--- a/plugins/SpecialAdmin.php Fri Dec 07 18:47:37 2007 -0500
+++ b/plugins/SpecialAdmin.php Wed Dec 19 22:55:40 2007 -0500
@@ -4,7 +4,7 @@
Plugin URI: http://enanocms.org/
Description: Provides the page Special:Administration, which is the AJAX frontend to the various Admin pagelets. This plugin cannot be disabled.
Author: Dan Fuhry
-Version: 1.0.2
+Version: 1.0.3
Author URI: http://enanocms.org/
*/
@@ -530,28 +530,28 @@
{
if(isset($_POST['enable_uploads']) && getConfig('enable_uploads') != '1')
{
- $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","upload_enable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
+ $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'upload_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');');
if ( !$q )
$db->_die();
setConfig('enable_uploads', '1');
}
else if ( !isset($_POST['enable_uploads']) && getConfig('enable_uploads') == '1' )
{
- $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","upload_disable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
+ $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'upload_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');');
if ( !$q )
$db->_die();
setConfig('enable_uploads', '0');
}
if(isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') != '1')
{
- $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","magick_enable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
+ $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'magick_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');');
if ( !$q )
$db->_die();
setConfig('enable_imagemagick', '1');
}
else if ( !isset($_POST['enable_imagemagick']) && getConfig('enable_imagemagick') == '1' )
{
- $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","magick_disable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
+ $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'magick_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');');
if ( !$q )
$db->_die();
setConfig('enable_imagemagick', '0');
@@ -566,14 +566,14 @@
}
if(isset($_POST['file_history']) && getConfig('file_history') != '1' )
{
- $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","filehist_enable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
+ $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'filehist_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');');
if ( !$q )
$db->_die();
setConfig('file_history', '1');
}
else if ( !isset($_POST['file_history']) && getConfig('file_history') == '1' )
{
- $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES("security","filehist_disable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '");');
+ $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author) VALUES(\'security\',\'filehist_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\');');
if ( !$q )
$db->_die();
setConfig('file_history', '0');
@@ -582,7 +582,7 @@
{
$old = getConfig('imagemagick_path');
$oldnew = "{$old}||{$_POST['imagemagick_path']}";
- $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","magick_path",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($oldnew) . '");');
+ $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'magick_path\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',\'' . $db->escape($session->username) . '\',\'' . $db->escape($oldnew) . '\');');
if ( !$q )
$db->_die();
setConfig('imagemagick_path', $_POST['imagemagick_path']);
@@ -651,7 +651,7 @@
switch($_GET['action'])
{
case "enable":
- $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","plugin_enable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");');
+ $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'plugin_enable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',"' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");');
if ( !$q )
$db->_die();
