--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/index.php Wed Jun 13 16:03:00 2007 -0400
@@ -0,0 +1,425 @@
+<?php
+/**
+ * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
+ * @version 1.0 (Banshee)
+ * Copyright (C) 2006-2007 Dan Fuhry
+ *
+ * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ *
+ */
+
+ // Set up gzip encoding before any output is sent
+
+ $aggressive_optimize_html = true;
+
+ global $do_gzip;
+ $do_gzip = false;
+
+ if(isset($_SERVER['PATH_INFO'])) $v = $_SERVER['PATH_INFO'];
+ elseif(isset($_GET['title'])) $v = $_GET['title'];
+ else $v = '';
+
+ error_reporting(E_ALL);
+
+ // if(!strstr($v, 'CSS') && !strstr($v, 'UploadFile') && !strstr($v, 'DownloadFile')) // These pages are blacklisted because we can't have debugConsole's HTML output disrupting the flow of header() calls and whatnot
+ // {
+ // $do_gzip = ( function_exists('gzcompress') && ( isset($_SERVER['HTTP_ACCEPT_ENCODING']) && strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') ) ) ? true : false;
+ // // Uncomment the following line to enable debugConsole (requires PHP 5 or later)
+ // // define('ENANO_DEBUG', '');
+ // }
+
+ if(defined('ENANO_DEBUG')) $do_gzip = false;
+
+ if($aggressive_optimize_html || $do_gzip)
+ {
+ ob_start();
+ }
+
+ require('includes/common.php');
+
+ global $db, $session, $paths, $template, $plugins; // Common objects
+
+ if(!isset($_GET['do'])) $_GET['do'] = 'view';
+ switch($_GET['do'])
+ {
+ default:
+ die_friendly('Invalid action', '<p>The action "'.$_GET['do'].'" is not defined. Return to <a href="'.makeUrl($paths->page).'">viewing this page\'s text</a>.</p>');
+ break;
+ case 'view':
+ // echo PageUtils::getpage($paths->page, true, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
+ $page = new PageProcessor( $paths->cpage['urlname_nons'], $paths->namespace );
+ $page->send_headers = true;
+ $page->send();
+ break;
+ case 'comments':
+ $template->header();
+ $sub = ( isset ($_GET['sub']) ) ? $_GET['sub'] : false;
+ switch($sub)
+ {
+ case 'admin':
+ default:
+ $act = ( isset ($_GET['action']) ) ? $_GET['action'] : false;
+ $id = ( isset ($_GET['id']) ) ? intval($_GET['id']) : -1;
+ echo PageUtils::comments_html($paths->cpage['urlname_nons'], $paths->namespace, $act, Array('id'=>$id));
+ break;
+ case 'postcomment':
+ if(empty($_POST['name']) ||
+ empty($_POST['subj']) ||
+ empty($_POST['text'])
+ ) { echo 'Invalid request'; break; }
+ $cid = ( isset($_POST['captcha_id']) ) ? $_POST['captcha_id'] : false;
+ $cin = ( isset($_POST['captcha_input']) ) ? $_POST['captcha_input'] : false;
+ PageUtils::addcomment($paths->cpage['urlname_nons'], $paths->namespace, $_POST['name'], $_POST['subj'], $_POST['text'], $cin, $cid); // All filtering, etc. is handled inside this method
+ echo PageUtils::comments_html($paths->cpage['urlname_nons'], $paths->namespace);
+ break;
+ case 'editcomment':
+ if(!isset($_GET['id']) || ( isset($_GET['id']) && !preg_match('#^([0-9]+)$#', $_GET['id']) )) { echo '<p>Invalid comment ID</p>'; break; }
+ $q = $db->sql_query('SELECT subject,comment_data,comment_id FROM '.table_prefix.'comments WHERE comment_id='.$_GET['id']);
+ if(!$q) $db->_die('The comment data could not be selected.');
+ $row = $db->fetchrow();
+ $db->free_result();
+ echo '<form action="'.makeUrl($paths->page, 'do=comments&sub=savecomment').'" method="post">';
+ echo "<br /><div class='tblholder'><table border='0' width='100%' cellspacing='1' cellpadding='4'>
+ <tr><td class='row1'>Subject:</td><td class='row1'><input type='text' name='subj' value='{$row['subject']}' /></td></tr>
+ <tr><td class='row2'>Comment:</td><td class='row2'><textarea rows='10' cols='40' style='width: 98%;' name='text'>{$row['comment_data']}</textarea></td></tr>
