Enano CMS (1.1.x): ajax.php@9c0c519066ac (annotated)

321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	1	<?php
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	2
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	3	/*
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	4	* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
1081 745200a9cc2a Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7 Dan parents: 1068 diff changeset	5	* Copyright (C) 2006-2009 Dan Fuhry
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	6	*
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	7	* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	8	* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	9	*
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	10	* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	11	* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	12	*/
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	13
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	14	define('ENANO_INTERFACE_AJAX', '');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	15
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	16	require('includes/common.php');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	17
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	18	global $db, $session, $paths, $template, $plugins; // Common objects
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	19	if(!isset($_GET['_mode'])) die('This script cannot be accessed directly.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	20
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	21	$_ob = '';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	22
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	23	switch($_GET['_mode']) {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	24	case "checkusername":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	25	require_once(ENANO_ROOT.'/includes/pageutils.php');
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	26	echo PageUtils::checkusername($_GET['name']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	27	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	28	case "getsource":
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	29	header('Content-type: text/plain');
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	30	$password = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
408 7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	31	$revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0;
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	32	$page = new PageProcessor($paths->page_id, $paths->namespace, $revid);
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	33	$page->password = $password;
800 9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY]. Dan parents: 714 diff changeset	34
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	35	$have_draft = false;
1161 9c0c519066ac Drafts saved on nonexistent pages now show up. Fixes issue 7. Dan parents: 1108 diff changeset	36	// Kinda hacky fix for issue 7: draft restore not offered for nonexistent pages
9c0c519066ac Drafts saved on nonexistent pages now show up. Fixes issue 7. Dan parents: 1108 diff changeset	37	if ( $src = $page->fetch_source() \|\| !$page->exists() )
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	38	{
1161 9c0c519066ac Drafts saved on nonexistent pages now show up. Fixes issue 7. Dan parents: 1108 diff changeset	39	if ( !$page->exists() )
9c0c519066ac Drafts saved on nonexistent pages now show up. Fixes issue 7. Dan parents: 1108 diff changeset	40	$src = '';
9c0c519066ac Drafts saved on nonexistent pages now show up. Fixes issue 7. Dan parents: 1108 diff changeset	41
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	42	$allowed = true;
832 7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	43	$q = $db->sql_query('SELECT author, time_id, page_text, edit_summary, page_format FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	44	AND page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	45	AND namespace = \'' . $db->escape($paths->namespace) . '\'
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	46	AND is_draft = 1;');
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	47	if ( !$q )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	48	$db->die_json();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	49
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	50	if ( $db->numrows() > 0 )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	51	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	52	$have_draft = true;
419 b8b4e38825db Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links. Dan parents: 417 diff changeset	53	$draft_row = $db->fetchrow($q);
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	54	}
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	55	}
325 e17cc42d77cf Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses Dan parents: 324 diff changeset	56	else if ( $src !== false )
e17cc42d77cf Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses Dan parents: 324 diff changeset	57	{
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	58	$allowed = true;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	59	$src = '';
325 e17cc42d77cf Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses Dan parents: 324 diff changeset	60	}
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	61	else
16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	62	{
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	63	$allowed = false;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	64	$src = '';
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	65	}
336 bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	66
1102 faef5e62e1e0 Fixed a couple bugs with read-only mode and protected pages in the AJAX editor Dan parents: 1068 diff changeset	67	$auth_edit = ( $session->get_permissions('edit_page') && ( $session->get_permissions('even_when_protected') \|\| !$page->ns->page_protected ) );
387 92664d2efab8 Rebranded source code as 1.1.1; added TinyMCE ACL rule as per Vadi's request: http://forum.enanocms.org/viewtopic.php?f=7&t=54 Dan parents: 378 diff changeset	68	$auth_wysiwyg = ( $session->get_permissions('edit_wysiwyg') );
336 bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	69
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	70	$return = array(
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	71	'mode' => 'editor',
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	72	'src' => $src,
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	73	'auth_view_source' => $allowed,
336 bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	74	'auth_edit' => $auth_edit,
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	75	'time' => time(),
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	76	'require_captcha' => false,
408 7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	77	'allow_wysiwyg' => $auth_wysiwyg,
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	78	'revid' => $revid,
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	79	'have_draft' => false
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	80	);
336 bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	81
1108 c1be67a50d81 Removed the $userpage parameter from Namespace_Default::error_404(). It screwed up a couple plugins. (Thanks Mazza for discovering the issue) Dan parents: 1103 diff changeset	82	$return['page_format'] = $page->ns->cdata['page_format'];
832 7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	83	if ( $return['page_format'] == 'xhtml' )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	84	{
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	85	// gently process headings to make tinymce format them correctly
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	86	if ( preg_match_all('/^ ?(={1,6}) (.+?) \\1 $/m', $return['src'], $matches) )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	87	{
