Enano CMS (1.1.x): ajax.php@bc4b58034f4d (annotated)

321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	1	<?php
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	2
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	3	/*
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	4	* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
204 473cc747022a You know what folks, a lot of Mercurial merges failed, and I just now figured out why. So now all changes from stable are permanently synced in. Dan parents: 187 194 diff changeset	5	* Version 1.1.1
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	6	* Copyright (C) 2006-2007 Dan Fuhry
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	7	*
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	8	* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	9	* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	10	*
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	11	* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	12	* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	13	*/
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	14
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	15	define('ENANO_INTERFACE_AJAX', '');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	16
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	17	// fillusername should be done without the help of the rest of Enano - all we need is the DBAL
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	18	if ( isset($_GET['_mode']) && $_GET['_mode'] == 'fillusername' )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	19	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	20	// setup and load a very basic, specialized instance of the Enano API
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	21	function microtime_float()
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	22	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	23	list($usec, $sec) = explode(" ", microtime());
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	24	return ((float)$usec + (float)$sec);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	25	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	26	// Determine directory (special case for development servers)
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	27	if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	28	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	29	$filename = str_replace('/repo/', '/', __FILE__);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	30	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	31	else
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	32	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	33	$filename = __FILE__;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	34	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	35	define('ENANO_ROOT', dirname($filename));
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	36	require(ENANO_ROOT.'/includes/functions.php');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	37	require(ENANO_ROOT.'/includes/dbal.php');
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	38	require(ENANO_ROOT.'/includes/json2.php');
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	39
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	40	require(ENANO_ROOT . '/config.php');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	41	unset($dbuser, $dbpasswd);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	42	if ( !isset($dbdriver) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	43	$dbdriver = 'mysql';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	44
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	45	$db = new $dbdriver();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	46
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	47	$db->connect();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	48
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	49	// result is sent using JSON
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	50	$return = Array(
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	51	'mode' => 'success',
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	52	'users_real' => Array()
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	53	);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	54
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	55	// should be connected to the DB now
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	56	$name = (isset($_GET['name'])) ? $db->escape($_GET['name']) : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	57	if ( !$name )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	58	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	59	$return = array(
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	60	'mode' => 'error',
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	61	'error' => 'Invalid URI'
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	62	);
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 326 diff changeset	63	die( enano_json_encode($return) );
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	64	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	65	$allowanon = ( isset($_GET['allowanon']) && $_GET['allowanon'] == '1' ) ? '' : ' AND user_id > 1';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	66	$q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE ' . ENANO_SQLFUNC_LOWERCASE . '(username) LIKE ' . ENANO_SQLFUNC_LOWERCASE . '(\'%'.$name.'%\')' . $allowanon . ' ORDER BY username ASC;');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	67	if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	68	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	69	$db->die_json();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	70	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	71	$i = 0;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	72	while($r = $db->fetchrow())
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	73	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	74	$return['users_real'][] = $r['username'];
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	75	$i++;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	76	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	77	$db->free_result();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	78
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	79	// all done! :-)
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	80	$db->close();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	81
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 326 diff changeset	82	echo enano_json_encode( $return );
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	83
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	84	exit;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	85	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	86
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	87	require('includes/common.php');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	88
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	89	global $db, $session, $paths, $template, $plugins; // Common objects
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	90	if(!isset($_GET['_mode'])) die('This script cannot be accessed directly.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	91
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	92	$_ob = '';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	93
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	94	switch($_GET['_mode']) {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	95	case "checkusername":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	96	echo PageUtils::checkusername($_GET['name']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	97	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	98	case "getsource":
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	99	header('Content-type: text/plain');
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	100	$password = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
408 7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	101	$revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0;
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	102	$page = new PageProcessor($paths->page_id, $paths->namespace, $revid);
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	103	$page->password = $password;
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	104	$have_draft = false;
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	105	if ( $src = $page->fetch_source() )
16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	106	{
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	107	$allowed = true;