setConfig('plugin_'.$_GET['plugin'], '1');
@@ -664,7 +664,7 @@
}
if ( !in_array($_GET['plugin'], $plugins->system_plugins) )
{
- $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","plugin_disable",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");');
+ $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES(\'security\',\'plugin_disable\',' . time() . ',\'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\',"' . $db->escape($session->username) . '","' . $db->escape($_GET['plugin']) . '");');
if ( !$q )
$db->_die();
setConfig('plugin_'.$_GET['plugin'], '0');
@@ -905,279 +905,6 @@
<?php
}
-/*
-function page_Admin_UserManager() {
- global $db, $session, $paths, $template, $plugins; // Common objects
- global $lang;
- if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN )
- {
- $login_link = makeUrlNS('Special', 'Login/' . $paths->nslist['Special'] . 'Administration', 'level=' . USER_LEVEL_ADMIN, true);
- echo '<h3>' . $lang->get('adm_err_not_auth_title') . '</h3>';
- echo '<p>' . $lang->get('adm_err_not_auth_body', array( 'login_link' => $login_link )) . '</p>';
- return;
- }
-
- if ( isset($_GET['src']) && $_GET['src'] == 'get' && !empty($_GET['user']) )
- {
- $_POST['go'] = true;
- $_POST['username'] = $_GET['user'];
- }
-
- if(isset($_POST['go']))
- {
- // We need the user ID before we can do anything
- $q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level,account_active FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_POST['username']) . '\'');
- if ( !$q )
- {
- die('Error selecting user ID: '.mysql_error());
- }
- if ( $db->numrows() < 1 )
- {
- echo('User does not exist, please enter another username.');
- return;
- }
- $r = $db->fetchrow();
- $db->free_result();
- if(isset($_POST['save']))
- {
- $_POST['level'] = intval($_POST['level']);
-
- $new_level = $_POST['level'];
- $old_level = intval($r['user_level']);
-
- if ( defined('ENANO_DEMO_MODE') )
- {
- echo '<div class="error-box">You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.</div>';
- $re = Array('permission denied');
- }
- else
- {
- $re = $session->update_user((int)$r['user_id'], $_POST['new_username'], false, $_POST['new_pass'], $_POST['email'], $_POST['real_name'], false, $_POST['level']);
- }
-
- if($re == 'success')
- {
-
- if ( $new_level != $old_level )
- {
- $user_id = intval($r['user_id']);
- // We need to update group memberships
- if ( $old_level == USER_LEVEL_ADMIN )
- {
- $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_from_admin",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');
- if ( !$q )
- $db->_die();
- $session->remove_user_from_group($user_id, GROUP_ID_ADMIN);
- }
- else if ( $old_level == USER_LEVEL_MOD )
- {
- $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_from_mod",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');
- if ( !$q )
- $db->_die();
- $session->remove_user_from_group($user_id, GROUP_ID_MOD);
- }
-
- if ( $new_level == USER_LEVEL_ADMIN )
- {
- $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_to_admin",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');
- if ( !$q )
- $db->_die();
- $session->add_user_to_group($user_id, GROUP_ID_ADMIN, false);
- }
- else if ( $new_level == USER_LEVEL_MOD )
- {
- $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,edit_summary,author,page_text) VALUES("security","u_to_mod",UNIX_TIMESTAMP(),"' . $db->escape($_SERVER['REMOTE_ADDR']) . '","' . $db->escape($session->username) . '","' . $db->escape($_POST['new_username']) . '");');
- if ( !$q )
- $db->_die();
- $session->add_user_to_group($user_id, GROUP_ID_MOD, false);
- }
- }
-
- // update account activation
- if ( isset($_POST['account_active']) )
- {
- // activate account
- $q = $db->sql_query('UPDATE '.table_prefix.'users SET account_active=1 WHERE user_id=' . intval($r['user_id']) . ';');
- if ( !$q )
- $db->_die();
