(!isset($_GET['id']) || ( isset($_GET['id']) && !preg_match('#^([0-9]+)$#', $_GET['id']) )) { echo '<p>Invalid comment ID</p>'; break; } |
|
123 |
$q = $db->sql_query('SELECT subject,comment_data,comment_id FROM '.table_prefix.'comments WHERE comment_id='.$_GET['id']); |
|
124 |
if(!$q) $db->_die('The comment data could not be selected.'); |
|
125 |
$row = $db->fetchrow(); |
|
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
parents:
391
diff
changeset
|
126 |
$db->free_result(); |
1082 | 127 |
$row['subject'] = str_replace('\'', ''', $row['subject']); |
128 |
echo '<form action="'.makeUrl($paths->page, 'do=comments&sub=savecomment').'" method="post">'; |
|
129 |
echo "<br /><div class='tblholder'><table border='0' width='100%' cellspacing='1' cellpadding='4'> |
|
130 |
<tr><td class='row1'>" . $lang->get('comment_postform_field_subject') . "</td><td class='row1'><input type='text' name='subj' value='{$row['subject']}' /></td></tr> |
|
131 |
<tr><td class='row2'>" . $lang->get('comment_postform_field_comment') . "</td><td class='row2'><textarea rows='10' cols='40' style='width: 98%;' name='text'>{$row['comment_data']}</textarea></td></tr> |
|
132 |
<tr><td class='row1' colspan='2' class='row1' style='text-align: center;'><input type='hidden' name='id' value='{$row['comment_id']}' /><input type='submit' value='" . $lang->get('etc_save_changes') . "' /></td></tr> |
|
133 |
</table></div>"; |
|
134 |
echo '</form>'; |
|
135 |
break; |
|
136 |
case 'savecomment': |
|
137 |
if(empty($_POST['subj']) || empty($_POST['text'])) { echo '<p>Invalid request</p>'; break; } |
|
138 |
$r = PageUtils::savecomment_neater($paths->page_id, $paths->namespace, $_POST['subj'], $_POST['text'], (int)$_POST['id']); |
|
139 |
if($r != 'good') { echo "<pre>$r</pre>"; break; } |
|
140 |
echo PageUtils::comments_html($paths->page_id, $paths->namespace); |
|
141 |
break; |
|
142 |
case 'deletecomment': |
|
143 |
if(!empty($_GET['id'])) |
|
144 |
{ |
|
145 |
PageUtils::deletecomment_neater($paths->page_id, $paths->namespace, (int)$_GET['id']); |
|
146 |
} |
|
147 |
echo PageUtils::comments_html($paths->page_id, $paths->namespace); |
|
148 |
break; |
|
149 |
} |
|
150 |
$output->footer(); |
|
151 |
break; |
|
152 |
case 'edit': |
|
153 |
if(isset($_POST['_cancel'])) |
|
154 |
{ |
|
155 |
redirect(makeUrl($paths->page), '', '', 0); |
|
156 |
break; |
|
157 |
} |
|
158 |
require_once(ENANO_ROOT.'/includes/pageutils.php'); |
|
159 |
if(isset($_POST['_save'])) |
|
160 |
{ |
|
161 |
$captcha_valid = true; |
|
337
491518997ae5
Made CAPTCHA for guests' page editing work with the non-AJAX interface
Dan
parents:
334
diff
changeset
|
162 |
if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' ) |
491518997ae5
Made CAPTCHA for guests' page editing work with the non-AJAX interface
Dan
parents:
334
diff
changeset
|
163 |
{ |
1082 | 164 |
$captcha_valid = false; |
165 |
if ( isset($_POST['captcha_id']) && isset($_POST['captcha_code']) ) |
|
166 |
{ |
|
167 |
$hash_correct = strtolower($session->get_captcha($_POST['captcha_id'])); |
|
168 |
$hash_input = strtolower($_POST['captcha_code']); |
|
169 |
if ( $hash_input === $hash_correct ) |
|
170 |
$captcha_valid = true; |
|
171 |
} |
|
337
491518997ae5
Made CAPTCHA for guests' page editing work with the non-AJAX interface
Dan
parents:
334
diff
changeset
|
172 |
} |
1082 | 173 |
if ( $captcha_valid ) |
160
87a988ca4ff4
Fixed: wiki mode edit notice should be shown on fallback editor now
Dan
parents:
142
diff
changeset
|
174 |
{ |
1082 | 175 |