417 b76ebe229548 Edit summary should now be carried over when a draft is restored Dan parents: 416 diff changeset	108	$q = $db->sql_query('SELECT author, time_id, page_text, edit_summary FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	109	AND page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	110	AND namespace = \'' . $db->escape($paths->namespace) . '\'
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	111	AND is_draft = 1;');
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	112	if ( !$q )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	113	$db->die_json();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	114
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	115	if ( $db->numrows() > 0 )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	116	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	117	$have_draft = true;
419 b8b4e38825db Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links. Dan parents: 417 diff changeset	118	$draft_row = $db->fetchrow($q);
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	119	}
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	120	}
325 e17cc42d77cf Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses Dan parents: 324 diff changeset	121	else if ( $src !== false )
e17cc42d77cf Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses Dan parents: 324 diff changeset	122	{
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	123	$allowed = true;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	124	$src = '';
325 e17cc42d77cf Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses Dan parents: 324 diff changeset	125	}
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	126	else
16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	127	{
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	128	$allowed = false;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	129	$src = '';
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	130	}
336 bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	131
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	132	$auth_edit = ( $session->get_permissions('edit_page') && ( $session->get_permissions('even_when_protected') \|\| !$paths->page_protected ) );
387 92664d2efab8 Rebranded source code as 1.1.1; added TinyMCE ACL rule as per Vadi's request: http://forum.enanocms.org/viewtopic.php?f=7&t=54 Dan parents: 378 diff changeset	133	$auth_wysiwyg = ( $session->get_permissions('edit_wysiwyg') );
336 bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	134
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	135	$return = array(
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	136	'mode' => 'editor',
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	137	'src' => $src,
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	138	'auth_view_source' => $allowed,
336 bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	139	'auth_edit' => $auth_edit,
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	140	'time' => time(),
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	141	'require_captcha' => false,
408 7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	142	'allow_wysiwyg' => $auth_wysiwyg,
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	143	'revid' => $revid,
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	144	'have_draft' => false
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	145	);
336 bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	146
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	147	if ( $have_draft )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	148	{
419 b8b4e38825db Unsuccessful attempt at fixing "dismiss"/"close manager" buttons in ACL editor; non-breaking change to template API to allow plugins to add "normal" sidebar widgets in addition to the special "raw" block type, specified as the third parameter to $template->sidebar_widget(). Defaults to false, which is old behavior; new behavior (enabled by passing TRUE as the 3rd param) means that the content of the block is primarily block-level links. Dan parents: 417 diff changeset	149	$row =& $draft_row;
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	150	$return['have_draft'] = true;
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	151	$return['draft_author'] = $row['author'];
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	152	$return['draft_time'] = enano_date('d M Y h:i a', intval($row['time_id']));
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	153	if ( isset($_GET['get_draft']) && @$_GET['get_draft'] === '1' )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	154	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	155	$return['src'] = $row['page_text'];
417 b76ebe229548 Edit summary should now be carried over when a draft is restored Dan parents: 416 diff changeset	156	$return['edit_summary'] = $row['edit_summary'];
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	157	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	158	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	159
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	160	$return['undo_info'] = array();
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	161
408 7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	162	if ( $revid > 0 )
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	163	{
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	164	// Retrieve information about this revision and the current one
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	165	$q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	166	LEFT JOIN ' . table_prefix . 'logs AS l2
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	167	ON ( l2.log_id = ' . $revid . '
408 7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	168	AND l2.log_type = \'page\'
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	169	AND l2.action = \'edit\'
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	170	AND l2.page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	171	AND l2.namespace = \'' . $db->escape($paths->namespace) . '\'
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	172	AND l2.is_draft != 1
408 7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	173	)
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	174	WHERE l1.log_type = \'page\'
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	175	AND l1.action = \'edit\'
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	176	AND l1.page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	177	AND l1.namespace = \'' . $db->escape($paths->namespace) . '\'
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	178	AND l1.time_id > ' . $page->revision_time . '
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	179	AND l1.is_draft != 1
408 7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	180	ORDER BY l1.time_id DESC;');
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	181	if ( !$q )
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	182	$db->die_json();
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	183
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	184	if ( $db->numrows() > 0 )
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	185	{
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	186	$rev_count = $db->numrows() - 1;
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	187	if ( $rev_count == -1 )
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	188	{
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	189	$return = array(
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	190	'mode' => 'error',
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	191	'error' => '[Internal] No rows returned by revision info query. SQL:<pre>' . $db->latest_query . '</pre>'
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	192	);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	193	}
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	194	else
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	195	{
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	196	$row = $db->fetchrow();
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	197	$return['undo_info'] = array(
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	198	'old_author' => $row['oldrev_author'],
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	199	'current_author' => $row['currentrev_author'],
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	200	'undo_count' => $rev_count
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	201	);
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	202	}
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	203	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	204	else
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	205	{
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	206	$return['revid'] = $revid = 0;