- }
- else
- {
- // deactivate account and throw away the old key
- $actkey = sha1 ( microtime() . mt_rand() );
- $q = $db->sql_query('UPDATE '.table_prefix.'users SET account_active=0,activation_key=\'' . $actkey . '\' WHERE user_id=' . intval($r['user_id']) . ';');
- if ( !$q )
- $db->_die();
- }
-
- echo('<div class="info-box">Your changes have been saved.</div>');
- }
- else
- {
- echo('<div class="error-box">Error saving changes: '.implode('<br />', $re).'</div>');
- }
- $q = $db->sql_query('SELECT user_id,username,email,real_name,style,user_level,account_active FROM '.table_prefix.'users WHERE username=\''.$db->escape($_POST['username']).'\'');
- if ( !$q )
- {
- die('Error selecting user ID: '.mysql_error());
- }
- if($db->numrows($q) < 1)
- {
- die('User does not exist, please enter another username.');
- }
- $r = mysql_fetch_object($q);
- $db->free_result();
- }
- elseif(isset($_POST['deleteme']) && isset($_POST['delete_conf']))
- {
- if ( defined('ENANO_DEMO_MODE') )
- {
- echo '<div class="error-box">You cannot delete or modify user accounts in demo mode - they are cleaned up once every two hours.</div>';
- }
- else
- {
- $q = $db->sql_query('DELETE FROM users WHERE user_id='.$r['user_id'].';');
- if($q)
- {
- echo '<div class="error-box">The user account "'.$r['username'].'" was deleted.</div>';
- }
- else
- {
- echo '<div class="error-box">The user account "'.$r['username'].'" could not be deleted due to a database error.<br /><br />'.$db->get_error().'</div>';
- }
- }
- }
- else
- {
- $disabled = ( $r['user_id'] == $session->user_id ) ? ' disabled="disabled" ' : '';
- $evt_get_score = ( getConfig('pw_strength_enable') == '1' ) ? 'onkeyup="password_score_field(this);" style="margin-right: 7px;" ' : '';
- $meter = ( getConfig('pw_strength_enable') == '1' ) ? '<tr><td></td><td><div id="pwmeter"></div><p><small>Password complexity requirements are not enforced here.</small></p></td></tr>' : '';
- echo('
- <h3>Edit User Info</h3>
- <form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post">
- <table border="0" style="margin-left: 0.2in;">
- <tr><td>Username:</td><td><input type="text" name="new_username" value="'.$r['username'].'" /></td></tr>
- <tr><td>New Password:</td><td><input ' . $disabled . ' type="password" name="new_pass" '.$evt_get_score.'/></td></tr>
- '.$meter.'
- <tr><td>E-mail:</td><td><input ' . $disabled . ' type="text" name="email" value="'.$r['email'].'" /></td></tr>
- <tr><td>Real Name:</td><td><input ' . $disabled . ' type="text" name="real_name" value="'.$r['real_name'].'" /></td></tr>
- ' . ( ( !empty($disabled) ) ? '<tr><td colspan="2"><small>To change your e-mail address, password, or real name, please use the user control panel.</small></td></tr>' : '' ) . '
- <tr><td>User level:</td><td><select name="level"><option '); if($r['user_level']==USER_LEVEL_CHPREF) echo('SELECTED'); echo(' value="'.USER_LEVEL_CHPREF.'">Regular User</option><option '); if($r['user_level']==USER_LEVEL_MOD) echo('SELECTED'); echo(' value="'.USER_LEVEL_MOD.'">Moderator</option><option '); if($r['user_level']==USER_LEVEL_ADMIN) echo('SELECTED'); echo(' value="'.USER_LEVEL_ADMIN.'">Administrator</option></select></td></tr>
- <tr><td></td><td><label><input type="checkbox" name="account_active"' . ( $r['account_active'] == '1' ? ' checked="checked"' : '' ) . ' /> Account is active</label><br /><small>If this is unchecked, the activation key will be reset, meaning that any activation e-mails sent will be invalidated.</small></td></tr>