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	88	foreach ( $matches[0] as $i => $match )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	89	{
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	90	$hi = strlen($matches[1][$i]);
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	91	$heading = "<h{$hi}>{$matches[2][$i]}</h{$hi}>";
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	92	$return['src'] = str_replace_once($match, $heading, $return['src']);
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	93	}
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	94	}
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	95	}
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	96
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	97	if ( $have_draft )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	98	{
419 b8b4e38825db Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links. Dan parents: 417 diff changeset	99	$row =& $draft_row;
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	100	$return['have_draft'] = true;
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	101	$return['draft_author'] = $row['author'];
1081 745200a9cc2a Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7 Dan parents: 1068 diff changeset	102	$return['draft_time'] = enano_date(ED_DATE \| ED_TIME, intval($row['time_id']));
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	103	if ( isset($_GET['get_draft']) && @$_GET['get_draft'] === '1' )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	104	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	105	$return['src'] = $row['page_text'];
417 b76ebe229548 Edit summary should now be carried over when a draft is restored Dan parents: 416 diff changeset	106	$return['edit_summary'] = $row['edit_summary'];
832 7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	107	$return['page_format'] = $row['page_format'];
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	108	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	109	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	110
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	111	$return['undo_info'] = array();
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	112
408 7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	113	if ( $revid > 0 )
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	114	{
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	115	// Retrieve information about this revision and the current one
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	116	$q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	117	LEFT JOIN ' . table_prefix . 'logs AS l2
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	118	ON ( l2.log_id = ' . $revid . '
408 7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	119	AND l2.log_type = \'page\'
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	120	AND l2.action = \'edit\'
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	121	AND l2.page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	122	AND l2.namespace = \'' . $db->escape($paths->namespace) . '\'
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	123	AND l2.is_draft != 1
408 7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	124	)
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	125	WHERE l1.log_type = \'page\'
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	126	AND l1.action = \'edit\'
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	127	AND l1.page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	128	AND l1.namespace = \'' . $db->escape($paths->namespace) . '\'
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	129	AND l1.time_id > ' . $page->revision_time . '
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	130	AND l1.is_draft != 1
408 7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	131	ORDER BY l1.time_id DESC;');
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	132	if ( !$q )
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	133	$db->die_json();
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	134
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	135	if ( $db->numrows() > 0 )
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	136	{
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	137	$rev_count = $db->numrows() - 1;
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	138	if ( $rev_count == -1 )
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	139	{
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	140	$return = array(
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	141	'mode' => 'error',
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	142	'error' => '[Internal] No rows returned by revision info query. SQL:<pre>' . $db->latest_query . '</pre>'
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	143	);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	144	}
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	145	else
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	146	{
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	147	$row = $db->fetchrow();
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	148	$return['undo_info'] = array(
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	149	'old_author' => $row['oldrev_author'],
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	150	'current_author' => $row['currentrev_author'],
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	151	'undo_count' => $rev_count
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	152	);
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	153	}
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	154	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	155	else
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	156	{
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	157	$return['revid'] = $revid = 0;
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	158	}
408 7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	159	}
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	160
336 bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	161	if ( $auth_edit && !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	162	{
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	163	$return['require_captcha'] = true;
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	164	$return['captcha_id'] = $session->make_captcha();
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	165	}
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	166
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	167	$template->load_theme();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	168	$return['toolbar_templates'] = $template->extract_vars('toolbar.tpl');
1068 4bcefa85649c Editor: completely moved wiki edit notice to AJAX fetch, so it's not shipped with the page anymore. Dan parents: 1017 diff changeset	169	$return['edit_notice'] = $template->get_wiki_edit_notice();
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	170
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	171	echo enano_json_encode($return);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	172	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	173	case "getpage":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	174	// echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
800 9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY]. Dan parents: 714 diff changeset	175	$output = new Output_Striptease();
9cdfe82c56cd Major underlying changes to namespace handling. Each namespace is handled by its own class which extends Namespace_Default. Much greater customization/pluggability potential, at the possible expense of some code reusing (though code reusing has been avoided thus far). Also a bit better handling of page passwords [SECURITY]. Dan parents: 714 diff changeset	176
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	177	$revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	178	$page = new PageProcessor( $paths->page_id, $paths->namespace, $revision_id );
