244 } |
244 } |
245 break; |
245 break; |
246 case "savepage_json": |
246 case "savepage_json": |
247 header('Content-type: application/json'); |
247 header('Content-type: application/json'); |
248 if ( !isset($_POST['r']) ) |
248 if ( !isset($_POST['r']) ) |
249 die('Invalid request [1]'); |
249 die('Invalid request'); |
250 |
250 |
251 $request = enano_json_decode($_POST['r']); |
251 $request = enano_json_decode($_POST['r']); |
252 if ( !isset($request['src']) || !isset($request['summary']) || !isset($request['minor_edit']) || !isset($request['time']) || !isset($request['draft']) ) |
252 if ( !isset($request['src']) || !isset($request['summary']) || !isset($request['minor_edit']) || !isset($request['time']) || !isset($request['draft']) ) |
253 die('Invalid request [2]<pre>' . htmlspecialchars(print_r($request, true)) . '</pre>'); |
253 die('Invalid request'); |
254 |
254 |
255 $time = intval($request['time']); |
255 $time = intval($request['time']); |
256 |
256 |
257 if ( $request['draft'] ) |
257 if ( $request['draft'] ) |
258 { |
258 { |
259 // |
259 // |
260 // The user wants to save a draft version of the page. |
260 // The user wants to save a draft version of the page. |
261 // |
261 // |
262 |
262 |
263 // Delete any draft copies if they exist |
263 // Validate permissions |
264 $q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\' |
264 if ( !$session->get_permissions('edit_page') ) |
265 AND page_id = \'' . $db->escape($paths->page_id) . '\' |
265 { |
266 AND namespace = \'' . $db->escape($paths->namespace) . '\' |
266 $return = array( |
267 AND is_draft = 1;'); |
267 'mode' => 'error', |
268 if ( !$q ) |
268 'error' => 'access_denied' |
269 $db->die_json(); |
|
270 |
|
271 $src = RenderMan::preprocess_text($request['src'], false, false); |
|
272 |
|
273 // Save the draft |
|
274 $q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs ( log_type, action, page_id, namespace, author, edit_summary, page_text, is_draft, time_id ) |
|
275 VALUES ( |
|
276 \'page\', |
|
277 \'edit\', |
|
278 \'' . $db->escape($paths->page_id) . '\', |
|
279 \'' . $db->escape($paths->namespace) . '\', |
|
280 \'' . $db->escape($session->username) . '\', |
|
281 \'' . $db->escape($request['summary']) . '\', |
|
282 \'' . $db->escape($src) . '\', |
|
283 1, |
|
284 ' . time() . ' |
|
285 );'); |
|
286 |
|
287 // Done! |
|
288 $return = array( |
|
289 'mode' => 'success', |
|
290 'is_draft' => true |
|
291 ); |
269 ); |
|
270 } |
|
271 else |
|
272 { |
|
273 // Delete any draft copies if they exist |
|
274 $q = $db->sql_query('DELETE FROM ' . table_prefix . 'logs WHERE log_type = \'page\' AND action = \'edit\' |
|
275 AND page_id = \'' . $db->escape($paths->page_id) . '\' |
|
276 AND namespace = \'' . $db->escape($paths->namespace) . '\' |
|
277 AND is_draft = 1;'); |
|
278 if ( !$q ) |
|
279 $db->die_json(); |
|
280 |
|
281 // are we just supposed to delete the draft? |
|
282 if ( $request['src'] === -1 ) |
|
283 { |
|
284 $return = array( |
|
285 'mode' => 'success', |
|
286 'is_draft' => 'delete' |
|
287 ); |
|
288 } |
|
289 else |
|
290 { |
|
291 $src = RenderMan::preprocess_text($request['src'], false, false); |
|
292 |
|
293 // Save the draft |
|
294 $q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs ( log_type, action, page_id, namespace, author, edit_summary, page_text, is_draft, time_id ) |
|
295 VALUES ( |
|
296 \'page\', |
|
297 \'edit\', |
|
298 \'' . $db->escape($paths->page_id) . '\', |
|
299 \'' . $db->escape($paths->namespace) . '\', |
|
300 \'' . $db->escape($session->username) . '\', |
|
301 \'' . $db->escape($request['summary']) . '\', |
|
302 \'' . $db->escape($src) . '\', |
|
303 1, |
|
304 ' . time() . ' |
|
305 );'); |
|
306 |
|
307 // Done! |
|
308 $return = array( |
|
309 'mode' => 'success', |
|
310 'is_draft' => true |
|
311 ); |
|
312 } |
|
313 } |
292 } |
314 } |
293 else |
315 else |
294 { |
316 { |
295 // Verify that no edits have been made since the editor was requested |
317 // Verify that no edits have been made since the editor was requested |
296 $q = $db->sql_query('SELECT time_id, author FROM ' . table_prefix . "logs WHERE log_type = 'page' AND action = 'edit' AND page_id = '{$paths->page_id}' AND namespace = '{$paths->namespace}' AND is_draft != 1 ORDER BY time_id DESC LIMIT 1;"); |
318 $q = $db->sql_query('SELECT time_id, author FROM ' . table_prefix . "logs WHERE log_type = 'page' AND action = 'edit' AND page_id = '{$paths->page_id}' AND namespace = '{$paths->namespace}' AND is_draft != 1 ORDER BY time_id DESC LIMIT 1;"); |