$e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['page_text'], $_POST['edit_summary'], isset($_POST['minor'])); |
176 |
if ( $e == 'good' ) |
|
177 |
{ |
|
178 |
redirect(makeUrl($paths->page), $lang->get('editor_msg_save_success_title'), $lang->get('editor_msg_save_success_body'), 3); |
|
179 |
} |
|
160
87a988ca4ff4
Fixed: wiki mode edit notice should be shown on fallback editor now
Dan
parents:
142
diff
changeset
|
180 |
} |
1082 | 181 |
} |
182 |
$template->header(); |
|
183 |
if ( isset($captcha_valid) ) |
|
184 |
{ |
|
185 |
echo '<div class="usermessage">' . $lang->get('editor_err_captcha_wrong') . '</div>'; |
|
186 |
} |
|
187 |
if(isset($_POST['_preview'])) |
|
188 |
{ |
|
189 |
$text = $_POST['page_text']; |
|
190 |
$edsumm = $_POST['edit_summary']; |
|
191 |
echo PageUtils::genPreview($_POST['page_text']); |
|
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
parents:
383
diff
changeset
|
192 |
$text = htmlspecialchars($text); |
1082 | 193 |
$revid = 0; |
194 |
} |
|
195 |
else |
|
196 |
{ |
|
197 |
$revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0; |
|
198 |
$page = new PageProcessor($paths->page_id, $paths->namespace, $revid); |
|
199 |
$text = $page->fetch_source(); |
|
200 |
$edsumm = ''; |
|
201 |
// $text = RenderMan::getPage($paths->cpage['urlname_nons'], $paths->namespace, 0, false, false, false, false); |
|
202 |
} |
|
203 |
if ( $revid > 0 ) |
|
204 |
{ |
|
205 |
$time = $page->revision_time; |
|
206 |
// Retrieve information about this revision and the current one |
|
207 |
$q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1 |
|
208 |
LEFT JOIN ' . table_prefix . 'logs AS l2 |
|
209 |
ON ( l2.log_id = ' . $revid . ' |
|
210 |
AND l2.log_type = \'page\' |
|
211 |
AND l2.action = \'edit\' |
|
212 |
AND l2.page_id = \'' . $db->escape($paths->page_id) . '\' |
|
213 |
AND l2.namespace = \'' . $db->escape($paths->namespace) . '\' |
|
214 |
AND l1.is_draft != 1 |
|
215 |
) |
|
216 |
WHERE l1.log_type = \'page\' |
|
217 |
AND l1.action = \'edit\' |
|
218 |
AND l1.page_id = \'' . $db->escape($paths->page_id) . '\' |
|
219 |
AND l1.namespace = \'' . $db->escape($paths->namespace) . '\' |
|
220 |
AND l1.time_id > ' . $time . ' |
|
221 |
AND l1.is_draft != 1 |
|
222 |
ORDER BY l1.time_id DESC;'); |
|
223 |
if ( !$q ) |
|
224 |
$db->die_json(); |
|
481
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
468
diff
changeset
|
225 |
|
1082 | 226 |
if ( $db->numrows() > 0 ) |
481
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
468
diff
changeset
|
227 |
{ |
1082 | 228 |
echo '<div class="usermessage">' . $lang->get('editor_msg_editing_old_revision') . '</div>'; |
229 |
||
230 |
$rev_count = $db->numrows() - 2; |
|
231 |
$row = $db->fetchrow(); |
|
232 |
$undo_info = array( |
|
233 |
'old_author' => $row['oldrev_author'], |
|
234 |
'current_author' => $row['currentrev_author'], |
|
235 |
'undo_count' => max($rev_count, 1), |
|
236 |
'last_rev_id' => $revid |
|
237 |
); |
|
481
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
468
diff
changeset
|
238 |
} |
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
468
diff
changeset
|
239 |
else |
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
468
diff
changeset
|
240 |
{ |
1082 | 241 |
$revid = 0; |
481
07bf15b066bc
Hopefully completed rewrite and localization of rollback backend and interface
Dan
parents:
468
diff
changeset
|
242 |
} |
1082 | 243 |
$db->free_result(); |
244 |
} |
|
245 |
echo ' |
|
246 |
<form action="'.makeUrl($paths->page, 'do=edit').'" method="post" enctype="multipart/form-data"> |
|
247 |
<br /> |
|
248 |