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	207	}
408 7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	208	}
7ecbe721217c Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged. Dan parents: 387 diff changeset	209
336 bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	210	if ( $auth_edit && !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	211	{
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	212	$return['require_captcha'] = true;
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	213	$return['captcha_id'] = $session->make_captcha();
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	214	}
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	215
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	216	$template->load_theme();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	217	$return['toolbar_templates'] = $template->extract_vars('toolbar.tpl');
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	218
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	219	echo enano_json_encode($return);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	220	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	221	case "getpage":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	222	// echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	223	$revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	224	$page = new PageProcessor( $paths->page_id, $paths->namespace, $revision_id );
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	225
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	226	$pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : '';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	227	$page->password = $pagepass;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	228
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	229	$page->send();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	230	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	231	case "savepage":
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	232	/* ** OBSOLETE ** */
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	233	$summ = ( isset($_POST['summary']) ) ? $_POST['summary'] : '';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	234	$minor = isset($_POST['minor']);
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	235	$e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['text'], $summ, $minor);
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	236	if ( $e == 'good' )
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	237	{
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	238	$page = new PageProcessor($paths->page_id, $paths->namespace);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	239	$page->send();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	240	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	241	else
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	242	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	243	echo '<p>Error saving the page: '.$e.'</p>';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	244	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	245	break;
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	246	case "savepage_json":
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	247	header('Content-type: application/json');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	248	if ( !isset($_POST['r']) )
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	249	die('Invalid request [1]');
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	250
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	251	$request = enano_json_decode($_POST['r']);
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	252	if ( !isset($request['src']) \|\| !isset($request['summary']) \|\| !isset($request['minor_edit']) \|\| !isset($request['time']) \|\| !isset($request['draft']) )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	253	die('Invalid request [2]<pre>' . htmlspecialchars(print_r($request, true)) . '</pre>');
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	254
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	255	$time = intval($request['time']);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	256
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	257	if ( $request['draft'] )
336 bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	258	{
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	259	//
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	260	// The user wants to save a draft version of the page.
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	261	//
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	262
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	263	// Delete any draft copies if they exist
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	264	$q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	265	AND page_id = \'' . $db->escape($paths->page_id) . '\'
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	266	AND namespace = \'' . $db->escape($paths->namespace) . '\'
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	267	AND is_draft = 1;');
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	268	if ( !$q )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	269	$db->die_json();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	270
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	271	$src = RenderMan::preprocess_text($request['src'], false, false);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	272
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	273	// Save the draft
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	274	$q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs ( log_type, action, page_id, namespace, author, edit_summary, page_text, is_draft, time_id )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	275	VALUES (
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	276	\'page\',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	277	\'edit\',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	278	\'' . $db->escape($paths->page_id) . '\',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	279	\'' . $db->escape($paths->namespace) . '\',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	280	\'' . $db->escape($session->username) . '\',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	281	\'' . $db->escape($request['summary']) . '\',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	282	\'' . $db->escape($src) . '\',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	283	1,
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	284	' . time() . '
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	285	);');
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	286
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	287	// Done!
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	288	$return = array(
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	289	'mode' => 'success',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	290	'is_draft' => true
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	291	);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	292	}
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	293	else
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	294	{
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	295	// Verify that no edits have been made since the editor was requested
416 53fcdf309a82 [Minor] Fixed obsolete trigger upon attempt at page save after draft autosave Dan parents: 413 diff changeset	296	$q = $db->sql_query('SELECT time_id, author FROM ' . table_prefix . "logs WHERE log_type = 'page' AND action = 'edit' AND page_id = '{$paths->page_id}' AND namespace = '{$paths->namespace}' AND is_draft != 1 ORDER BY time_id DESC LIMIT 1;");
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	297	if ( !$q )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	298	$db->die_json();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	299
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	300	$row = $db->fetchrow();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	301	$db->free_result();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	302
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	303	if ( $row['time_id'] > $time )
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	304	{
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	305	$return = array(
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	306	'mode' => 'obsolete',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	307	'author' => $row['author'],
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	308	'date_string' => enano_date('d M Y h:i a', $row['time_id']),
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	309	'time' => $row['time_id'] // time() ???