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	179
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	180	$pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : '';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	181	$page->password = $pagepass;
963 b572ce1114f1 Wikitext redirects should work again + get_redirect() added to Namespace_* to allow plugins to extend Dan parents: 880 diff changeset	182	$page->allow_redir = ( !isset($_GET['redirect']) \|\| (isset($_GET['redirect']) && $_GET['redirect'] !== 'no') );
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	183
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	184	$page->send();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	185	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	186	case "savepage":
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	187	/* ** OBSOLETE ** */
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	188
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	189	break;
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	190	case "savepage_json":
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	191	header('Content-type: application/json');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	192	if ( !isset($_POST['r']) )
550 685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	193	die('Invalid request');
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	194
880 218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now Dan parents: 870 diff changeset	195	try
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now Dan parents: 870 diff changeset	196	{
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now Dan parents: 870 diff changeset	197	$request = enano_json_decode($_POST['r']);
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now Dan parents: 870 diff changeset	198	if ( !isset($request['src']) \|\| !isset($request['summary']) \|\| !isset($request['minor_edit']) \|\| !isset($request['time']) \|\| !isset($request['draft']) )
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now Dan parents: 870 diff changeset	199	die('Invalid request');
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now Dan parents: 870 diff changeset	200	}
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now Dan parents: 870 diff changeset	201	catch(Zend_Json_Exception $e)
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now Dan parents: 870 diff changeset	202	{
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now Dan parents: 870 diff changeset	203	die("JSON parsing failed. View as HTML to see full report.\n<br /><br />\n<pre>" . htmlspecialchars(strval($e)) . "</pre><br />Request: <pre>" . htmlspecialchars($_POST['r']) . "</pre>");
218b6d4de908 JSON: Properly handles unicode escape sequences (\u####) now Dan parents: 870 diff changeset	204	}
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	205
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	206	$time = intval($request['time']);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	207
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	208	if ( $request['draft'] )
336 bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	209	{
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	210	//
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	211	// The user wants to save a draft version of the page.
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	212	//
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	213
550 685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	214	// Validate permissions
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	215	if ( !$session->get_permissions('edit_page') )
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	216	{
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	217	$return = array(
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	218	'mode' => 'error',
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	219	'error' => 'access_denied'
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	220	);
550 685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	221	}
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	222	else
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	223	{
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	224	// Delete any draft copies if they exist
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	225	$q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	226	AND page_id = \'' . $db->escape($paths->page_id) . '\'
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	227	AND namespace = \'' . $db->escape($paths->namespace) . '\'
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	228	AND is_draft = 1;');
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	229	if ( !$q )
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	230	$db->die_json();
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	231
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	232	// are we just supposed to delete the draft?
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	233	if ( $request['src'] === -1 )
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	234	{
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	235	$return = array(
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	236	'mode' => 'success',
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	237	'is_draft' => 'delete'
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	238	);
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	239	}
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	240	else
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	241	{
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	242	$src = RenderMan::preprocess_text($request['src'], false, false);
832 7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	243	$draft_format = $request['format'];
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	244	if ( !in_array($draft_format, array('xhtml', 'wikitext')) )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	245	{
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	246	$return = array(
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	247	'mode' => 'error',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	248	'error' => 'invalid_format'
550 685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	249	);
832 7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	250	}
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	251	else
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	252	{
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	253	// Save the draft
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	254	$q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs ( log_type, action, page_id, namespace, author, edit_summary, page_text, is_draft, time_id, page_format )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	255	VALUES (
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	256	\'page\',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	257	\'edit\',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	258	\'' . $db->escape($paths->page_id) . '\',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	259	\'' . $db->escape($paths->namespace) . '\',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	260	\'' . $db->escape($session->username) . '\',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	261	\'' . $db->escape($request['summary']) . '\',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	262	\'' . $db->escape($src) . '\',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	263	1,
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	264	' . time() . ',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	265	\'' . $draft_format . '\'
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	266	);');
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	267
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	268	// Done!