<textarea name="page_text" rows="20" cols="60" style="width: 97%;">'.$text.'</textarea><br /> |
|
249 |
<br /> |
|
250 |
'; |
|
251 |
$edsumm = ( $revid > 0 ) ? $lang->get('editor_reversion_edit_summary', $undo_info) : $edsumm; |
|
252 |
echo $lang->get('editor_lbl_edit_summary') . ' <input name="edit_summary" type="text" size="40" value="' . htmlspecialchars($edsumm) . '" /><br /><label><input type="checkbox" name="minor" /> ' . $lang->get('editor_lbl_minor_edit_field') . '</label><br />'; |
|
253 |
if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' ) |
|
254 |
{ |
|
255 |
echo '<br /><table border="0"><tr><td>'; |
|
256 |
echo '<b>' . $lang->get('editor_lbl_field_captcha') . '</b><br />' |
|
257 |
. '<br />' |
|
258 |
. $lang->get('editor_msg_captcha_pleaseenter') . '<br /><br />' |
|
259 |
. $lang->get('editor_msg_captcha_blind'); |
|
260 |
echo '</td><td>'; |
|
261 |
$hash = $session->make_captcha(); |
|
262 |
echo '<img src="' . makeUrlNS('Special', "Captcha/$hash") . '" onclick="this.src+=\'/a\'" style="cursor: pointer;" /><br />'; |
|
263 |
echo '<input type="hidden" name="captcha_id" value="' . $hash . '" />'; |
|
264 |
echo $lang->get('editor_lbl_field_captcha_code') . ' <input type="text" name="captcha_code" value="" size="9" />'; |
|
265 |
echo '</td></tr></table>'; |
|
266 |
} |
|
267 |
echo '<br /> |
|
268 |
<input type="submit" name="_save" value="' . $lang->get('editor_btn_save') . '" style="font-weight: bold;" /> |
|
269 |
<input type="submit" name="_preview" value="' . $lang->get('editor_btn_preview') . '" /> |
|
270 |
<input type="submit" name="_revert" value="' . $lang->get('editor_btn_revert') . '" /> |
|
271 |
<input type="submit" name="_cancel" value="' . $lang->get('editor_btn_cancel') . '" /> |
|
272 |
</form> |
|
273 |
'; |
|
274 |
if ( getConfig('wiki_edit_notice', '0') == '1' ) |
|
275 |
{ |
|
276 |
$notice = getConfig('wiki_edit_notice_text'); |
|
277 |
echo RenderMan::render($notice); |
|
278 |
} |
|
279 |
$template->footer(); |
|
280 |
break; |
|
281 |
case 'viewsource': |
|
282 |
$template->header(); |
|
283 |
$text = RenderMan::getPage($paths->page_id, $paths->namespace, 0, false, false, false, false); |
|
284 |
$text = htmlspecialchars($text); |
|
285 |
echo ' |
|
286 |
<form action="'.makeUrl($paths->page, 'do=edit').'" method="post"> |
|
287 |
<br /> |
|
288 |
<textarea readonly="readonly" name="page_text" rows="20" cols="60" style="width: 97%;">'.$text.'</textarea>'; |
|
289 |
echo '<br /> |
|
290 |
<input type="submit" name="_cancel" value="' . $lang->get('editor_btn_closeviewer') . '" /> |
|
291 |
</form> |
|
292 |
'; |
|
293 |
$template->footer(); |
|
294 |
break; |
|
295 |
case 'history': |
|
296 |
require_once(ENANO_ROOT.'/includes/pageutils.php'); |
|
297 |
$hist = PageUtils::histlist($paths->page_id, $paths->namespace); |
|
298 |
$template->header(); |
|
299 |
echo $hist; |
|
300 |
$template->footer(); |
|
301 |
break; |
|
302 |
case 'rollback': |
|
303 |
$id = (isset($_GET['id'])) ? $_GET['id'] : false; |
|
304 |
if(!$id || !ctype_digit($id)) die_friendly('Invalid action ID', '<p>The URL parameter "id" is not an integer. Exiting to prevent nasties like SQL injection, etc.</p>'); |
|
305 |
||
306 |
$id = intval($id); |
|
307 |
||
308 |
$page = new PageProcessor($paths->page_id, $paths->namespace); |
|
309 |
$result = $page->rollback_log_entry($id); |
|
310 |
||
311 |
if ( $result['success'] ) |
|
312 |
{ |
|
313 |
$result = $lang->get("page_msg_rb_success_{$result['action']}", array('dateline' => $result['dateline'])); |
|
314 |
} |
|
315 |
else |
|
316 |
{ |
|
317 |