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	310	);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	311	echo enano_json_encode($return);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	312	break;
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	313	}
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	314
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	315	// Verify captcha, if needed
336 bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	316	if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
bfa2e9c23f03 Added ability to require CAPTCHA for guests when editing pages (AJAX INTERFACE ONLY) Dan parents: 335 diff changeset	317	{
413 6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	318	if ( !isset($request['captcha_id']) \|\| !isset($request['captcha_code']) )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	319	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	320	die('Invalid request, need captcha metadata');
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	321	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	322	$code_correct = strtolower($session->get_captcha($request['captcha_id']));
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	323	$code_input = strtolower($request['captcha_code']);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	324	if ( $code_correct !== $code_input )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	325	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	326	$return = array(
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	327	'mode' => 'errors',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	328	'errors' => array($lang->get('editor_err_captcha_wrong')),
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	329	'new_captcha' => $session->make_captcha()
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	330	);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	331	echo enano_json_encode($return);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	332	break;
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	333	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	334	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	335
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	336	// Verification complete. Start the PageProcessor and let it do the dirty work for us.
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	337	$page = new PageProcessor($paths->page_id, $paths->namespace);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	338	if ( $page->update_page($request['src'], $request['summary'], ( $request['minor_edit'] == 1 )) )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	339	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	340	$return = array(
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	341	'mode' => 'success',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	342	'is_draft' => false
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	343	);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	344	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	345	else
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	346	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	347	$errors = array();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	348	while ( $err = $page->pop_error() )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	349	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	350	$errors[] = $err;
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	351	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	352	$return = array(
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	353	'mode' => 'errors',
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	354	'errors' => array_values($errors)
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	355	);
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	356	if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	357	{
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	358	$return['new_captcha'] = $session->make_captcha();
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	359	}
6607cd646d6d Added autosave functionality and resurrected the old toolbar code that was added about a year ago but never uesd. Dan parents: 408 diff changeset	360	}
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	361	}
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	362
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	363	// If this is based on a draft version, delete the draft - we no longer need it.
472 bc4b58034f4d Implemented password reset (albeit hackishly) into the new login API; added dummy window.console object to hopefully reduce errors when Firebug isn't around; fixed the longstanding ACL dismiss/close button bug; fixed a couple undefined variables in mailer; fixed PHP error on attempted opening of /dev/(u)random in rijndael.php; clarified documentation for PageProcessor::update_page(); fixed some logic problems in theme ACL code; disabled CAPTCHA debug Dan parents: 468 diff changeset	364	if ( @$request['used_draft'] && !$request['draft'] )
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	365	{
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	366	$q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	367	AND page_id = \'' . $db->escape($paths->page_id) . '\'
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	368	AND namespace = \'' . $db->escape($paths->namespace) . '\'
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	369	AND is_draft = 1;');
335 67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	370	}
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	371
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	372	echo enano_json_encode($return);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	373
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	374	break;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	375	case "diff_cur":
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	376
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	377	// Lie about our content type to fool ad scripts
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	378	header('Content-type: application/xhtml+xml');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	379
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	380	if ( !isset($_POST['text']) )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	381	die('Invalid request');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	382
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	383	$page = new PageProcessor($paths->page_id, $paths->namespace);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	384	if ( !($src = $page->fetch_source()) )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	385	{
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	386	die('Access denied');
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	387	}
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	388
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	389	$diff = RenderMan::diff($src, $_POST['text']);
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	390	if ( $diff == '<table class="diff"></table>' )
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	391	{
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	392	$diff = '<p>' . $lang->get('editor_msg_diff_empty') . '</p>';
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	393	}
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	394
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	395	echo '<div class="info-box">' . $lang->get('editor_msg_diff') . '</div>';
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	396	echo $diff;
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	397
67bd3121a12e Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up. Dan parents: 334 diff changeset	398	break;
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	399	case "protect":
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	400	// echo PageUtils::protect($paths->page_id, $paths->namespace, (int)$_POST['level'], $_POST['reason']);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	401	$page = new PageProcessor($paths->page_id, $paths->namespace);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	402	header('Content-type: application/json');
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	403
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	404	$result = $page->protect_page(intval($_POST['level']), $_POST['reason']);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	405	echo enano_json_encode($result);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	406	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	407	case "histlist":