+ <tr><td class='row1' colspan='2' class='row1' style='text-align: center;'><input type='hidden' name='id' value='{$row['comment_id']}' /><input type='submit' value='Save Changes' /></td></tr>
+ </table></div>";
+ echo '</form>';
+ break;
+ case 'savecomment':
+ if(empty($_POST['subj']) || empty($_POST['text'])) { echo '<p>Invalid request</p>'; break; }
+ $r = PageUtils::savecomment_neater($paths->cpage['urlname_nons'], $paths->namespace, $_POST['subj'], $_POST['text'], (int)$_POST['id']);
+ if($r != 'good') { echo "<pre>$r</pre>"; break; }
+ echo PageUtils::comments_html($paths->cpage['urlname_nons'], $paths->namespace);
+ break;
+ case 'deletecomment':
+ if(!empty($_GET['id']))
+ {
+ PageUtils::deletecomment_neater($paths->cpage['urlname_nons'], $paths->namespace, (int)$_GET['id']);
+ }
+ echo PageUtils::comments_html($paths->cpage['urlname_nons'], $paths->namespace);
+ break;
+ }
+ $template->footer();
+ break;
+ case 'edit':
+ if(isset($_POST['_cancel'])) { header('Location: '.makeUrl($paths->page)); echo '<html><head><title>Redirecting...</title></head><body>If you haven\'t been redirected yet, <a href="'.makeUrl($paths->page).'">click here</a>.'; break; }
+ if(isset($_POST['_save'])) {
+ $e = PageUtils::savepage($paths->cpage['urlname_nons'], $paths->namespace, $_POST['page_text'], $_POST['edit_summary'], isset($_POST['minor']));
+ header('Location: '.makeUrl($paths->page)); echo '<html><head><title>Redirecting...</title></head><body>If you haven\'t been redirected yet, <a href="'.makeUrl($paths->page).'">click here</a>.'; break;
+ }
+ $template->header();
+ if(isset($_POST['_preview']))
+ {
+ $text = $_POST['page_text'];
+ echo PageUtils::genPreview($_POST['page_text']);
+ }
+ else $text = RenderMan::getPage($paths->cpage['urlname_nons'], $paths->namespace, 0, false, false, false, false);
+ echo '
+ <form action="'.makeUrl($paths->page, 'do=edit').'" method="post" enctype="multipart/form-data">
+ <br />
+ <textarea name="page_text" rows="20" cols="60" style="width: 97%;">'.$text.'</textarea><br />
+ <br />
+ ';
+ if($paths->wiki_mode)
+ echo 'Edit summary: <input name="edit_summary" type="text" size="40" /><br /><label><input type="checkbox" name="minor" /> This is a minor edit</label><br />';
+ echo '<br />
+ <input type="submit" name="_save" value="Save changes" style="font-weight: bold;" />
+ <input type="submit" name="_preview" value="Preview changes" />
+ <input type="submit" name="_revert" value="Revert changes" />
+ <input type="submit" name="_cancel" value="Cancel" />
+ </form>
+ ';
+ $template->footer();
+ break;
+ case 'viewsource':
+ $template->header();
+ $text = RenderMan::getPage($paths->cpage['urlname_nons'], $paths->namespace, 0, false, false, false, false);
+ echo '
+ <form action="'.makeUrl($paths->page, 'do=edit').'" method="post">
+ <br />
+ <textarea readonly="readonly" name="page_text" rows="20" cols="60" style="width: 97%;">'.$text.'</textarea>';
+ echo '<br />
+ <input type="submit" name="_cancel" value="Close viewer" />
+ </form>
+ ';
+ $template->footer();
+ break;
+ case 'history':
+ $hist = PageUtils::histlist($paths->cpage['urlname_nons'], $paths->namespace);
+ $template->header();
+ echo $hist;
+ $template->footer();
+ break;
+ case 'rollback':
+ $id = (isset($_GET['id'])) ? $_GET['id'] : false;
+ if(!$id || !preg_match('#^([0-9]+)$#', $id)) die_friendly('Invalid action ID', '<p>The URL parameter "id" is not an integer. Exiting to prevent nasties like SQL injection, etc.</p>');
+ $rb = PageUtils::rollback( (int) $id );
+ $template->header();
+ echo '<p>'.$rb.' <a href="'.makeUrl($paths->page).'">Return to the page</a>.</p>';