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	269	$return = array(
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	270	'mode' => 'success',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	271	'is_draft' => true
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	272	);
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	273	}
550 685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	274	}
685e839d934e Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained) Dan parents: 536 diff changeset	275	}
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	276	}
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	277	else
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	278	{
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	279	// Verify that no edits have been made since the editor was requested
416 53fcdf309a82 [Minor] Fixed obsolete trigger upon attempt at page save after draft autosave Dan parents: 413 diff changeset	280	$q = $db->sql_query('SELECT time_id, author FROM ' . table_prefix . "logs WHERE log_type = 'page' AND action = 'edit' AND page_id = '{$paths->page_id}' AND namespace = '{$paths->namespace}' AND is_draft != 1 ORDER BY time_id DESC LIMIT 1;");
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	281	if ( !$q )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	282	$db->die_json();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	283
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	284	$row = $db->fetchrow();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	285	$db->free_result();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	286
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	287	if ( $row['time_id'] > $time )
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	288	{
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	289	$return = array(
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	290	'mode' => 'obsolete',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	291	'author' => $row['author'],
1081 745200a9cc2a Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7 Dan parents: 1068 diff changeset	292	'date_string' => enano_date(ED_DATE \| ED_TIME, $row['time_id']),
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	293	'time' => $row['time_id'] // time() ???
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	294	);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	295	echo enano_json_encode($return);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	296	break;
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	297	}
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	298
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	299	// Verify captcha, if needed
555 ac4c6a7f01d8 Added user preference for disabling visual effects in Javascript applets; added re-import button to installed plugins Dan parents: 550 diff changeset	300	if ( false && !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
336 bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	301	{
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	302	if ( !isset($request['captcha_id']) \|\| !isset($request['captcha_code']) )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	303	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	304	die('Invalid request, need captcha metadata');
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	305	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	306	$code_correct = strtolower($session->get_captcha($request['captcha_id']));
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	307	$code_input = strtolower($request['captcha_code']);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	308	if ( $code_correct !== $code_input )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	309	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	310	$return = array(
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	311	'mode' => 'errors',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	312	'errors' => array($lang->get('editor_err_captcha_wrong')),
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	313	'new_captcha' => $session->make_captcha()
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	314	);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	315	echo enano_json_encode($return);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	316	break;
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	317	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	318	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	319
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	320	// Verification complete. Start the PageProcessor and let it do the dirty work for us.
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	321	$page = new PageProcessor($paths->page_id, $paths->namespace);
832 7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	322	if ( $page->update_page($request['src'], $request['summary'], ( $request['minor_edit'] == 1 ), $request['format']) )
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	323	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	324	$return = array(
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	325	'mode' => 'success',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	326	'is_draft' => false
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	327	);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	328	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	329	else
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	330	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	331	$errors = array();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	332	while ( $err = $page->pop_error() )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	333	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	334	$errors[] = $err;
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	335	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	336	$return = array(
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	337	'mode' => 'errors',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	338	'errors' => array_values($errors)
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	339	);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	340	if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	341	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	342	$return['new_captcha'] = $session->make_captcha();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	343	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	344	}
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	345	}
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	346
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	347	// If this is based on a draft version, delete the draft - we no longer need it.
472 bc4b58034f4d Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug Dan parents: 468 diff changeset	348	if ( @$request['used_draft'] && !$request['draft'] )
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	349	{
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	350	$q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	351	AND page_id = \'' . $db->escape($paths->page_id) . '\'
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	352	AND namespace = \'' . $db->escape($paths->namespace) . '\'
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	353	AND is_draft = 1;');
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	354	}
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	355
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	356	echo enano_json_encode($return);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	357
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	358	break;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	359	case "diff_cur":
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	360
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	361	// Lie about our content type to fool ad scripts
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	362	header('Content-type: application/xhtml+xml');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	363
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	364	if ( !isset($_POST['text']) )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	365	die('Invalid request');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	366
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	367	$page = new PageProcessor($paths->page_id, $paths->namespace);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	368	if ( !($src = $page->fetch_source()) )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	369	{
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	370	die('Access denied');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	371	}
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	372
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	373	$diff = RenderMan::diff($src, $_POST['text']);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	374	if ( $diff == '<table class="diff"></table>' )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	375	{
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	376	$diff = '<p>' . $lang->get('editor_msg_diff_empty') . '</p>';
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	377	}
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	378
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	379	echo '<div class="info-box">' . $lang->get('editor_msg_diff') . '</div>';
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	380	echo $diff;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	381
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	382	break;
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	383	case "protect":
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	384	// echo PageUtils::protect($paths->page_id, $paths->namespace, (int)$_POST['level'], $_POST['reason']);
481 07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface Dan parents: 472 diff changeset	385
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface Dan parents: 472 diff changeset	386	if ( @$_POST['reason'] === '__ROLLBACK__' )
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface Dan parents: 472 diff changeset	387	{
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface Dan parents: 472 diff changeset	388	// __ROLLBACK__ is a keyword for log entries.