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	408	echo PageUtils::histlist($paths->page_id, $paths->namespace);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	409	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	410	case "rollback":
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	411	$id = intval(@$_GET['id']);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	412	$page = new PageProcessor($paths->page_id, $paths->namespace);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	413	header('Content-type: application/json');
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	414
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	415	$result = $page->rollback_log_entry($id);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	416	echo enano_json_encode($result);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	417	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	418	case "comments":
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	419	$comments = new Comments($paths->page_id, $paths->namespace);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	420	if ( isset($_POST['data']) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	421	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	422	$comments->process_json($_POST['data']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	423	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	424	else
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	425	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	426	die('{ "mode" : "error", "error" : "No input" }');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	427	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	428	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	429	case "rename":
468 194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	430	$page = new PageProcessor($paths->page_id, $paths->namespace);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	431	header('Content-type: application/json');
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	432
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	433	$result = $page->rename_page($_POST['newtitle']);
194a19711346 Fixed the fact that cron just didn't work at all (brain fart that day or something) Dan parents: 419 diff changeset	434	echo enano_json_encode($result);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	435	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	436	case "flushlogs":
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	437	echo PageUtils::flushlogs($paths->page_id, $paths->namespace);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	438	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	439	case "deletepage":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	440	$reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	441	if ( empty($reason) )
378 c1c7fa6b329f Got Enano to load even if there are no plugins; added caching for decrypted session keys to significantly improve performance (in theory at least) Dan parents: 345 diff changeset	442	die($lang->get('page_err_need_reason'));
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	443	echo PageUtils::deletepage($paths->page_id, $paths->namespace, $reason);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	444	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	445	case "delvote":
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	446	echo PageUtils::delvote($paths->page_id, $paths->namespace);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	447	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	448	case "resetdelvotes":
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	449	echo PageUtils::resetdelvotes($paths->page_id, $paths->namespace);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	450	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	451	case "getstyles":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	452	echo PageUtils::getstyles($_GET['id']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	453	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	454	case "catedit":
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	455	echo PageUtils::catedit($paths->page_id, $paths->namespace);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	456	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	457	case "catsave":
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	458	echo PageUtils::catsave($paths->page_id, $paths->namespace, $_POST);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	459	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	460	case "setwikimode":
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	461	echo PageUtils::setwikimode($paths->page_id, $paths->namespace, (int)$_GET['mode']);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	462	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	463	case "setpass":
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	464	echo PageUtils::setpass($paths->page_id, $paths->namespace, $_POST['password']);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	465	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	466	case "fillusername":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	467	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	468	case "fillpagename":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	469	$name = (isset($_GET['name'])) ? $_GET['name'] : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	470	if(!$name) die('userlist = new Array(); namelist = new Array(); errorstring=\'Invalid URI\'');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	471	$nd = RenderMan::strToPageID($name);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	472	$c = 0;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	473	$u = Array();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	474	$n = Array();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	475
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	476	$name = sanitize_page_id($name);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	477	$name = str_replace('_', ' ', $name);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	478
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	479	for($i=0;$i<sizeof($paths->pages)/2;$i++)
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	480	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	481	if( (
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	482	preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['name']) \|\|
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	483	preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname']) \|\|
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	484	preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname_nons']) \|\|
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	485	preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['name']) \|\|
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	486	preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname']) \|\|
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	487	preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname_nons'])
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	488	) &&
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	489	( ( $nd[1] != 'Article' && $paths->pages[$i]['namespace'] == $nd[1] ) \|\| $nd[1] == 'Article' )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	490	&& $paths->pages[$i]['visible']
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	491	)
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	492	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	493	$c++;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	494	$u[] = $paths->pages[$i]['name'];
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	495	$n[] = $paths->pages[$i]['urlname'];
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	496	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	497	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	498	if($c > 0)
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	499	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	500	echo 'userlist = new Array(); namelist = new Array(); errorstring = false; '."\n";
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	501	for($i=0;$i<sizeof($u);$i++) // Can't use foreach because we need the value of $i and we need to use both $u and $n
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	502	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	503	echo "userlist[$i] = '".addslashes($n[$i])."';\n";