$result = $lang->get("page_err_{$result['error']}", array('action' => @$result['action'])); |
|
318 |
} |
|
319 |
||
320 |
$template->header(); |
|
321 |
echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a></p>'; |
|
322 |
$template->footer(); |
|
323 |
break; |
|
324 |
case 'catedit': |
|
325 |
require_once(ENANO_ROOT.'/includes/pageutils.php'); |
|
326 |
if(isset($_POST['__enanoSaveButton'])) |
|
327 |
{ |
|
328 |
unset($_POST['__enanoSaveButton']); |
|
329 |
$val = PageUtils::catsave($paths->page_id, $paths->namespace, $_POST); |
|
330 |
if($val == 'GOOD') |
|
0 | 331 |
{ |
332 |
header('Location: '.makeUrl($paths->page)); echo '<html><head><title>Redirecting...</title></head><body>If you haven\'t been redirected yet, <a href="'.makeUrl($paths->page).'">click here</a>.'; break; |
|
1082 | 333 |
} else { |
334 |
die_friendly('Error saving category information', '<p>'.$val.'</p>'); |
|
0 | 335 |
} |
1082 | 336 |
} |
337 |
elseif(isset($_POST['__enanoCatCancel'])) |
|
338 |
{ |
|
339 |
header('Location: '.makeUrl($paths->page)); echo '<html><head><title>Redirecting...</title></head><body>If you haven\'t been redirected yet, <a href="'.makeUrl($paths->page).'">click here</a>.'; break; |
|
340 |
} |
|
341 |
$template->header(); |
|
342 |
$c = PageUtils::catedit_raw($paths->page_id, $paths->namespace); |
|
343 |
echo $c[1]; |
|
344 |
$template->footer(); |
|
345 |
break; |
|
346 |
case 'moreoptions': |
|
347 |
$template->header(); |
|
348 |
echo '<div class="menu_nojs" style="width: 150px; padding: 0;"><ul style="display: block;"><li><div class="label">' . $lang->get('ajax_lbl_moreoptions_nojs') . '</div><div style="clear: both;"></div></li>'.$template->toolbar_menu.'</ul></div>'; |
|
349 |
$template->footer(); |
|
350 |
break; |
|
351 |
case 'protect': |
|
352 |
if ( !$session->sid_super ) |
|
353 |
{ |
|
354 |
redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=protect&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); |
|
355 |
} |
|
356 |
||
357 |
if ( isset($_POST['level']) && isset($_POST['reason']) ) |
|
358 |
{ |
|
359 |
$level = intval($_POST['level']); |
|
360 |
if ( !in_array($level, array(PROTECT_FULL, PROTECT_SEMI, PROTECT_NONE)) ) |
|
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
906
diff
changeset
|
361 |
{ |
1082 | 362 |
$errors[] = 'bad level'; |
363 |
} |
|
364 |
$reason = trim($_POST['reason']); |
|
365 |
if ( empty($reason) ) |
|
366 |
{ |
|
367 |
$errors[] = $lang->get('onpage_protect_err_need_reason'); |
|
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
906
diff
changeset
|
368 |
} |
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
parents:
906
diff
changeset
|
369 |
|
1082 | 370 |
$page = new PageProcessor($paths->page_id, $paths->namespace); |
371 |
$result = $page->protect_page($level, $reason); |
|
372 |
if ( $result['success'] ) |
|
373 |
{ |
|
374 |
redirect(makeUrl($paths->page), $lang->get('page_protect_lbl_success_title'), $lang->get('page_protect_lbl_success_body', array('page_link' => makeUrl($paths->page, false, true))), 3); |
|
375 |
} |
|
376 |
else |
|
0 | 377 |
{ |
1082 | 378 |
$errors[] = $lang->get('page_err_' . $result['error']); |
0 | 379 |
} |
1082 | 380 |
} |
381 |
$template->header(); |
|
382 |
?> |
|
383 |
<form action="<?php echo makeUrl($paths->page, 'do=protect'); ?>" method="post"> |
|
384 |
<h3><?php echo $lang->get('onpage_protect_heading'); ?></h3> |
|
385 |
<p><?php echo $lang->get('onpage_protect_msg_select_level'); ?></p> |
|
386 |
||
387 |
<?php |
|
388 |
if ( !empty($errors) ) |
|
389 |
{ |
|
390 |