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface Dan parents: 472 diff changeset	389	die('"__ROLLBACK__" ain\'t gonna do it, buddy. Try to _not_ use reserved keywords next time, ok?');
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface Dan parents: 472 diff changeset	390	}
07bf15b066bc Hopefully completed rewrite and localization of rollback backend and interface Dan parents: 472 diff changeset	391
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	392	$page = new PageProcessor($paths->page_id, $paths->namespace);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	393	header('Content-type: application/json');
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	394
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	395	$result = $page->protect_page(intval($_POST['level']), $_POST['reason']);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	396	echo enano_json_encode($result);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	397	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	398	case "histlist":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	399	require_once(ENANO_ROOT.'/includes/pageutils.php');
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	400	echo PageUtils::histlist($paths->page_id, $paths->namespace);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	401	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	402	case "rollback":
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	403	$id = intval(@$_GET['id']);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	404	$page = new PageProcessor($paths->page_id, $paths->namespace);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	405	header('Content-type: application/json');
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	406
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	407	$result = $page->rollback_log_entry($id);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	408	echo enano_json_encode($result);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	409	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	410	case "comments":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	411	require_once(ENANO_ROOT.'/includes/comment.php');
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	412	$comments = new Comments($paths->page_id, $paths->namespace);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	413	if ( isset($_POST['data']) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	414	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	415	$comments->process_json($_POST['data']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	416	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	417	else
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	418	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	419	die('{ "mode" : "error", "error" : "No input" }');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	420	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	421	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	422	case "rename":
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	423	$page = new PageProcessor($paths->page_id, $paths->namespace);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	424	header('Content-type: application/json');
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	425
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	426	$result = $page->rename_page($_POST['newtitle']);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	427	echo enano_json_encode($result);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	428	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	429	case "flushlogs":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	430	require_once(ENANO_ROOT.'/includes/pageutils.php');
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	431	echo PageUtils::flushlogs($paths->page_id, $paths->namespace);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	432	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	433	case "deletepage":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	434	require_once(ENANO_ROOT.'/includes/pageutils.php');
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	435	$reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	436	if ( empty($reason) )
378 c1c7fa6b329f Got Enano to load even if there are no plugins; added caching for decrypted session keys to significantly improve performance (in theory at least) Dan parents: 345 diff changeset	437	die($lang->get('page_err_need_reason'));
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	438	echo PageUtils::deletepage($paths->page_id, $paths->namespace, $reason);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	439	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	440	case "delvote":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	441	require_once(ENANO_ROOT.'/includes/pageutils.php');
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	442	echo PageUtils::delvote($paths->page_id, $paths->namespace);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	443	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	444	case "resetdelvotes":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	445	require_once(ENANO_ROOT.'/includes/pageutils.php');
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	446	echo PageUtils::resetdelvotes($paths->page_id, $paths->namespace);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	447	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	448	case "getstyles":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	449	require_once(ENANO_ROOT.'/includes/pageutils.php');
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	450	echo PageUtils::getstyles($_GET['id']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	451	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	452	case "catedit":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	453	require_once(ENANO_ROOT.'/includes/pageutils.php');
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	454	echo PageUtils::catedit($paths->page_id, $paths->namespace);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	455	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	456	case "catsave":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	457	require_once(ENANO_ROOT.'/includes/pageutils.php');
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	458	echo PageUtils::catsave($paths->page_id, $paths->namespace, $_POST);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	459	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	460	case "setwikimode":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	461	require_once(ENANO_ROOT.'/includes/pageutils.php');
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	462	echo PageUtils::setwikimode($paths->page_id, $paths->namespace, (int)$_GET['mode']);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	463	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	464	case "setpass":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	465	require_once(ENANO_ROOT.'/includes/pageutils.php');
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	466	echo PageUtils::setpass($paths->page_id, $paths->namespace, $_POST['password']);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	467	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	468	case "fillusername":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	469	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	470	case "fillpagename":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	471	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	472	case "preview":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	473	require_once(ENANO_ROOT.'/includes/pageutils.php');
714 2f1706c4231f Fixed nonworking editor preview due to uninitialized template Dan parents: 685 diff changeset	474	$template->init_vars();
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	475	echo PageUtils::genPreview($_POST['text']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	476	break;
832 7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	477	case "transform":
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	478	header('Content-type: text/javascript');
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	479	if ( !isset($_GET['to']) )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	480	{
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	481	echo enano_json_encode(array(
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	482	'mode' => 'error',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	483	'error' => '"to" not specified'
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	484	));
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	485	break;
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	486	}
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	487	if ( !isset($_POST['text']) )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	488	{
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	489	echo enano_json_encode(array(
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	490	'mode' => 'error',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	491	'error' => '"text" not specified (must be on POST)'
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	492	));
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	493	break;
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	494	}
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	495	switch($_GET['to'])
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	496	{
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	497	case 'xhtml':
1108 c1be67a50d81 Removed the $userpage parameter from Namespace_Default::error_404(). It screwed up a couple plugins. (Thanks Mazza for discovering the issue) Dan parents: 1103 diff changeset	498	$result = RenderMan::render($_POST['text'], RENDER_BLOCK \| RENDER_NOSMILIES, false);
832 7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	499	break;
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	500	case 'wikitext':
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	501	$result = RenderMan::reverse_render($_POST['text']);
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	502	break;
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	503	default:
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	504	$text =& $_POST['text'];
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	505	$result = false;
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	506	$code = $plugins->setHook('ajax_transform');
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	507	foreach ( $code as $cmd )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	508	{
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	509	eval($cmd);
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	510	}
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	511	if ( !$result )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	512	{
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	513	echo enano_json_encode(array(
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	514	'mode' => 'error',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	515	'error' => 'Invalid target format'
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	516	));
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	517	break;
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	518	}
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	519	break;
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	520	}
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	521
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	522	// mostly for debugging, but I suppose this could be useful elsewhere.
