Mercurial Mercurial > repos > enano-1.1 / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
ajax.php
changeset 322 5f1cd51bf1be
parent 320 112debff64bd
child 324 16d0c9f33466
equal deleted inserted replaced
320:112debff64bd 322:5f1cd51bf1be 
    95   switch($_GET['_mode']) {
 
    95   switch($_GET['_mode']) {
 
    96     case "checkusername":
 
    96     case "checkusername":
 
    97       echo PageUtils::checkusername($_GET['name']);
 
    97       echo PageUtils::checkusername($_GET['name']);
 
    98       break;
 
    98       break;
 
    99     case "getsource":
 
    99     case "getsource":
 
   100       $p = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
 
   100       $password = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
 
   101       echo PageUtils::getsource($paths->page, $p);
 
   101       $page = new PageProcessor($paths->page_id, $paths->namespace);
 
       
   102       $page->password = $password;
 
       
   103       if ( $src = $page->fetch_source() )
 
       
   104       {
 
       
   105         echo $src;
 
       
   106       }
 
       
   107       else
 
       
   108       {
 
       
   109         echo 'err_access_denied';
 
       
   110       }
 
   102       break;
 
   111       break;
 
   103     case "getpage":
 
   112     case "getpage":
 
   104       // echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
 
   113       // echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
 
   105       $revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
 
   114       $revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
 
   106       $page = new PageProcessor( $paths->cpage['urlname_nons'], $paths->namespace, $revision_id );
 
   115       $page = new PageProcessor( $paths->page_id, $paths->namespace, $revision_id );
 
   107       
   116       
   108       $pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : '';
 
   117       $pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : '';
 
   109       $page->password = $pagepass;
 
   118       $page->password = $pagepass;
 
   110             
   119             
   111       $page->send();
 
   120       $page->send();
 
   112       break;
 
   121       break;
 
   113     case "savepage":
 
   122     case "savepage":
 
   114       $summ = ( isset($_POST['summary']) ) ? $_POST['summary'] : '';
 
   123       $summ = ( isset($_POST['summary']) ) ? $_POST['summary'] : '';
 
   115       $minor = isset($_POST['minor']);
 
   124       $minor = isset($_POST['minor']);
 
   116       $e = PageUtils::savepage($paths->cpage['urlname_nons'], $paths->namespace, $_POST['text'], $summ, $minor);
 
   125       $e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['text'], $summ, $minor);
 
   117       if($e=='good')
 
   126       if($e=='good')
 
   118       {
 
   127       {
 
   119         $page = new PageProcessor($paths->cpage['urlname_nons'], $paths->namespace);
 
   128         $page = new PageProcessor($paths->page_id, $paths->namespace);
 
   120         $page->send();
 
   129         $page->send();
 
   121       }
 
   130       }
 
   122       else
 
   131       else
 
   123       {
 
   132       {
 
   124         echo '<p>Error saving the page: '.$e.'</p>';
 
   133         echo '<p>Error saving the page: '.$e.'</p>';
 
   125       }
 
   134       }
 
   126       break;
 
   135       break;
 
   127     case "protect":
 
   136     case "protect":
 
   128       echo PageUtils::protect($paths->cpage['urlname_nons'], $paths->namespace, (int)$_POST['level'], $_POST['reason']);
 
   137       echo PageUtils::protect($paths->page_id, $paths->namespace, (int)$_POST['level'], $_POST['reason']);
 
   129       break;
 
   138       break;
 
   130     case "histlist":
 
   139     case "histlist":
 
   131       echo PageUtils::histlist($paths->cpage['urlname_nons'], $paths->namespace);
 
   140       echo PageUtils::histlist($paths->page_id, $paths->namespace);
 
   132       break;
 
   141       break;
 
   133     case "rollback":
 
   142     case "rollback":
 
   134       echo PageUtils::rollback( (int)$_GET['id'] );
 
   143       echo PageUtils::rollback( (int)$_GET['id'] );
 
   135       break;
 
   144       break;
 
   136     case "comments":
 
   145     case "comments":
 
   137       $comments = new Comments($paths->cpage['urlname_nons'], $paths->namespace);
 
   146       $comments = new Comments($paths->page_id, $paths->namespace);
 