echo '<ul><li>' . implode('</li><li>', $errors) . '</li></ul>'; |
|
391 |
} |
|
0 | 392 |
?> |
1082 | 393 |
|
394 |
<div class="protectlevel" style="line-height: 22px; margin-left: 17px;"> |
|
395 |
<label> |
|
396 |
<input type="radio" name="level" value="<?php echo PROTECT_FULL; ?>" /> |
|
397 |
<?php echo gen_sprite(cdnPath . '/images/protect-icons.png', 22, 22, 0, 0); ?> |
|
398 |
<?php echo $lang->get('onpage_protect_btn_full'); ?> |
|
399 |
</label> |
|
400 |
</div> |
|
401 |
<div class="protectlevel_hint" style="font-size: smaller; margin-left: 68px;"> |
|
402 |
<?php echo $lang->get('onpage_protect_btn_full_hint'); ?> |
|
403 |
</div> |
|
404 |
||
405 |
<div class="protectlevel" style="line-height: 22px; margin-left: 17px;"> |
|
406 |
<label> |
|
407 |
<input type="radio" name="level" value="<?php echo PROTECT_SEMI; ?>" /> |
|
408 |
<?php echo gen_sprite(cdnPath . '/images/protect-icons.png', 22, 22, 22, 0); ?> |
|
409 |
<?php echo $lang->get('onpage_protect_btn_semi'); ?> |
|
410 |
</label> |
|
411 |
</div> |
|
412 |
<div class="protectlevel_hint" style="font-size: smaller; margin-left: 68px;"> |
|
413 |
<?php echo $lang->get('onpage_protect_btn_semi_hint'); ?> |
|
414 |
</div> |
|
415 |
||
416 |
<div class="protectlevel" style="line-height: 22px; margin-left: 17px;"> |
|
417 |
<label> |
|
418 |
<input type="radio" name="level" value="<?php echo PROTECT_NONE; ?>" /> |
|
419 |
<?php echo gen_sprite(cdnPath . '/images/protect-icons.png', 22, 22, 44, 0); ?> |
|
420 |
<?php echo $lang->get('onpage_protect_btn_none'); ?> |
|
421 |
</label> |
|
422 |
</div> |
|
423 |
<div class="protectlevel_hint" style="font-size: smaller; margin-left: 68px;"> |
|
424 |
<?php echo $lang->get('onpage_protect_btn_none_hint'); ?> |
|
425 |
</div> |
|
426 |
||
427 |
<table style="margin-left: 1em;" cellspacing="10"> |
|
428 |
<tr> |
|
429 |
<td valign="top"> |
|
430 |
<?php echo $lang->get('onpage_protect_lbl_reason'); ?> |
|
431 |
</td> |
|
432 |
<td> |
|
433 |
<input type="text" name="reason" size="40" /><br /> |
|
434 |
<small><?php echo $lang->get('onpage_protect_lbl_reason_hint'); ?></small> |
|
435 |
</td> |
|
436 |
</tr> |
|
437 |
</table> |
|
438 |
||
439 |
<p> |
|
440 |
<input type="submit" value="<?php echo htmlspecialchars($lang->get('page_protect_btn_submit')) ?>" style="font-weight: bold;" /> |
|
441 |
<a class="abutton" href="<?php echo makeUrl($paths->page, false, true); ?>"><?php echo $lang->get('etc_cancel'); ?></a> |
|
442 |
</p> |
|
443 |
</form> |
|
444 |
<?php |
|
445 |
$template->footer(); |
|
446 |
break; |
|
447 |
case 'rename': |
|
448 |
require_once(ENANO_ROOT.'/includes/pageutils.php'); |
|
449 |
if(!empty($_POST['newname'])) |
|
450 |
{ |
|
451 |
$r = PageUtils::rename($paths->page_id, $paths->namespace, $_POST['newname']); |
|
452 |
die_friendly($lang->get('page_rename_success_title'), '<p>'.nl2br($r).' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>'); |
|
453 |
} |
|
454 |
$template->header(); |
|
455 |
?> |
|
456 |
<form action="<?php echo makeUrl($paths->page, 'do=rename'); ?>" method="post"> |
|
457 |
<?php if(isset($_POST['newname'])) echo '<p style="color: red;">' . $lang->get('page_rename_err_need_name') . '</p>'; ?> |
|
458 |
<p><?php echo $lang->get('page_rename_lbl'); ?></p> |
|
459 |
<p><input type="text" name="newname" size="40" /></p> |
|
460 |
<p><input type="submit" value="<?php echo htmlspecialchars($lang->get('page_rename_btn_submit')); ?>" style="font-weight: bold;" /></p> |
|
461 |
</form> |
|
462 |
<?php |
|
463 |
$template->footer(); |
|
464 |
break; |
|
465 |
