diff -r cb7dde69c301 -r d7fc25acd3f3 plugins/SpecialUserFuncs.php --- a/plugins/SpecialUserFuncs.php Wed Aug 01 13:39:27 2007 -0400 +++ b/plugins/SpecialUserFuncs.php Sun Aug 05 15:58:50 2007 -0400 @@ -577,8 +577,7 @@ { echo 'No user selected!'; $template->footer(); - $db->close(); - exit; + return; } $user = $db->escape($user); @@ -587,8 +586,10 @@ if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.'); echo 'History of edits and actions

Edits:

'; if($db->numrows() < 1) echo 'No history entries in this category.'; - while($r = $db->fetchrow()) { - echo ''.$r['date_string'].' (revert) '.$paths->nslist[$r['namespace']].$r['page_id'].': '.$r['edit_summary']; + while($r = $db->fetchrow()) + { + $title = get_page_title($r['page_id'], $r['namespace']); + echo ''.$r['date_string'].' (revert to) '.htmlspecialchars($title).': '.$r['edit_summary']; if($r['minor_edit']) echo ' - minor edit'; echo '
'; } @@ -597,17 +598,22 @@ $q = 'SELECT log_type,time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action!=\'edit\' ORDER BY time_id DESC;'; if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.'); if($db->numrows() < 1) echo 'No history entries in this category.'; - while($r = $db->fetchrow()) { - if($r['log_type']=='page') { - echo '(rollback) '.$r['date_string'].' '.$paths->nslist[$r['namespace']].$r['page_id'].': '; - if($r['action']=='prot') echo 'Protected page; reason: '.$r['edit_summary']; - elseif($r['action']=='unprot') echo 'Unprotected page; reason: '.$r['edit_summary']; - elseif($r['action']=='rename') echo 'Renamed page; old title was: '.$r['edit_summary']; - elseif($r['action']=='create') echo 'Created page'; - elseif($r['action']=='delete') echo 'Deleted page'; - if($r['minor_edit']) echo ' - minor edit'; - echo '
'; - } elseif($r['log_type']=='security') { + while($r = $db->fetchrow()) + { + if ( $r['log_type'] == 'page' ) + { + $title = get_page_title($r['page_id'], $r['namespace']); + echo '(rollback) '.$r['date_string'].' '.htmlspecialchars($title).': '; + if ( $r['action'] == 'prot' ) echo 'Protected page; reason: '.$r['edit_summary']; + else if ( $r['action'] == 'unprot' ) echo 'Unprotected page; reason: '.$r['edit_summary']; + else if ( $r['action'] == 'rename' ) echo 'Renamed page; old title was: '.htmlspecialchars($r['edit_summary']); + else if ( $r['action'] == 'create' ) echo 'Created page'; + else if ( $r['action'] == 'delete' ) echo 'Deleted page'; + if ( $r['minor_edit'] ) echo ' - minor edit'; + echo '
'; + } + else if($r['log_type']=='security') + { // Not implemented, and when it is, it won't be public } } @@ -621,6 +627,10 @@ if(!$session->user_logged_in) die_friendly('Access denied', '

You must be logged in to change your style. Spoofer.

'); if(isset($_POST['theme']) && isset($_POST['style']) && isset($_POST['return_to'])) { + if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme']) ) + die('Hacking attempt'); + if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style']) ) + die('Hacking attempt'); $d = ENANO_ROOT . '/themes/' . $_POST['theme']; $f = ENANO_ROOT . '/themes/' . $_POST['theme'] . '/css/' . $_POST['style'] . '.css'; if(!file_exists($d) || !is_dir($d)) die('The directory "'.$d.'" does not exist.');