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	523	if ( isset($_POST['plaintext']) )
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	524	die($result);
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	525
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	526	echo enano_json_encode(array(
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	527	'mode' => 'transformed_text',
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	528	'text' => $result
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	529	));
7152ca0a0ce9 Major redesign of rendering pipeline that separates pages saved with MCE from pages saved with the plaintext editor (full description in long commit message) Dan parents: 801 diff changeset	530	break;
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	531	case "pagediff":
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	532	require_once(ENANO_ROOT.'/includes/pageutils.php');
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	533	$id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	534	$id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	535	if(!$id1 \|\| !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	536	if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) \|\|
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	537	!preg_match('#^([0-9]+)$#', (string)$_GET['diff2'] )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	538	echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	539	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	540	case "jsres":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	541	die('// ERROR: this section is deprecated and has moved to includes/clientside/static/enano-lib-basic.js.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	542	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	543	case "rdns":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	544	if(!$session->get_permissions('mod_misc')) die('Go somewhere else for your reverse DNS info!');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	545	$ip = $_GET['ip'];
1005 b7c7f7e2e93b AJAX rdns call now calls is_valid_ip() (security?) Dan parents: 968 diff changeset	546	if ( !is_valid_ip($ip) )
b7c7f7e2e93b AJAX rdns call now calls is_valid_ip() (security?) Dan parents: 968 diff changeset	547	{
b7c7f7e2e93b AJAX rdns call now calls is_valid_ip() (security?) Dan parents: 968 diff changeset	548	echo $lang->get('acpsl_err_invalid_ip');
b7c7f7e2e93b AJAX rdns call now calls is_valid_ip() (security?) Dan parents: 968 diff changeset	549	}
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	550	$rdns = gethostbyaddr($ip);
1005 b7c7f7e2e93b AJAX rdns call now calls is_valid_ip() (security?) Dan parents: 968 diff changeset	551	if ( $rdns == $ip )
b7c7f7e2e93b AJAX rdns call now calls is_valid_ip() (security?) Dan parents: 968 diff changeset	552	echo $lang->get('acpsl_err_ptr_no_resolve');
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	553	else echo $rdns;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	554	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	555	case 'acljson':
592 27377179fe58 Another sweep from the optimization monster. Dan parents: 555 diff changeset	556	require_once(ENANO_ROOT.'/includes/pageutils.php');
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	557	$parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	558	echo PageUtils::acl_json($parms);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	559	break;
870 82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	560	case 'theme_list':
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	561	header('Content-type: application/json');
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	562
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	563	$return = array();
968 105a24b4de8f ajax: theme selector: no longer lists disallowed themes Dan parents: 963 diff changeset	564	foreach ( $template->theme_list as $theme )
870 82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	565	{
1017 d0d3da40c391 Theme selector: fixed disabled themes being displayed Dan parents: 1005 diff changeset	566	if ( $theme['enabled'] != 1 )
d0d3da40c391 Theme selector: fixed disabled themes being displayed Dan parents: 1005 diff changeset	567	continue;
d0d3da40c391 Theme selector: fixed disabled themes being displayed Dan parents: 1005 diff changeset	568
968 105a24b4de8f ajax: theme selector: no longer lists disallowed themes Dan parents: 963 diff changeset	569	$return[] = array(
105a24b4de8f ajax: theme selector: no longer lists disallowed themes Dan parents: 963 diff changeset	570	'theme_name' => $theme['theme_name'],
105a24b4de8f ajax: theme selector: no longer lists disallowed themes Dan parents: 963 diff changeset	571	'theme_id' => $theme['theme_id'],
105a24b4de8f ajax: theme selector: no longer lists disallowed themes Dan parents: 963 diff changeset	572	'have_thumb' => file_exists(ENANO_ROOT . "/themes/{$theme['theme_id']}/preview.png")
105a24b4de8f ajax: theme selector: no longer lists disallowed themes Dan parents: 963 diff changeset	573	);
870 82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	574	}
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	575
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	576	echo enano_json_encode($return);
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	577
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	578	break;
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	579	case "get_styles":
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	580	if ( !preg_match('/^[a-z0-9_-]+$/', $_GET['theme_id']) )
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	581	die(enano_json_encode(array()));
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	582
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	583	$theme_id = $_GET['theme_id'];
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	584	$return = array();
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	585
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	586	if ( $dr = @opendir(ENANO_ROOT . "/themes/$theme_id/css/") )
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	587	{
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	588	while ( $dh = @readdir($dr) )
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	589	{
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	590	if ( preg_match('/\.css$/', $dh) && $dh != '_printable.css' )
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	591	{
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	592	$return[] = preg_replace('/\.css$/', '', $dh);
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	593	}
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	594	}
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	595	}
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	596	else
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	597	{
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	598	$return = array(
