Enano CMS (1.1.x): comparison ajax.php

equal deleted inserted replaced

-:4746dd07cc48
+:6607cd646d6d
 switch($_GET['_mode']) {
 case "checkusername":
 echo PageUtils::checkusername($_GET['name']);
 break;
 case "getsource":
-header('Content-type: application/json');
+header('Content-type: text/plain');
 $password = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
 $revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0;
 $page = new PageProcessor($paths->page_id, $paths->namespace, $revid);
 $page->password = $password;
+$have_draft = false;
 if ( $src = $page->fetch_source() )
 {
 $allowed = true;
+$q = $db->sql_query('SELECT author, time_id, page_text FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
+AND page_id = \'' . $db->escape($paths->page_id) . '\'
+AND namespace = \'' . $db->escape($paths->namespace) . '\'
+AND is_draft = 1;');
+if ( !$q )
+$db->die_json();
+if ( $db->numrows() > 0 )
+{
+$have_draft = true;
+}
 }
 else if ( $src !== false )
 {
 $allowed = true;
 $src = '';
 'auth_view_source' => $allowed,
 'auth_edit' => $auth_edit,
 'time' => time(),
 'require_captcha' => false,
 'allow_wysiwyg' => $auth_wysiwyg,
-'revid' => $revid
+'revid' => $revid,
+'have_draft' => false
 );
+if ( $have_draft )
+{
+$row = $db->fetchrow($q);
+$return['have_draft'] = true;
+$return['draft_author'] = $row['author'];
+$return['draft_time'] = enano_date('d M Y h:i a', intval($row['time_id']));
+if ( isset($_GET['get_draft']) && @$_GET['get_draft'] === '1' )
+{
+$return['src'] = $row['page_text'];
+}
+}
 if ( $revid > 0 )
 {
 // Retrieve information about this revision and the current one
 $q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1
 LEFT JOIN ' . table_prefix . 'logs AS l2
 ON ( l2.time_id = ' . $revid . '
 AND l2.log_type  = \'page\'
 AND l2.action    = \'edit\'
-AND l2.page_id   = \'ACL_Tests\'
+AND l2.page_id   = \'' . $db->escape($paths->page_id)   . '\'
-AND l2.namespace = \'Article\'
+AND l2.namespace = \'' . $db->escape($paths->namespace) . '\'
 )
 WHERE l1.log_type  = \'page\'
 AND l1.action    = \'edit\'
-AND l1.page_id   = \'ACL_Tests\'
+AND l1.page_id   = \'' . $db->escape($paths->page_id)   . '\'
-AND l1.namespace = \'Article\'
+AND l1.namespace = \'' . $db->escape($paths->namespace) . '\'
 AND l1.time_id >= ' . $revid . '
 ORDER BY l1.time_id DESC;');
 if ( !$q )
 $db->die_json();
 $rev_count = $db->numrows() - 1;
-$row = $db->fetchrow();
+if ( $rev_count == -1 )
-$return['undo_info'] = array(
+{
-'old_author'     => $row['oldrev_author'],
+$return = array(
-'current_author' => $row['currentrev_author'],
+'mode' => 'error',
-'undo_count'     => $rev_count
+'error' => '[Internal] No rows returned by revision info query. SQL:<pre>' . $db->latest_query . '</pre>'
 );
+}
+else
+{
+$row = $db->fetchrow();
+$return['undo_info'] = array(
+'old_author'     => $row['oldrev_author'],
+'current_author' => $row['currentrev_author'],
+'undo_count'     => $rev_count
+);
+}
 }
 if ( $auth_edit && !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
 {
 $return['require_captcha'] = true;
 $return['captcha_id'] = $session->make_captcha();
 }
+$template->load_theme();
+$return['toolbar_templates'] = $template->extract_vars('toolbar.tpl');
 echo enano_json_encode($return);
 break;
 case "getpage":
 // echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
 break;
 case "savepage":
 $summ = ( isset($_POST['summary']) ) ? $_POST['summary'] : '';
 $minor = isset($_POST['minor']);
 $e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['text'], $summ, $minor);
-if($e=='good')
+if ( $e == 'good' )
 {
 $page = new PageProcessor($paths->page_id, $paths->namespace);
 $page->send();
 }
 else
 }
 break;
 case "savepage_json":
 header('Content-type: application/json');
 if ( !isset($_POST['r']) )
-die('Invalid request');
+die('Invalid request [1]');
 $request = enano_json_decode($_POST['r']);
-if ( !isset($request['src']) || !isset($request['summary']) || !isset($request['minor_edit']) || !isset($request['time']) )
+if ( !isset($request['src']) || !isset($request['summary']) || !isset($request['minor_edit']) || !isset($request['time']) || !isset($request['draft']) )
-die('Invalid request');
+die('Invalid request [2]<pre>' . htmlspecialchars(print_r($request, true)) . '</pre>');
 $time = intval($request['time']);
-// Verify that no edits have been made since the editor was requested
+if ( $request['draft'] )
-$q = $db->sql_query('SELECT time_id, author FROM ' . table_prefix . "logs WHERE log_type = 'page' AND action = 'edit' AND page_id = '{$paths->page_id}' AND namespace = '{$paths->namespace}' ORDER BY time_id DESC LIMIT 1;");