case 'flushlogs': |
|
466 |
if(!$session->get_permissions('clear_logs')) |
|
467 |
{ |
|
468 |
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>'); |
|
469 |
} |
|
470 |
if ( !$session->sid_super ) |
|
471 |
{ |
|
472 |
redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=flushlogs&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); |
|
473 |
} |
|
474 |
require_once(ENANO_ROOT.'/includes/pageutils.php'); |
|
475 |
if(isset($_POST['_downthejohn'])) |
|
476 |
{ |
|
477 |
$template->header(); |
|
478 |
$result = PageUtils::flushlogs($paths->page_id, $paths->namespace); |
|
479 |
echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>'; |
|
480 |
$template->footer(); |
|
481 |
break; |
|
482 |
} |
|
483 |
$template->header(); |
|
484 |
?> |
|
485 |
<form action="<?php echo makeUrl($paths->page, 'do=flushlogs'); ?>" method="post"> |
|
486 |
<?php echo $lang->get('page_flushlogs_warning_stern'); ?> |
|
487 |
<p><input type="submit" name="_downthejohn" value="<?php echo htmlspecialchars($lang->get('page_flushlogs_btn_submit')); ?>" style="color: red; font-weight: bold;" /></p> |
|
0 | 488 |
</form> |
489 |
<?php |
|
1082 | 490 |
$template->footer(); |
491 |
break; |
|
492 |
case 'delvote': |
|
493 |
require_once(ENANO_ROOT.'/includes/pageutils.php'); |
|
494 |
if(isset($_POST['_ballotbox'])) |
|
495 |
{ |
|
496 |
$template->header(); |
|
497 |
$result = PageUtils::delvote($paths->page_id, $paths->namespace); |
|
498 |
echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>'; |
|
0 | 499 |
$template->footer(); |
500 |
break; |
|
1082 | 501 |
} |
502 |
$template->header(); |
|
0 | 503 |
?> |
1082 | 504 |
<form action="<?php echo makeUrl($paths->page, 'do=delvote'); ?>" method="post"> |
505 |
<?php |
|
506 |
echo $lang->get('page_delvote_warning_stern'); |
|
507 |
echo '<p>'; |
|
508 |
switch($paths->cpage['delvotes']) |
|
509 |
{ |
|
510 |
case 0: echo $lang->get('page_delvote_count_zero'); break; |
|
511 |
case 1: echo $lang->get('page_delvote_count_one'); break; |
|
512 |
default: echo $lang->get('page_delvote_count_plural', array('delvotes' => $paths->cpage['delvotes'])); break; |
|
513 |
} |
|
514 |
echo '</p>'; |
|
515 |
?> |
|
516 |
<p><input type="submit" name="_ballotbox" value="<?php echo htmlspecialchars($lang->get('page_delvote_btn_submit')); ?>" /></p> |
|
0 | 517 |
</form> |
518 |
<?php |
|
1082 | 519 |
$template->footer(); |
520 |
break; |
|
521 |
case 'resetvotes': |
|
522 |
require_once(ENANO_ROOT.'/includes/pageutils.php'); |
|
523 |
if(!$session->get_permissions('vote_reset')) |
|
524 |
{ |
|
525 |
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>'); |
|
526 |
} |
|
527 |
if(isset($_POST['_youmaylivealittlelonger'])) |
|
528 |
{ |
|
529 |
$template->header(); |
|
530 |
$result = PageUtils::resetdelvotes($paths->page_id, $paths->namespace); |
|
531 |
echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>'; |
|
532 |
$template->footer(); |
|
0 | 533 |
break; |
1082 | 534 |
} |
535 |
$template->header(); |
|
536 |
?> |
|
537 |
<form action="<?php echo makeUrl($paths->page, 'do=resetvotes'); ?>" method="post"> |
|
538 |
<p><?php echo $lang->get('ajax_delvote_reset_confirm'); ?></p> |
|
539 |
<p><input type="submit" name="_youmaylivealittlelonger" value="<?php echo htmlspecialchars($lang->get('page_delvote_reset_btn_submit')); ?>" /></p> |
|
540 |
</form> |
|
541 |
<?php |
|
542 |
$template->footer(); |
|
543 |
break; |
|
544 |
case 'deletepage': |
|
1149
be4feea8872a
Improved language for static HTML page delete interface
Dan
parents:
1082
diff
changeset
|
545 |