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	599	'mode' => 'error',
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	600	'error' => 'Could not open directory.'
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	601	);
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	602	}
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	603	echo enano_json_encode($return);
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	604	break;
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	605	case "change_theme":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	606	if ( !isset($_POST['theme_id']) \|\| !isset($_POST['style_id']) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	607	{
870 82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	608	die(enano_json_encode(array('mode' => 'error', 'error' => 'Invalid parameter')));
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	609	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	610	if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme_id']) \|\| !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style_id']) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	611	{
870 82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	612	die(enano_json_encode(array('mode' => 'error', 'error' => 'Invalid parameter')));
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	613	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	614	if ( !file_exists(ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css') )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	615	{
870 82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	616	die(enano_json_encode(array('mode' => 'error', 'error' => 'Can\'t find theme file: ' . ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css')));;
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	617	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	618	if ( !$session->user_logged_in )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	619	{
870 82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	620	die(enano_json_encode(array('mode' => 'error', 'error' => 'You must be logged in to change your theme')));
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	621	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	622	// Just in case something slipped through...
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	623	$theme_id = $db->escape($_POST['theme_id']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	624	$style_id = $db->escape($_POST['style_id']);
870 82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	625	$e = $db->sql_query('UPDATE ' . table_prefix . "users SET theme = '$theme_id', style = '$style_id' WHERE user_id = $session->user_id;");
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	626	if ( !$e )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	627	die( $db->get_error() );
870 82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	628
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	629	echo enano_json_encode(array(
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	630	'success' => true
82bbfe3dc8a0 Swapped in a new theme selector. Dan parents: 832 diff changeset	631	));
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	632	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	633	case 'get_tags':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	634
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	635	$ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	636	$q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user_id FROM '.table_prefix.'tags AS t
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	637	LEFT JOIN '.table_prefix.'page_groups AS pg
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	638	ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	639	WHERE t.page_id=\'' . $db->escape($paths->page_id) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	640	if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	641	$db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	642
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	643	while ( $row = $db->fetchrow() )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	644	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	645	$can_del = true;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	646
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	647	$perm = ( $row['user_id'] != $session->user_id ) ?
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	648	'tag_delete_other' :
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	649	'tag_delete_own';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	650
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	651	if ( $row['user_id'] == 1 && !$session->user_logged_in )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	652	// anonymous user trying to delete tag (hardcode blacklisted)
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	653	$can_del = false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	654
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	655	if ( !$session->get_permissions($perm) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	656	$can_del = false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	657
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	658	if ( $row['used_in_acl'] == 1 && !$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	659	$can_del = false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	660
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	661	$ret['tags'][] = array(
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	662	'id' => $row['tag_id'],
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	663	'name' => $row['tag_name'],
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	664	'can_del' => $can_del,
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	665	'acl' => ( $row['used_in_acl'] == 1 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	666	);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	667	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	668
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 326 diff changeset	669	echo enano_json_encode($ret);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	670
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	671	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	672	case 'addtag':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	673	$resp = array(
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	674	'success' => false,
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	675	'error' => 'No error',
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	676	'can_del' => ( $session->get_permissions('tag_delete_own') && $session->user_logged_in ),
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	677	'in_acl' => false
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	678	);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	679
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	680	// first of course, are we allowed to tag pages?