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	504	echo "namelist[$i] = '".addslashes(htmlspecialchars($u[$i]))."';\n";
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	505	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	506	} else {
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	507	die('userlist = new Array(); namelist = new Array(); errorstring=\'No page matches found.\'');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	508	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	509	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	510	case "preview":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	511	echo PageUtils::genPreview($_POST['text']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	512	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	513	case "pagediff":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	514	$id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	515	$id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	516	if(!$id1 \|\| !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	517	if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) \|\|
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	518	!preg_match('#^([0-9]+)$#', (string)$_GET['diff2'] )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	519	echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	520	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	521	case "jsres":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	522	die('// ERROR: this section is deprecated and has moved to includes/clientside/static/enano-lib-basic.js.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	523	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	524	case "rdns":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	525	if(!$session->get_permissions('mod_misc')) die('Go somewhere else for your reverse DNS info!');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	526	$ip = $_GET['ip'];
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	527	$rdns = gethostbyaddr($ip);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	528	if($rdns == $ip) echo 'Unable to get reverse DNS information. Perhaps the DNS server is down or the PTR record no longer exists.';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	529	else echo $rdns;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	530	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	531	case 'acljson':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	532	$parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	533	echo PageUtils::acl_json($parms);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	534	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	535	case "change_theme":
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	536	if ( !isset($_POST['theme_id']) \|\| !isset($_POST['style_id']) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	537	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	538	die('Invalid input');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	539	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	540	if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme_id']) \|\| !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style_id']) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	541	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	542	die('Invalid input');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	543	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	544	if ( !file_exists(ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css') )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	545	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	546	die('Can\'t find theme file: ' . ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	547	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	548	if ( !$session->user_logged_in )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	549	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	550	die('You must be logged in to change your theme');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	551	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	552	// Just in case something slipped through...
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	553	$theme_id = $db->escape($_POST['theme_id']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	554	$style_id = $db->escape($_POST['style_id']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	555	$e = $db->sql_query('UPDATE ' . table_prefix . "users SET theme='$theme_id', style='$style_id' WHERE user_id=$session->user_id;");
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	556	if ( !$e )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	557	die( $db->get_error() );
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	558	die('GOOD');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	559	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	560	case 'get_tags':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	561
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	562	$ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	563	$q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user_id FROM '.table_prefix.'tags AS t
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	564	LEFT JOIN '.table_prefix.'page_groups AS pg
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	565	ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	566	WHERE t.page_id=\'' . $db->escape($paths->page_id) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	567	if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	568	$db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	569
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	570	while ( $row = $db->fetchrow() )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	571	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	572	$can_del = true;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	573
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	574	$perm = ( $row['user_id'] != $session->user_id ) ?
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	575	'tag_delete_other' :
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	576	'tag_delete_own';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	577
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	578	if ( $row['user_id'] == 1 && !$session->user_logged_in )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	579	// anonymous user trying to delete tag (hardcode blacklisted)
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	580	$can_del = false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	581
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	582	if ( !$session->get_permissions($perm) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	583	$can_del = false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	584
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	585	if ( $row['used_in_acl'] == 1 && !$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	586	$can_del = false;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	587
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	588	$ret['tags'][] = array(
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	589	'id' => $row['tag_id'],
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	590	'name' => $row['tag_name'],
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	591	'can_del' => $can_del,
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	592	'acl' => ( $row['used_in_acl'] == 1 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	593	);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	594	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	595
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 326 diff changeset	596	echo enano_json_encode($ret);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	597
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	598	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	599	case 'addtag':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	600	$resp = array(
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	601	'success' => false,
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	602	'error' => 'No error',
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	603	'can_del' => ( $session->get_permissions('tag_delete_own') && $session->user_logged_in ),
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	604	'in_acl' => false
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	605	);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	606
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	607	// first of course, are we allowed to tag pages?
