diff -r 67bd3121a12e -r bfa2e9c23f03 ajax.php --- a/ajax.php Thu Dec 27 22:09:33 2007 -0500 +++ b/ajax.php Thu Dec 27 23:32:11 2007 -0500 @@ -114,13 +114,24 @@ $allowed = false; $src = ''; } + + $auth_edit = ( $session->get_permissions('edit_page') && ( $session->get_permissions('even_when_protected') || !$paths->page_protected ) ); + $return = array( 'mode' => 'editor', 'src' => $src, 'auth_view_source' => $allowed, - 'auth_edit' => $session->get_permissions('edit_page'), - 'time' => time() + 'auth_edit' => $auth_edit, + 'time' => time(), + 'require_captcha' => false, ); + + if ( $auth_edit && !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' ) + { + $return['require_captcha'] = true; + $return['captcha_id'] = $session->make_captcha(); + } + echo enano_json_encode($return); break; case "getpage": @@ -178,6 +189,27 @@ break; } + // Verify captcha, if needed + if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' ) + { + if ( !isset($request['captcha_id']) || !isset($request['captcha_code']) ) + { + die('Invalid request, need captcha metadata'); + } + $code_correct = strtolower($session->get_captcha($request['captcha_id'])); + $code_input = strtolower($request['captcha_code']); + if ( $code_correct !== $code_input ) + { + $return = array( + 'mode' => 'errors', + 'errors' => array($lang->get('editor_err_captcha_wrong')), + 'new_captcha' => $session->make_captcha() + ); + echo enano_json_encode($return); + break; + } + } + // Verification complete. Start the PageProcessor and let it do the dirty work for us. $page = new PageProcessor($paths->page_id, $paths->namespace); if ( $page->update_page($request['src'], $request['summary'], ( $request['minor_edit'] == 1 )) ) @@ -197,6 +229,10 @@ 'mode' => 'errors', 'errors' => array_values($errors) ); + if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' ) + { + $return['new_captcha'] = $session->make_captcha(); + } } echo enano_json_encode($return);