- <tr><td>Delete user:</td><td><input type="hidden" name="go" /><input type="hidden" name="username" value="'.$r['username'].'" /><input onclick="return confirm(\'This is your last warning.\n\nAre you sure you want to delete this user account? Even if you delete this user account, the username will be shown in page edit history, comments, and other areas of the site.\n\nDeleting a user account CANNOT BE UNDONE and should only be done in extreme circumstances.\n\nIf the user has violated the site policy, deleting the account will not prevent him from using the site, for that you need to add a new ban rule.\n\nContinue deleting this user account?\')" type="submit" name="deleteme" value="Delete this user" style="color: red;" /> <label><input type="checkbox" name="delete_conf" /> I\'m absolutely sure</label>
- <tr><td align="center" colspan="2">
- <input type="submit" name="save" value="Save Changes" /></td></tr>
- </table>
- </form>
- ');
- }
- }
- else if(isset($_POST['clearsessions']))
- {
- if ( defined('ENANO_DEMO_MODE') )
- {
- echo '<div class="error-box">Sorry Charlie, no can do. You might mess up other people logged into the demo site.</div>';
- }
- else
- {
- // Get the current session information so the user doesn't get logged out
- $aes = new AESCrypt();
- $sk = md5(strrev($session->sid_super));
- $qb = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.$sk.'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_ADMIN);
- if ( !$qb )
- {
- die('Error selecting session key info block B: '.$db->get_error());
- }
- if ( $db->numrows($qb) < 1 )
- {
- die('Error: cannot read admin session info block B, aborting table clear process');
- }
- $qa = $db->sql_query('SELECT session_key,salt,auth_level,source_ip,time FROM '.table_prefix.'session_keys WHERE session_key=\''.md5($session->sid).'\' AND user_id='.$session->user_id.' AND auth_level='.USER_LEVEL_MEMBER);
- if ( !$qa )
- {
- die('Error selecting session key info block A: '.$db->get_error());
- }
- if ( $db->numrows($qa) < 1 )
- {
- die('Error: cannot read user session info block A, aborting table clear process');
- }
- $ra = mysql_fetch_object($qa);
- $rb = mysql_fetch_object($qb);
- $db->free_result($qa);
- $db->free_result($qb);
-
- $db->sql_query('DELETE FROM '.table_prefix.'session_keys;');
- $db->sql_query('INSERT INTO '.table_prefix.'session_keys( session_key,salt,user_id,auth_level,source_ip,time ) VALUES( \''.$ra->session_key.'\', \''.$ra->salt.'\', \''.$session->user_id.'\', \''.$ra->auth_level.'\', \''.$ra->source_ip.'\', '.$ra->time.' ),( \''.$rb->session_key.'\', \''.$rb->salt.'\', \''.$session->user_id.'\', \''.$rb->auth_level.'\', \''.$rb->source_ip.'\', '.$rb->time.' )');
-
- echo('
- <div class="info-box">The session key table has been cleared. Your database should be a little bit smaller now.</div>
- ');
- }
- }
- echo('
- <h3>User Management</h3>
- <form action="'.makeUrl($paths->nslist['Special'].'Administration', 'module='.$paths->cpage['module']).'" method="post" onsubmit="if(!submitAuthorized) return false;">
- <p>Username: '.$template->username_field('username').' <input type="submit" name="go" value="Go" /></p>
- <h3>Clear session keys table</h3>
- <p>It\'s a good idea to clean out your session keys table every once in a while, since this helps to reduce database size. During this process you will be logged off and (hopefully) logged back on automatically. The side effects of this include all users except you being logged off.</p>
- <p><input type="submit" name="clearsessions" value="Clear session keys table" /></p>
- </form>
- ');
- if(isset($_GET['action']) && isset($_GET['user']))
- {
- switch($_GET['action'])
- {
- case "activate":
- $e = $db->sql_query('SELECT activation_key FROM '.table_prefix.'users WHERE username=\'' . $db->escape($_GET['user']) . '\'');
- if($e)
- {
- $row = $db->fetchrow();
- $db->free_result();
- if($session->activate_account($_GET['user'], $row['activation_key'])) { echo '<div class="info-box">The user account "'.$_GET['user'].'" has been activated.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); }