   138       if ( isset($_POST['data']) )
 
   147       if ( isset($_POST['data']) )
 
   139       {
 
   148       {
 
   140         $comments->process_json($_POST['data']);
 
   149         $comments->process_json($_POST['data']);
 
   141       }
 
   150       }
 
   142       else
 
   151       else
 
   143       {
 
   152       {
 
   144         die('{ "mode" : "error", "error" : "No input" }');
 
   153         die('{ "mode" : "error", "error" : "No input" }');
 
   145       }
 
   154       }
 
   146       break;
 
   155       break;
 
   147     case "rename":
 
   156     case "rename":
 
   148       echo PageUtils::rename($paths->cpage['urlname_nons'], $paths->namespace, $_POST['newtitle']);
 
   157       echo PageUtils::rename($paths->page_id, $paths->namespace, $_POST['newtitle']);
 
   149       break;
 
   158       break;
 
   150     case "flushlogs":
 
   159     case "flushlogs":
 
   151       echo PageUtils::flushlogs($paths->cpage['urlname_nons'], $paths->namespace);
 
   160       echo PageUtils::flushlogs($paths->page_id, $paths->namespace);
 
   152       break;
 
   161       break;
 
   153     case "deletepage":
 
   162     case "deletepage":
 
   154       $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
 
   163       $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
 
   155       if ( empty($reason) )
 
   164       if ( empty($reason) )
 
   156         die('Please enter a reason for deleting this page.');
 
   165         die('Please enter a reason for deleting this page.');
 
   157       echo PageUtils::deletepage($paths->cpage['urlname_nons'], $paths->namespace, $reason);
 
   166       echo PageUtils::deletepage($paths->page_id, $paths->namespace, $reason);
 
   158       break;
 
   167       break;
 
   159     case "delvote":
 
   168     case "delvote":
 
   160       echo PageUtils::delvote($paths->cpage['urlname_nons'], $paths->namespace);
 
   169       echo PageUtils::delvote($paths->page_id, $paths->namespace);
 
   161       break;
 
   170       break;
 
   162     case "resetdelvotes":
 
   171     case "resetdelvotes":
 
   163       echo PageUtils::resetdelvotes($paths->cpage['urlname_nons'], $paths->namespace);
 
   172       echo PageUtils::resetdelvotes($paths->page_id, $paths->namespace);
 
   164       break;
 
   173       break;
 
   165     case "getstyles":
 
   174     case "getstyles":
 
   166       echo PageUtils::getstyles($_GET['id']);
 
   175       echo PageUtils::getstyles($_GET['id']);
 
   167       break;
 
   176       break;
 
   168     case "catedit":
 
   177     case "catedit":
 
   169       echo PageUtils::catedit($paths->cpage['urlname_nons'], $paths->namespace);
 
   178       echo PageUtils::catedit($paths->page_id, $paths->namespace);
 
   170       break;
 
   179       break;
 
   171     case "catsave":
 
   180     case "catsave":
 
   172       echo PageUtils::catsave($paths->cpage['urlname_nons'], $paths->namespace, $_POST);
 
   181       echo PageUtils::catsave($paths->page_id, $paths->namespace, $_POST);
 
   173       break;
 
   182       break;
 
   174     case "setwikimode":
 
   183     case "setwikimode":
 
   175       echo PageUtils::setwikimode($paths->cpage['urlname_nons'], $paths->namespace, (int)$_GET['mode']);
 
   184       echo PageUtils::setwikimode($paths->page_id, $paths->namespace, (int)$_GET['mode']);
 
   176       break;
 
   185       break;
 
   177     case "setpass":
 
   186     case "setpass":
 
   178       echo PageUtils::setpass($paths->cpage['urlname_nons'], $paths->namespace, $_POST['password']);
 
   187       echo PageUtils::setpass($paths->page_id, $paths->namespace, $_POST['password']);
 
   179       break;
 
   188       break;
 
   180     case "fillusername":
 
   189     case "fillusername":
 
   181       break;
 
   190       break;
 
   182     case "fillpagename":
 
   191     case "fillpagename":
 
   183       $name = (isset($_GET['name'])) ? $_GET['name'] : false;
 