+ $template->footer();
+ break;
+ case 'catedit':
+ if(isset($_POST['__enanoSaveButton']))
+ {
+ unset($_POST['__enanoSaveButton']);
+ $val = PageUtils::catsave($paths->cpage['urlname_nons'], $paths->namespace, $_POST);
+ if($val == 'GOOD')
+ {
+ header('Location: '.makeUrl($paths->page)); echo '<html><head><title>Redirecting...</title></head><body>If you haven\'t been redirected yet, <a href="'.makeUrl($paths->page).'">click here</a>.'; break;
+ } else {
+ die_friendly('Error saving category information', '<p>'.$val.'</p>');
+ }
+ }
+ elseif(isset($_POST['__enanoCatCancel']))
+ {
+ header('Location: '.makeUrl($paths->page)); echo '<html><head><title>Redirecting...</title></head><body>If you haven\'t been redirected yet, <a href="'.makeUrl($paths->page).'">click here</a>.'; break;
+ }
+ $template->header();
+ $c = PageUtils::catedit_raw($paths->cpage['urlname_nons'], $paths->namespace);
+ echo $c[1];
+ $template->footer();
+ break;
+ case 'moreoptions':
+ $template->header();
+ echo '<div class="pagebar" id="pagebarpopup2" style="width: 150px; padding: 0;">'.$template->tpl_strings['TOOLBAR_EXTRAS'].'</div>';
+ $template->footer();
+ break;
+ case 'protect':
+ if (!isset($_REQUEST['level'])) die_friendly('Invalid request', '<p>No protection level specified</p>');
+ if(!empty($_POST['reason']))
+ {
+ if(!preg_match('#^([0-2]*){1}$#', $_POST['level'])) die_friendly('Error protecting page', '<p>Request validation failed</p>');
+ PageUtils::protect($paths->cpage['urlname_nons'], $paths->namespace, intval($_POST['level']), $_POST['reason']);
+ die_friendly('Page protected', '<p>The protection setting has been applied. <a href="'.makeUrl($paths->page).'">Return to the page</a>.</p>');
+ }
+ $template->header();
+ ?>
+ <form action="<?php echo makeUrl($paths->page, 'do=protect'); ?>" method="post">
+ <input type="hidden" name="level" value="<?php echo $_REQUEST['level']; ?>" />
+ <?php if(isset($_POST['reason'])) echo '<p style="color: red;">Error: you must enter a reason for protecting this page.</p>'; ?>
+ <p>Reason for protecting the page:</p>
+ <p><input type="text" name="reason" size="40" /><br />
+ Protecion level to be applied: <b><?php
+ switch($_REQUEST['level'])
+ {
+ case '0':
+ echo 'No protection';
+ break;
+ case '1':
+ echo 'Full protection';
+ break;
+ case '2':
+ echo 'Semi-protection';
+ break;
+ default:
+ echo 'None;</b> Warning: request validation will fail after clicking submit<b>';
+ }
+ ?></b></p>
+ <p><input type="submit" value="Protect page" style="font-weight: bold;" /></p>
+ </form>
+ <?php
+ $template->footer();
+ break;
+ case 'rename':
+ if(!empty($_POST['newname']))
+ {
+ $r = PageUtils::rename($paths->cpage['urlname_nons'], $paths->namespace, $_POST['newname']);
+ die_friendly('Page renamed', '<p>'.nl2br($r).' <a href="'.makeUrl($paths->page).'">Return to the page</a>.</p>');
+ }
+ $template->header();
+ ?>
+ <form action="<?php echo makeUrl($paths->page, 'do=rename'); ?>" method="post">
+ <?php if(isset($_POST['newname'])) echo '<p style="color: red;">Error: you must enter a new name for this page.</p>'; ?>
+ <p>Please enter a new name for this page:</p>
+ <p><input type="text" name="newname" size="40" /></p>
+ <p><input type="submit" value="Rename page" style="font-weight: bold;" /></p>
+ </form>
+ <?php
+ $template->footer();
+ break;
+ case 'flushlogs':
+ if(!$session->get_permissions('clear_logs')) die_friendly('Access denied', '<p>Flushing the logs for a page <u>requires</u> administrative rights.</p>');
+ if(isset($_POST['_downthejohn']))
+ {
+ $template->header();
+ $result = PageUtils::flushlogs($paths->cpage['urlname_nons'], $paths->namespace);
+ echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">Return to the page</a>.</p>';
+ $template->footer();
+ break;
+ }
+ $template->header();
+ ?>
+ <form action="<?php echo makeUrl($paths->page, 'do=flushlogs'); ?>" method="post">
+ <h3>You are about to <span style="color: red;">destroy</span> all logged edits and actions on this page.</h3>
+ <p>Unlike deleting or editing this page, this action is <u>not reversible</u>! You should only do this if you are desperate for
+ database space.</p>
+ <p>Do you really want to continue?</p>
+ <p><input type="submit" name="_downthejohn" value="Flush logs" style="color: red; font-weight: bold;" /></p>
+ </form>
+ <?php
+ $template->footer();
+ break;
+ case 'delvote':
+ if(isset($_POST['_ballotbox']))
+ {
+ $template->header();
+ $result = PageUtils::delvote($paths->cpage['urlname_nons'], $paths->namespace);
+ echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">Return to the page</a>.</p>';
+ $template->footer();
+ break;
+ }
+ $template->header();
+ ?>
+ <form action="<?php echo makeUrl($paths->page, 'do=delvote'); ?>" method="post">
+ <h3>Your vote counts.</h3>
+ <p>If you think that this page is not relavent to the content on this site, or if it looks like this page was only created in
+ an attempt to spam the site, you can request that this page be deleted by an administrator.</p>
+ <p>After you vote, you should leave a comment explaining the reason for your vote, especially if you are the first person to
+ vote against this page.</p>
+ <p>So far, <?php echo ( $paths->cpage['delvotes'] == 1 ) ? $paths->cpage['delvotes'] . ' person has' : $paths->cpage['delvotes'] . ' people have'; ?> voted to delete this page.</p>
+ <p><input type="submit" name="_ballotbox" value="Vote to delete this page" /></p>
+ </form>
+ <?php
+ $template->footer();
+ break;
+ case 'resetvotes':
+ if(!$session->get_permissions('vote_reset')) die_friendly('Access denied', '<p>Resetting the deletion votes against this page <u>requires</u> admin rights.</p>');
+ if(isset($_POST['_youmaylivealittlelonger']))
+ {
+ $template->header();
+ $result = PageUtils::resetdelvotes($paths->cpage['urlname_nons'], $paths->namespace);
+ echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">Return to the page</a>.</p>';
+ $template->footer();
+ break;
+ }
+ $template->header();
+ ?>
+ <form action="<?php echo makeUrl($paths->page, 'do=resetvotes'); ?>" method="post">
+ <p>This action will reset the number of votes against this page to zero. Are you sure you want to do this?</p>
+ <p><input type="submit" name="_youmaylivealittlelonger" value="Reset votes" /></p>
+ </form>
+ <?php
+ $template->footer();
+ break;
+ case 'deletepage':
+ if(!$session->get_permissions('delete_page')) die_friendly('Access denied', '<p>Deleting pages <u>requires</u> admin rights.</p>');
+ if(isset($_POST['_adiossucker']))
+ {
+ $template->header();
+ $result = PageUtils::deletepage($paths->cpage['urlname_nons'], $paths->namespace);
+ echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">Return to the page</a>.</p>';
+ $template->footer();
+ break;
+ }
+ $template->header();
+ ?>
+ <form action="<?php echo makeUrl($paths->page, 'do=deletepage'); ?>" method="post">
+ <h3>You are about to <span style="color: red;">destroy</span> this page.</h3>
+ <p>While the deletion of the page itself is completely reversible, it is impossible to recover any comments or category information on this page. If this is a file page, the file along with all older revisions of it will be permanently deleted. Also, any custom information that this page is tagged with, such as a custom name, protection status, or additional settings such as whether to allow comments, will be permanently lost.</p>