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	681	if ( !$session->get_permissions('tag_create') )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	682	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	683	$resp['error'] = 'You are not permitted to tag pages.';
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 326 diff changeset	684	die(enano_json_encode($resp));
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	685	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	686
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	687	// sanitize the tag name
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	688	$tag = sanitize_tag($_POST['tag']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	689	$tag = $db->escape($tag);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	690
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	691	if ( strlen($tag) < 2 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	692	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	693	$resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.';
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 326 diff changeset	694	die(enano_json_encode($resp));
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	695	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	696
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	697	// check if tag is already on page
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	698	$q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';');
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	699	if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	700	$db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	701	if ( $db->numrows() > 0 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	702	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	703	$resp['error'] = 'This page already has this tag.';
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 326 diff changeset	704	die(enano_json_encode($resp));
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	705	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	706	$db->free_result();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	707
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	708	// tricky: make sure this tag isn't being used in some page group, and thus adding it could affect page access
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	709	$can_edit_acl = ( $session->get_permissions('edit_acl') \|\| $session->user_level >= USER_LEVEL_ADMIN );
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	710	$q = $db->sql_query('SELECT 1 FROM '.table_prefix.'page_groups WHERE pg_type=' . PAGE_GRP_TAGGED . ' AND pg_target=\'' . $tag . '\';');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	711	if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	712	$db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	713	if ( $db->numrows() > 0 && !$can_edit_acl )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	714	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	715	$resp['error'] = 'This tag is used in an ACL page group, and thus can\'t be added to a page by people without administrator privileges.';
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 326 diff changeset	716	die(enano_json_encode($resp));
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	717	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	718	$resp['in_acl'] = ( $db->numrows() > 0 );
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	719	$db->free_result();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	720
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	721	// we're good
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	722	$q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user_id) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->page_id) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	723	if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	724	$db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	725
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	726	$resp['success'] = true;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	727	$resp['tag'] = $tag;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	728	$resp['tag_id'] = $db->insert_id();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	729
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 326 diff changeset	730	echo enano_json_encode($resp);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	731	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	732	case 'deltag':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	733
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	734	$tag_id = intval($_POST['tag_id']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	735	if ( empty($tag_id) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	736	die('Invalid tag ID');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	737
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	738	$q = $db->sql_query('SELECT t.tag_id, t.user_id, t.page_id, t.namespace, pg.pg_target IS NOT NULL AS used_in_acl FROM '.table_prefix.'tags AS t
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	739	LEFT JOIN '.table_prefix.'page_groups AS pg
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	740	ON ( pg.pg_id IS NULL OR ( pg.pg_target = t.tag_name AND pg.pg_type = ' . PAGE_GRP_TAGGED . ' ) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	741	WHERE t.tag_id=' . $tag_id . ';');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	742
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	743	if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	744	$db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	745
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	746	if ( $db->numrows() < 1 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	747	die('Could not find a tag with that ID');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	748
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	749	$row = $db->fetchrow();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	750	$db->free_result();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	751
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	752	if ( $row['page_id'] == $paths->page_id && $row['namespace'] == $paths->namespace )
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	753	$perms =& $session;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	754	else
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	755	$perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	756
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	757	$perm = ( $row['user_id'] != $session->user_id ) ?
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	758	'tag_delete_other' :
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	759	'tag_delete_own';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	760
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	761	if ( $row['user_id'] == 1 && !$session->user_logged_in )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	762	// anonymous user trying to delete tag (hardcode blacklisted)
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	763	die('You are not authorized to delete this tag.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	764
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	765	if ( !$perms->get_permissions($perm) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	766	die('You are not authorized to delete this tag.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	767
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	768	if ( $row['used_in_acl'] == 1 && !$perms->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	769	die('You are not authorized to delete this tag.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	770
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	771	// We're good
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	772	$q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE tag_id = ' . $tag_id . ';');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	773	if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	774	$db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	775
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	776	echo 'success';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	777
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	778	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	779	case 'ping':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	780	echo 'pong';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	781	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	782	default:
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	783	die('Hacking attempt');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	784	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	785	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	786
0 902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	787	?>

author	Dan
	Sat, 12 Dec 2009 16:23:47 -0500
changeset 1161	9c0c519066ac
parent 1108	c1be67a50d81
child 1162	daa091452877
permissions	-rw-r--r--