- else echo '<div class="warning-box">The user account "'.$_GET['user'].'" has NOT been activated, possibly because the account is already active.</div>';
- } else echo '<div class="error-box">Error activating account: '.mysql_error().'</div>';
- break;
- case "sendemail":
- if($session->send_activation_mail($_GET['user'])) { echo '<div class="info-box">The user "'.$_GET['user'].'" has been sent an e-mail with an activation link.</div>'; $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE time_id=' . $db->escape($_GET['logid'])); }
- else echo '<div class="error-box">The user account "'.$_GET['user'].'" has not been activated, probably because of a bad SMTP configuration.</div>';
- break;
- case "deny":
- $e = $db->sql_query('DELETE FROM '.table_prefix.'logs WHERE log_type=\'admin\' AND action=\'activ_req\' AND edit_summary=\'' . $db->escape($_GET['user']) . '\';');
- if(!$e) echo '<div class="error-box">Error during row deletion: '.mysql_error().'</div>';
- else echo '<div class="info-box">All activation requests for the user "'.$_GET['user'].'" have been deleted.</div>';
- break;
- }
- }
- $q = $db->sql_query('SELECT l.log_type, l.action, l.time_id, l.date_string, l.author, l.edit_summary, u.user_coppa FROM '.table_prefix.'logs AS l
- LEFT JOIN '.table_prefix.'users AS u
- ON ( u.username = l.edit_summary OR u.username IS NULL )
- WHERE log_type=\'admin\' AND action=\'activ_req\' ORDER BY time_id DESC;');
- if($q)
- {
- if($db->numrows() > 0)
- {
- $n = $db->numrows();
- if($n == 1) $s = $n . ' user is';
- else $s = $n . ' users are';
- echo '<h3>'.$s . ' awaiting account activation</h3>';
- echo '<div class="tblholder">
- <table border="0" cellspacing="1" cellpadding="4" width="100%">
- <tr><th>Date of request</th><th>Requested by</th><th>Requested for</th><th>COPPA user</th><th colspan="3">Actions</th></tr>';
- $cls = 'row2';
- while($row = $db->fetchrow())
- {
- if($cls == 'row2') $cls = 'row1';
- else $cls = 'row2';
- $coppa = ( $row['user_coppa'] == '1' ) ? '<b>Yes</b>' : 'No';
- echo '<tr><td class="'.$cls.'">'.date('F d, Y h:i a', $row['time_id']).'</td><td class="'.$cls.'">'.$row['author'].'</td><td class="'.$cls.'">'.$row['edit_summary'].'</td><td style="text-align: center;" class="' . $cls . '">' . $coppa . '</td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=activate&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Activate now</a></td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=sendemail&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Send activation e-mail</a></td><td class="'.$cls.'" style="text-align: center;"><a href="'.makeUrlNS('Special', 'Administration', 'module='.$paths->nslist['Admin'].'UserManager&action=deny&user='.$row['edit_summary'].'&logid='.$row['time_id']).'">Deny request</a></td></tr>';
- }
- echo '</table>';
- }
- $db->free_result();
- }
-}
-*/
-
function page_Admin_GroupManager()
{
global $db, $session, $paths, $template, $plugins; // Common objects
@@ -1876,7 +1603,7 @@
$id = md5( microtime() . mt_rand() );
$minor = isset($_POST['minor']) ? 'true' : 'false';
- $q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $db->escape($_POST['page_id']) . '\', \'' . $db->escape($_POST['namespace']) . '\', \''.$data.'\', \''.$id.'\', \''.$session->username.'\', \''.$db->escape(htmlspecialchars($_POST['summary'])).'\', '.$minor.');';
+ $q='INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $db->escape($_POST['page_id']) . '\', \'' . $db->escape($_POST['namespace']) . '\', \''.$db->escape($data).'\', \''.$id.'\', \''.$session->username.'\', \''.$db->escape(htmlspecialchars($_POST['summary'])).'\', '.$minor.');';
if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
$query = 'UPDATE '.table_prefix.'page_text SET page_text=\''.$db->escape($data).'\',char_tag=\''.$id.'\' WHERE page_id=\'' . $db->escape($_POST['page_id']) . '\' AND namespace=\'' . $db->escape($_POST['namespace']) . '\';';