if ( !$session->get_permissions('delete_page') ) |
1082 | 546 |
{ |
547 |
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>'); |
|
548 |
} |
|
549 |
if ( !$session->sid_super ) |
|
550 |
{ |
|
551 |
redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=deletepage&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); |
|
552 |
} |
|
553 |
||
1149
be4feea8872a
Improved language for static HTML page delete interface
Dan
parents:
1082
diff
changeset
|
554 |
require_once(ENANO_ROOT . '/includes/pageutils.php'); |
be4feea8872a
Improved language for static HTML page delete interface
Dan
parents:
1082
diff
changeset
|
555 |
if ( isset($_POST['_adiossucker']) ) |
1082 | 556 |
{ |
557 |
$reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false; |
|
558 |
if ( empty($reason) ) |
|
559 |
$error = $lang->get('ajax_delete_prompt_reason'); |
|
560 |
else |
|
0 | 561 |
{ |
562 |
$template->header(); |
|
1082 | 563 |
$result = PageUtils::deletepage($paths->page_id, $paths->namespace, $reason); |
220
d44492e34ab3
Failsafe page maintenance applets in index.php localized
Dan
parents:
213
diff
changeset
|
564 |
echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>'; |
0 | 565 |
$template->footer(); |
566 |
break; |
|
567 |
} |
|
1082 | 568 |
} |
569 |
$template->header(); |
|
570 |
?> |
|
571 |
<form action="<?php echo makeUrl($paths->page, 'do=deletepage'); ?>" method="post"> |
|
572 |
<?php echo $lang->get('page_delete_warning_stern'); ?> |
|
573 |
<?php if ( isset($error) ) echo "<p>$error</p>"; ?> |
|
574 |
<p><?php echo $lang->get('page_delete_lbl_reason'); ?> <input type="text" name="reason" size="50" /></p> |
|
1149
be4feea8872a
Improved language for static HTML page delete interface
Dan
parents:
1082
diff
changeset
|
575 |
<p><input type="submit" name="_adiossucker" value="<?php echo htmlspecialchars($lang->get('page_delete_btn_submit')); ?>" style="font-weight: bold;" /></p> |
1082 | 576 |
</form> |
577 |
<?php |
|
578 |
$template->footer(); |
|
579 |
break; |
|
580 |
case 'setwikimode': |
|
581 |
if(!$session->get_permissions('set_wiki_mode')) |
|
582 |
{ |
|
583 |
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>'); |
|
584 |
} |
|
585 |
if ( isset($_POST['finish']) ) |
|
586 |
{ |
|
587 |
$level = intval($_POST['level']); |
|
588 |
if ( !in_array($level, array(0, 1, 2) ) ) |
|
0 | 589 |
{ |
1082 | 590 |
die_friendly('Invalid request', '<p>Level not specified</p>'); |
0 | 591 |
} |
1082 | 592 |
$q = $db->sql_query('UPDATE '.table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $paths->namespace . '\';'); |
593 |
if ( !$q ) |
|
594 |
$db->_die(); |
|
595 |
redirect(makeUrl($paths->page), htmlspecialchars($paths->cpage['name']), $lang->get('page_wikimode_success_redirect'), 2); |
|
596 |
} |
|
597 |
else |
|
598 |
{ |
|
0 | 599 |
$template->header(); |
1082 | 600 |
if(!isset($_GET['level']) || ( isset($_GET['level']) && !preg_match('#^([0-9])$#', $_GET['level']))) die_friendly('Invalid request', '<p>Level not specified</p>'); |
601 |
$level = intval($_GET['level']); |
|
97
293148ad7a70
Fallback non-JS wiki mode switch is now implemented (doh!)
Dan
parents:
91
diff
changeset
|
602 |
if ( !in_array($level, array(0, 1, 2) ) ) |
293148ad7a70
Fallback non-JS wiki mode switch is now implemented (doh!)
Dan
parents:
91
diff
changeset
|
603 |
{ |
293148ad7a70
Fallback non-JS wiki mode switch is now implemented (doh!)
Dan
parents:
91
diff
changeset
|
604 |
die_friendly('Invalid request', '<p>Level not specified</p>'); |
293148ad7a70
Fallback non-JS wiki mode switch is now implemented (doh!)