+ <p>Are you <u>absolutely sure</u> that you want to continue?<br />
+ You will not be asked again.</p>
+ <p><input type="submit" name="_adiossucker" value="Delete this page" style="color: red; font-weight: bold;" /></p>
+ </form>
+ <?php
+ $template->footer();
+ break;
+ case 'setwikimode':
+ if(!$session->get_permissions('set_wiki_mode')) die_friendly('Access denied', '<p>Changing the wiki mode setting <u>requires</u> admin rights.</p>');
+ if(!isset($_GET['level']) || ( isset($_GET['level']) && !preg_match('#^([0-9])$#', $_GET['level']))) die_friendly('Invalid request', '<p>Level not specified</p>');
+ $template->header();
+ $template->footer();
+ break;
+ case 'diff':
+ $template->header();
+ $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
+ $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
+ if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
+ if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) ||
+ !preg_match('#^([0-9]+)$#', (string)$_GET['diff2'] )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
+ echo PageUtils::pagediff($paths->cpage['urlname_nons'], $paths->namespace, $id1, $id2);
+ $template->footer();
+ break;
+ case 'aclmanager':
+ $data = ( isset($_POST['data']) ) ? $_POST['data'] : Array('mode' => 'listgroups');
+ PageUtils::aclmanager($data);
+ break;
+ }
+
+ //
+ // Optimize HTML by replacing newlines with spaces (excludes <pre>, <script>, and <style> blocks)
+ //
+ if ($aggressive_optimize_html)
+ {
+ // Load up the HTML
+ $html = ob_get_contents();
+ ob_end_clean();
+
+ // Which tags to strip - you can change this if needed
+ $strip_tags = Array('pre', 'script', 'style', 'enano:no-opt');
+ $strip_tags = implode('|', $strip_tags);
+
+ // Strip out the tags and replace with placeholders
+ preg_match_all("#<($strip_tags)(.*?)>(.*?)</($strip_tags)>#is", $html, $matches);
+ $seed = md5(microtime() . mt_rand()); // Random value used for placeholders
+ for ($i = 0;$i < sizeof($matches[1]); $i++)
+ {
+ $html = str_replace("<{$matches[1][$i]}{$matches[2][$i]}>{$matches[3][$i]}</{$matches[4][$i]}>", "{DONT_STRIP_ME_NAKED:$seed:$i}", $html);
+ }
+
+ // Finally, process the HTML
+ $html = preg_replace("#\n([ ]*)#", " ", $html);
+
+ // Remove annoying spaces between tags
+ $html = preg_replace("#>([ ]*?){2,}<#", "> <", $html);
+
+ // Re-insert untouchable tags
+ for ($i = 0;$i < sizeof($matches[1]); $i++)
+ {
+ $html = str_replace("{DONT_STRIP_ME_NAKED:$seed:$i}", "<{$matches[1][$i]}{$matches[2][$i]}>{$matches[3][$i]}</{$matches[4][$i]}>", $html);
+ }
+
+ // Remove <enano:no-opt> blocks (can be used by themes that don't want their HTML optimized)
+ $html = preg_replace('#<(\/|)enano:no-opt(.*?)>#', '', $html);
+
+ // Tell snoopish users what's going on
+ $html = str_replace('<html>', "\n<!-- NOTE: This HTML document has been Aggressively Optimized(TM) by Enano to make page loading faster. -->\n<html>", $html);
+
+ // Re-enable output buffering to allow the Gzip function (below) to work
+ ob_start();
+
+ // Done, send it to the user
+ echo( $html );
+ }
+
+ //
+ // Compress buffered output if required and send to browser
+ //
+ if ( $do_gzip )
+ {
+ //
+ // Copied from phpBB, which was in turn borrowed from php.net
+ //
+ $gzip_contents = ob_get_contents();
+ ob_end_clean();
+
+ $gzip_size = strlen($gzip_contents);
+ $gzip_crc = crc32($gzip_contents);
+
+ $gzip_contents = gzcompress($gzip_contents, 9);
+ $gzip_contents = substr($gzip_contents, 0, strlen($gzip_contents) - 4);
+
+ header('Content-encoding: gzip');
+ echo "\x1f\x8b\x08\x00\x00\x00\x00\x00";
+ echo $gzip_contents;
+ echo pack('V', $gzip_crc);
+ echo pack('V', $gzip_size);
+ }
+
+ $db->close();
+
+?>