@@ -1889,12 +1616,12 @@
?>
<p>
<textarea name="content" rows="20" cols="60" style="width: 100%;"><?php echo htmlspecialchars($content); ?></textarea><br />
- Edit summary: <input name="summary" value="<?php if(isset($_POST['summary'])) echo $_POST['summary']; ?>" size="40" /><br />
+ Edit summary: <input name="summary" value="<?php if(isset($_POST['summary'])) echo htmlspecialchars($_POST['summary']); ?>" size="40" /><br />
<label><input type="checkbox" name="minor" <?php if(isset($_POST['minor'])) echo 'checked="checked" '; ?>/> This is a minor edit</label>
</p>
<p>
- <input type="hidden" name="page_id" value="<?php echo $_POST['page_id']; ?>" />
- <input type="hidden" name="namespace" value="<?php echo $_POST['namespace']; ?>" />
+ <input type="hidden" name="page_id" value="<?php echo htmlspecialchars($_POST['page_id']); ?>" />
+ <input type="hidden" name="namespace" value="<?php echo htmlspecialchars($_POST['namespace']); ?>" />
<input type="submit" name="save" value="Save changes" style="font-weight: bold;" /> <input type="submit" name="preview" value="Show preview" /> <input type="submit" name="revert" value="Revert changes" onclick="return confirm('Do you really want to revert your changes?');" /> <input type="submit" name="cancel" value="Cancel" onclick="return confirm('Do you really want to cancel your changes?');" />
</p>
<?php
@@ -2527,6 +2254,10 @@
return;
}
+ if ( ENANO_DBLAYER != 'MYSQL' )
+ die('<h3>Not supported</h3>
+ <p>This function is only supported under the MySQL database driver.</p>');
+
if(isset($_GET['submitting']) && $_GET['submitting'] == 'yes' && defined('ENANO_DEMO_MODE') )
{
redirect(makeUrlComplete('Special', 'Administration'), 'Access denied', 'You\'ve got to be kidding me. Forget it, kid.', 4 );
@@ -2538,13 +2269,11 @@
if(defined('SQL_BACKUP_CRYPT'))
// Try to increase our time limit
- @set_time_limit(300); // five minutes
+ @set_time_limit(0);
// Do the actual export
$aesext = ( defined('SQL_BACKUP_CRYPT') ) ? '.tea' : '';
$filename = 'enano_backup_' . date('ymd') . '.sql' . $aesext;
ob_start();
- header('Content-disposition: attachment, filename="'.$filename.'";');
- header('Content-type: application/transact-sql');
// Spew some headers
$headdate = date('F d, Y \a\t h:i a');
echo <<<HEADER
@@ -2574,12 +2303,17 @@
// THE FOLLOWING COMMENT DOES NOT APPLY AS OF 1.0.
// Sorry folks - this script CAN'T backup enano_files and enano_search_index due to the sheer size of the tables.
// If encryption is enabled the log data will be excluded too.
- echo export_table(
+ $result = export_table(
$t,
isset($_POST['do_struct']),
( isset($_POST['do_data']) ),
false
) . "\n";
+ if ( !$result )
+ {
+ $db->_die();
+ }
+ echo $result;
}
$data = ob_get_contents();
ob_end_clean();
@@ -2591,6 +2325,8 @@
$tea = new TEACrypt();
$data = $tea->encrypt($data, $session->private_key);
}
+ header('Content-disposition: attachment, filename="'.$filename.'";');
+ header('Content-type: application/transact-sql');
header('Content-length: '.strlen($data));
echo $data;
exit;
@@ -2605,7 +2341,14 @@
<p>Additional tables to export:</p>
<p><select name="additional_tables[]" multiple="multiple">
<?php
- $q = $db->sql_query('SHOW TABLES;') or $db->_die('Somehow we were denied the request to get the list of tables.');
+ if ( ENANO_DBLAYER == 'MYSQL' )
+ {
+ $q = $db->sql_query('SHOW TABLES;') or $db->_die('Somehow we were denied the request to get the list of tables.');
+ }
+ else if ( ENANO_DBLAYER == 'PGSQL' )
+ {
+ $q = $db->sql_query('SELECT relname FROM pg_stat_user_tables ORDER BY relname;') or $db->_die('Somehow we were denied the request to get the list of tables.');
+ }
while($row = $db->fetchrow_num())
{
if(!in_array($row[0], $system_table_list)) echo '<option value="'.$row[0].'">'.$row[0].'</option>';