Dan
parents:
91
diff
changeset
|
605 |
} |
1082 | 606 |
echo '<form action="' . makeUrl($paths->page, 'do=setwikimode', true) . '" method="post">'; |
607 |
echo '<input type="hidden" name="finish" value="foo" />'; |
|
608 |
echo '<input type="hidden" name="level" value="' . $level . '" />'; |
|
609 |
$level_txt = ( $level == 0 ) ? 'page_wikimode_level_off' : ( ( $level == 1 ) ? 'page_wikimode_level_on' : 'page_wikimode_level_global' ); |
|
610 |
$blurb = ( $level == 0 || ( $level == 2 && getConfig('wiki_mode') != '1' ) ) ? 'page_wikimode_blurb_disable' : 'page_wikimode_blurb_enable'; |
|
611 |
?> |
|
612 |
<h3><?php echo $lang->get('page_wikimode_heading'); ?></h3> |
|
613 |
<p><?php echo $lang->get($level_txt) . ' ' . $lang->get($blurb); ?></p> |
|
614 |
<p><?php echo $lang->get('page_wikimode_warning'); ?></p> |
|
615 |
<p><input type="submit" value="<?php echo htmlspecialchars($lang->get('page_wikimode_btn_submit')); ?>" /></p> |
|
616 |
<?php |
|
617 |
echo '</form>'; |
|
618 |
$template->footer(); |
|
619 |
} |
|
620 |
break; |
|
621 |
case 'diff': |
|
622 |
require_once(ENANO_ROOT.'/includes/pageutils.php'); |
|
623 |
require_once(ENANO_ROOT.'/includes/diff.php'); |
|
624 |
$template->header(); |
|
625 |
$id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false; |
|
626 |
$id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false; |
|
627 |
if ( !$id1 || !$id2 ) |
|
628 |
{ |
|
629 |
echo '<p>Invalid request.</p>'; |
|
630 |
$template->footer(); |
|
0 | 631 |
break; |
1082 | 632 |
} |
633 |
if ( !ctype_digit($_GET['diff1']) || !ctype_digit($_GET['diff1']) ) |
|
634 |
{ |
|
635 |
echo '<p>SQL injection attempt</p>'; |
|
0 | 636 |
$template->footer(); |
637 |
break; |
|
1082 | 638 |
} |
639 |
echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2); |
|
640 |
$template->footer(); |
|
641 |
break; |
|
642 |
case 'detag': |
|
643 |
if ( $session->user_level < USER_LEVEL_ADMIN ) |
|
644 |
{ |
|
645 |
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>'); |
|
646 |
} |
|
647 |
if ( $paths->page_exists ) |
|
648 |
{ |
|
649 |
die_friendly($lang->get('etc_invalid_request_short'), '<p>' . $lang->get('page_detag_err_page_exists') . '</p>'); |
|
650 |
} |
|
651 |
$q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $paths->namespace . '\';'); |
|
652 |
if ( !$q ) |
|
653 |
$db->_die('Detag query, index.php:'.__LINE__); |
|
654 |
die_friendly($lang->get('page_detag_success_title'), '<p>' . $lang->get('page_detag_success_body') . '</p>'); |
|
655 |
break; |
|
656 |
case 'aclmanager': |
|
657 |
if ( !$session->sid_super ) |
|
658 |
{ |
|
659 |
redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=aclmanager&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); |
|
660 |
} |
|
661 |
||
662 |
require_once(ENANO_ROOT.'/includes/pageutils.php'); |
|
663 |
$data = ( isset($_POST['data']) ) ? $_POST['data'] : Array('mode' => 'listgroups'); |
|
664 |
PageUtils::aclmanager($data); |
|
665 |
break; |
|
666 |
case 'sql_report': |
|
667 |
$rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 ); |
|
668 |
$page = new PageProcessor( $paths->page_id, $paths->namespace, $rev_id ); |
|
669 |
$page->send_headers = true; |
|
670 |
$pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : ''; |
|
671 |
$page->password = $pagepass; |
|
672 |
$page->send(true); |
|
673 |
ob_end_clean(); |
|
674 |
ob_start(); |
|
675 |
$db->sql_report(); |
|
676 |
break; |
|
677 |
} |
|
678 |
||
679 |
// Generate an ETag |
|
680 |
/* |
|
681 |
// format: first 10 digits of SHA1 of page name, user id in hex, user and auth levels, page timestamp in hex |
|
682 |
$etag = substr(sha1($paths->namespace . ':' . $paths->page_id), 0, 10) . '-' . |
|
683 |
"u{$session->user_id}l{$session->user_level}a{$session->auth_level}-" . |
|
684 |
dechex($page_timestamp); |
|
685 |
||
686 |
if ( isset($_SERVER['HTTP_IF_NONE_MATCH']) ) |
|
687 |
{ |
|
688 |
if ( "\"$etag\"" == $_SERVER['HTTP_IF_NONE_MATCH'] ) |
|
689 |
{ |
|
690 |
header('HTTP/1.1 304 Not Modified'); |
|
691 |
exit(); |
|
0 | 692 |
} |
1082 | 693 |
} |
867
fc4e242995d4
Moved gzip and aggressive_optimize_html calls to output.php
Dan
parents:
832
diff
changeset
|
694 |
|
1082 | 695 |
header("ETag: \"$etag\""); |
696 |
*/ |
|
697 |
||
698 |
$db->close(); |
|
699 |
gzip_output(); |
|
700 |
||
701 |
@ob_end_flush(); |
|
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
parents:
536
diff
changeset
|
702 |
|
0 | 703 |
?> |