Mercurial Mercurial > repos > enano-1.1 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
plugins/SpecialPageFuncs.php
changeset 112 008b1c42be72
parent 91 8079b0288e8e
child 116 77c75179bb95
equal deleted inserted replaced
111:b348ace50bc7 112:008b1c42be72 
   125     if(!in_array($_POST['namespace'], $k))
 
   125     if(!in_array($_POST['namespace'], $k))
 
   126     {
 
   126     {
 
   127       $db->_die('An SQL injection attempt was caught at '.dirname(__FILE__).':'.__LINE__.'.');
 
   127       $db->_die('An SQL injection attempt was caught at '.dirname(__FILE__).':'.__LINE__.'.');
 
   128     }
 
   128     }
 
   129     
   129     
       
   130     $ips = array(
 
       
   131       'ip' => array(),
 
       
   132       'u' => array()
 
       
   133       );
 
       
   134     $ips = $db->escape(serialize($ips));
 
       
   135     
   130     $urlname = sanitize_page_id($urlname);
 
   136     $urlname = sanitize_page_id($urlname);
 
   131     $urlname = $db->escape($urlname);
 
   137     $urlname = $db->escape($urlname);
 
   132     
   138     
   133     $perms = $session->fetch_page_acl($urlname, $namespace);
 
   139     $perms = $session->fetch_page_acl($urlname, $namespace);
 
   134     if ( !$perms->get_permissions('create_page') )
 
   140     if ( !$perms->get_permissions('create_page') )
 
   138     if ( !$q )
 
   144     if ( !$q )
 
   139     {
 
   145     {
 
   140       $db->_die('The page log could not be updated.');
 
   146       $db->_die('The page log could not be updated.');
 
   141     }
 
   147     }
 
   142     
   148     
   143     $q = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace) VALUES(\''.$name.'\', \''.$urlname.'\', \''.$_POST['namespace'].'\');');
 
   149     $q = $db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,delvote_ips) VALUES(\''.$name.'\', \''.$urlname.'\', \''.$_POST['namespace'].'\',\'' . $ips . '\');');
 
   144     if ( !$q )
 
   150     if ( !$q )
 
   145     {
 
   151     {
 
   146       $db->_die('The page entry could not be inserted.');
 
   152       $db->_die('The page entry could not be inserted.');
 
   147     }
 
   153     }
 
   148     $q = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace,page_text) VALUES(\''.$urlname.'\', \''.$_POST['namespace'].'\', \''.$db->escape('Please edit this page! <nowiki><script type="text/javascript">ajaxEditor();</script></nowiki>').'\');');
 
   154     $q = $db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace,page_text) VALUES(\''.$urlname.'\', \''.$_POST['namespace'].'\', \''.$db->escape('Please edit this page! <nowiki><script type="text/javascript">ajaxEditor();</script></nowiki>').'\');');
Enano CMS (1.1.x)