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	608	if ( !$session->get_permissions('tag_create') )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	609	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	610	$resp['error'] = 'You are not permitted to tag pages.';
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 326 diff changeset	611	die(enano_json_encode($resp));
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	612	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	613
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	614	// sanitize the tag name
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	615	$tag = sanitize_tag($_POST['tag']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	616	$tag = $db->escape($tag);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	617
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	618	if ( strlen($tag) < 2 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	619	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	620	$resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.';
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 326 diff changeset	621	die(enano_json_encode($resp));
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	622	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	623
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	624	// check if tag is already on page
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	625	$q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';');
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	626	if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	627	$db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	628	if ( $db->numrows() > 0 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	629	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	630	$resp['error'] = 'This page already has this tag.';
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 326 diff changeset	631	die(enano_json_encode($resp));
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	632	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	633	$db->free_result();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	634
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	635	// tricky: make sure this tag isn't being used in some page group, and thus adding it could affect page access
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	636	$can_edit_acl = ( $session->get_permissions('edit_acl') \|\| $session->user_level >= USER_LEVEL_ADMIN );
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	637	$q = $db->sql_query('SELECT 1 FROM '.table_prefix.'page_groups WHERE pg_type=' . PAGE_GRP_TAGGED . ' AND pg_target=\'' . $tag . '\';');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	638	if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	639	$db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	640	if ( $db->numrows() > 0 && !$can_edit_acl )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	641	{
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	642	$resp['error'] = 'This tag is used in an ACL page group, and thus can\'t be added to a page by people without administrator privileges.';
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 326 diff changeset	643	die(enano_json_encode($resp));
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	644	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	645	$resp['in_acl'] = ( $db->numrows() > 0 );
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	646	$db->free_result();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	647
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	648	// we're good
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	649	$q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user_id) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->page_id) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	650	if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	651	$db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	652
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	653	$resp['success'] = true;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	654	$resp['tag'] = $tag;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	655	$resp['tag_id'] = $db->insert_id();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	656
334 c72b545f1304 More localization work. Resolved major issue with JSON parser not parsing files over ~50KB. Switched JSON parser to the one from the Zend Framework (BSD licensed). Forced to split enano.json into five different files. Dan parents: 326 diff changeset	657	echo enano_json_encode($resp);
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	658	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	659	case 'deltag':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	660
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	661	$tag_id = intval($_POST['tag_id']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	662	if ( empty($tag_id) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	663	die('Invalid tag ID');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	664
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	665	$q = $db->sql_query('SELECT t.tag_id, t.user_id, t.page_id, t.namespace, pg.pg_target IS NOT NULL AS used_in_acl FROM '.table_prefix.'tags AS t
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	666	LEFT JOIN '.table_prefix.'page_groups AS pg
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	667	ON ( pg.pg_id IS NULL OR ( pg.pg_target = t.tag_name AND pg.pg_type = ' . PAGE_GRP_TAGGED . ' ) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	668	WHERE t.tag_id=' . $tag_id . ';');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	669
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	670	if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	671	$db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	672
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	673	if ( $db->numrows() < 1 )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	674	die('Could not find a tag with that ID');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	675
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	676	$row = $db->fetchrow();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	677	$db->free_result();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	678
324 16d0c9f33466 Merging in a few stray changes from the MySQL branch Dan parents: 322 321 diff changeset	679	if ( $row['page_id'] == $paths->page_id && $row['namespace'] == $paths->namespace )
321 c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	680	$perms =& $session;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	681	else
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	682	$perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	683
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	684	$perm = ( $row['user_id'] != $session->user_id ) ?
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	685	'tag_delete_other' :
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	686	'tag_delete_own';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	687
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	688	if ( $row['user_id'] == 1 && !$session->user_logged_in )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	689	// anonymous user trying to delete tag (hardcode blacklisted)
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	690	die('You are not authorized to delete this tag.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	691
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	692	if ( !$perms->get_permissions($perm) )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	693	die('You are not authorized to delete this tag.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	694
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	695	if ( $row['used_in_acl'] == 1 && !$perms->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	696	die('You are not authorized to delete this tag.');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	697
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	698	// We're good
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	699	$q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE tag_id = ' . $tag_id . ';');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	700	if ( !$q )
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	701	$db->_die();
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	702
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	703	echo 'success';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	704
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	705	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	706	case 'ping':
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	707	echo 'pong';
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	708	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	709	default:
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	710	die('Hacking attempt');
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	711	break;
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	712	}
c0d855cfaf0e Set Content-type on AJAX login key request to application/json to hopefully block ad injection Dan parents: 320 diff changeset	713
0 902822492a68 Initial population dan@scribus.fuhry.local.fuhry.local parents: diff changeset	714	?>

author	Dan
	Sun, 02 Mar 2008 19:32:19 -0500
changeset 472	bc4b58034f4d
parent 468	194a19711346
child 481	07bf15b066bc
permissions	-rw-r--r--