   192       $name = (isset($_GET['name'])) ? $_GET['name'] : false;
 
   228       $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
 
   237       $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
 
   229       $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
 
   238       $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
 
   230       if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
 
   239       if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
 
   231       if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) ||
 
   240       if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) ||
 
   232          !preg_match('#^([0-9]+)$#', (string)$_GET['diff2']  )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
 
   241          !preg_match('#^([0-9]+)$#', (string)$_GET['diff2']  )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
 
   233       echo PageUtils::pagediff($paths->cpage['urlname_nons'], $paths->namespace, $id1, $id2);
 
   242       echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2);
 
   234       break;
 
   243       break;
 
   235     case "jsres":
 
   244     case "jsres":
 
   236       die('// ERROR: this section is deprecated and has moved to includes/clientside/static/enano-lib-basic.js.');
 
   245       die('// ERROR: this section is deprecated and has moved to includes/clientside/static/enano-lib-basic.js.');
 
   237       break;
 
   246       break;
 
   238     case "rdns":
 
   247     case "rdns":
 
   276       
   285       
   277       $ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
 
   286       $ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
 
   278       $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user_id FROM '.table_prefix.'tags AS t
 
   287       $q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user_id FROM '.table_prefix.'tags AS t
 
   279         LEFT JOIN '.table_prefix.'page_groups AS pg
 
   288         LEFT JOIN '.table_prefix.'page_groups AS pg
 
   280           ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
 
   289           ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
 
   281         WHERE t.page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
 
   290         WHERE t.page_id=\'' . $db->escape($paths->page_id) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
 
   282       if ( !$q )
 
   291       if ( !$q )
 
   283         $db->_die();
 
   292         $db->_die();
 
   284       
   293       
   285       while ( $row = $db->fetchrow() )
 
   294       while ( $row = $db->fetchrow() )
 
   286       {
 
   295       {
 
   336         $resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.';
 
   345         $resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.';
 
   337         die($json->encode($resp));
 
   346         die($json->encode($resp));
 
   338       }
 
   347       }
 
   339       
   348       
   340       // check if tag is already on page
 
   349       // check if tag is already on page
 
   341       $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';');
 
   350       $q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';');
 
   342       if ( !$q )
 
   351       if ( !$q )
 
   343         $db->_die();
 
   352         $db->_die();
 
   344       if ( $db->numrows() > 0 )
 
   353       if ( $db->numrows() > 0 )
 
   345       {
 
   354       {
 
   346         $resp['error'] = 'This page already has this tag.';
 
   355         $resp['error'] = 'This page already has this tag.';
 
   360       }
 
   369       }
 
   361       $resp['in_acl'] = ( $db->numrows() > 0 );
 
   370       $resp['in_acl'] = ( $db->numrows() > 0 );
 
   362       $db->free_result();
 
   371       $db->free_result();
 
   363       
   372       
   364       // we're good
 
   373       // we're good
 
   365       $q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user_id) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
 
   374       $q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user_id) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->page_id) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
 
   366       if ( !$q )
 
   375       if ( !$q )
 
   367         $db->_die();
 
   376         $db->_die();
 
   368       
   377       
   369       $resp['success'] = true;
 
   378       $resp['success'] = true;
 
   370       $resp['tag'] = $tag;
 
   379       $resp['tag'] = $tag;
 
   390         die('Could not find a tag with that ID');
 
   399         die('Could not find a tag with that ID');
 
   391       
   400       
   392       $row = $db->fetchrow();
 
   401       $row = $db->fetchrow();
 
   393       $db->free_result();
 
   402       $db->free_result();
 
   394       
   403       
   395       if ( $row['page_id'] == $paths->cpage['urlname_nons'] && $row['namespace'] == $paths->namespace )
 
   404       if ( $row['page_id'] == $paths->page_id && $row['namespace'] == $paths->namespace )
 
   396         $perms =& $session;
 
   405         $perms =& $session;
 
   397       else
 
   406       else
 
   398         $perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);
 
   407         $perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);
 
   399         
   408         
   400       $perm = ( $row['user_id'] != $session->user_id ) ?
 
   409       $perm = ( $row['user_id'] != $session->user_id ) ?
Enano CMS (1.1.x)