+{
-if ( !$q )
+//
-$db->die_json();
+// The user wants to save a draft version of the page.
+//
-$row = $db->fetchrow();
-$db->free_result();
+// Delete any draft copies if they exist
+$q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
-if ( $row['time_id'] > $time )
+AND page_id = \'' . $db->escape($paths->page_id) . '\'
-{
+AND namespace = \'' . $db->escape($paths->namespace) . '\'
+AND is_draft = 1;');
+if ( !$q )
+$db->die_json();
+$src = RenderMan::preprocess_text($request['src'], false, false);
+// Save the draft
+$q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs ( log_type, action, page_id, namespace, author, edit_summary, page_text, is_draft, time_id )
+VALUES (
+\'page\',
+\'edit\',
+\'' . $db->escape($paths->page_id) . '\',
+\'' . $db->escape($paths->namespace) . '\',
+\'' . $db->escape($session->username) . '\',
+\'' . $db->escape($request['summary']) . '\',
+\'' . $db->escape($src) . '\',
+1,
+' . time() . '
+);');
+// Done!
 $return = array(
-'mode' => 'obsolete',
+'mode' => 'success',
-'author' => $row['author'],
+'is_draft' => true
-'date_string' => enano_date('d M Y h:i a', $row['time_id']),
-'time' => $row['time_id'] // time() ???
 );
-echo enano_json_encode($return);
+}
-break;
+else
-}
+{
+// Verify that no edits have been made since the editor was requested
-// Verify captcha, if needed
+$q = $db->sql_query('SELECT time_id, author FROM ' . table_prefix . "logs WHERE log_type = 'page' AND action = 'edit' AND page_id = '{$paths->page_id}' AND namespace = '{$paths->namespace}' ORDER BY time_id DESC LIMIT 1;");
-if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
+if ( !$q )
-{
+$db->die_json();
-if ( !isset($request['captcha_id']) || !isset($request['captcha_code']) )
-{
+$row = $db->fetchrow();
-die('Invalid request, need captcha metadata');
+$db->free_result();
-}
-$code_correct = strtolower($session->get_captcha($request['captcha_id']));
+if ( $row['time_id'] > $time )
-$code_input = strtolower($request['captcha_code']);
+{
-if ( $code_correct !== $code_input )
+$return = array(
-{
+'mode' => 'obsolete',
+'author' => $row['author'],
+'date_string' => enano_date('d M Y h:i a', $row['time_id']),
+'time' => $row['time_id'] // time() ???
+);
+echo enano_json_encode($return);
+break;
+}
+// Verify captcha, if needed
+if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
+{
+if ( !isset($request['captcha_id']) || !isset($request['captcha_code']) )
+{
+die('Invalid request, need captcha metadata');
+}
+$code_correct = strtolower($session->get_captcha($request['captcha_id']));
+$code_input = strtolower($request['captcha_code']);
+if ( $code_correct !== $code_input )
+{
+$return = array(
+'mode' => 'errors',
+'errors' => array($lang->get('editor_err_captcha_wrong')),
+'new_captcha' => $session->make_captcha()
+);
+echo enano_json_encode($return);
+break;
+}
+}
+// Verification complete. Start the PageProcessor and let it do the dirty work for us.
+$page = new PageProcessor($paths->page_id, $paths->namespace);
+if ( $page->update_page($request['src'], $request['summary'], ( $request['minor_edit'] == 1 )) )
+{
+$return = array(
+'mode' => 'success',
+'is_draft' => false
+);
+}
+else
+{
+$errors = array();
+while ( $err = $page->pop_error() )
+{
+$errors[] = $err;
+}
 $return = array(
 'mode' => 'errors',
-'errors' => array($lang->get('editor_err_captcha_wrong')),
+'errors' => array_values($errors)
-'new_captcha' => $session->make_captcha()
+);
-);
+if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
-echo enano_json_encode($return);
+{
-break;
+$return['new_captcha'] = $session->make_captcha();
 }
 }
-// Verification complete. Start the PageProcessor and let it do the dirty work for us.
+// If this is based on a draft version, delete the draft - we no longer need it.
-$page = new PageProcessor($paths->page_id, $paths->namespace);
+if ( @$request['used_draft'] )
-if ( $page->update_page($request['src'], $request['summary'], ( $request['minor_edit'] == 1 )) )
+{
-{
+$q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\'
-$return = array(
+AND page_id = \'' . $db->escape($paths->page_id) . '\'
-'mode' => 'success'
+AND namespace = \'' . $db->escape($paths->namespace) . '\'
-);
+AND is_draft = 1;');
-}
-else
-{
-$errors = array();
-while ( $err = $page->pop_error() )
-{
-$errors[] = $err;
-}
-$return = array(
-'mode' => 'errors',
-'errors' => array_values($errors)
-);
-if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
-{
-$return['new_captcha'] = $session->make_captcha();
 }
 }
 echo enano_json_encode($return);

changeset 413	6607cd646d6d
parent 408	7ecbe721217c
child 416	53fcdf309a82