diff -r d543689ed2eb -r e34c23a35dc9 includes/pageutils.php --- a/includes/pageutils.php Sun May 16 21:35:43 2010 -0400 +++ b/includes/pageutils.php Wed Jun 02 21:58:26 2010 -0400 @@ -1339,8 +1339,8 @@ public static function catedit($page_id, $namespace) { - $d = PageUtils::catedit_raw($page_id, $namespace); - return $d[0] . ' /* BEGIN CONTENT */ document.getElementById("ajaxEditContainer").innerHTML = unescape(\''.rawurlencode($d[1]).'\');'; + list($js, $html) = PageUtils::catedit_raw($page_id, $namespace); + return $js . ' /* BEGIN CONTENT */ document.getElementById("ajaxEditContainer").innerHTML = unescape(\''.rawurlencode($html).'\');'; } /** @@ -1353,78 +1353,113 @@ global $db, $session, $paths, $template, $plugins; // Common objects global $lang; - ob_start(); - $_ob = ''; - $e = $db->sql_query('SELECT category_id FROM ' . table_prefix.'categories WHERE page_id=\'' . $paths->page_id . '\' AND namespace=\'' . $paths->namespace . '\''); - if(!$e) jsdie('Error selecting category information for current page: '.$db->get_error()); - $cat_current = Array(); - while($r = $db->fetchrow()) + // notes + // span class is catCheck + // return array(jsblob, innerHTML) + /* + $perms = $session->fetch_page_acl($cat_info[$i]['urlname_nons'], 'Category'); + $cat_is_protected = ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') || + ( $cat_info[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) ) + */ + + // two buffers: one is HTML and one is Javascript. + $js = $html = ''; + + // page permissions + $page_perms = $session->fetch_page_acl($page_id, $namespace); + + // Pull the list of categories this page is in + $cats_member_of = array(); + $q = $db->sql_query('SELECT category_id FROM ' . table_prefix . 'categories WHERE page_id = \'' . $db->escape($page_id) . '\' AND namespace = \'' . $db->escape($namespace) . '\';'); + if ( !$q ) + $db->_die(); + while ( $row = $db->fetchrow() ) { - $cat_current[] = $r; + $cats_member_of[] = $row['category_id']; } - $db->free_result(); - $cat_all = array(); - $q = $db->sql_query('SELECT * FROM ' . table_prefix . 'pages WHERE namespace = \'Category\';'); + // Get a list of all categories on the site + $q = $db->sql_query('SELECT * FROM ' . table_prefix . 'pages WHERE namespace = \'Category\' ORDER BY name ASC;'); if ( !$q ) $db->_die(); - while ( $row = $db->fetchrow() ) - { - $cat_all[] = Namespace_Default::bake_cdata($row); - } - - // Make $cat_all an associative array, like $paths->pages - $sz = sizeof($cat_all); - for($i=0;$i<$sz;$i++) + $categories = array(); + while ( $row = $db->fetchrow($q) ) { - $cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i]; - } - // Now, the "zipper" function - join the list of categories with the list of cats that this page is a part of - $cat_info = $cat_all; - for($i=0;$ifetch_page_acl($row['urlname_nons'], 'Category'); + $row['disabled'] = ( + // no permissions to edit categorization in this category, or + !$row['perms']->get_permissions('edit_cat') || + // category is protected, and no protect override permissions + ( $row['really_protected'] && !$row['perms']->get_permissions('even_when_protected') ) + ); + // append to array + $categories[ $row['urlname_nons'] ] = $row; } - echo 'catlist = new Array();'; // Initialize the client-side category list - $_ob .= '

' . $lang->get('catedit_title') . '

-
'; - if ( sizeof($cat_info) < 1 ) - { - $_ob .= '

' . $lang->get('catedit_no_categories') . '

'; - } - for ( $i = 0; $i < sizeof($cat_info) / 2; $i++ ) + // fabricate information on categories that don't exist. + foreach ( $cats_member_of as $category ) { - // Protection code added 1/3/07 - // Updated 3/4/07 - $is_prot = false; - $perms = $session->fetch_page_acl($cat_info[$i]['urlname_nons'], 'Category'); - if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') || - ( $cat_info[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) ) - $is_prot = true; - $prot = ( $is_prot ) ? ' disabled="disabled" ' : ''; - $prottext = ( $is_prot ) ? ' (protected)' : ''; - echo 'catlist[' . $i . '] = \'' . $cat_info[$i]['urlname_nons'] . '\';'; - $_ob .= '' . $cat_info[$i]['name'].$prottext.'
'; + if ( isset($categories[$category]) ) + // already have it in the array, skip + continue; + // create page metadata + $row = Namespace_Default::bake_cdata(array( + 'urlname' => $category, + 'namespace' => 'Category' + )); + // we know it's in this category + $row['checked'] = true; + // we know it doesn't exist + $row['exists'] = false; + $row['perms'] = $session->fetch_page_acl($category, 'Category'); + $row['disabled'] = ( + // no permissions to edit categorization in this category (honor inheritance and everything) + !$row['perms']->get_permissions('edit_cat') + // not checking protection because it's defaulted to off + ); + // append + $categories[ $category ] = $row; } - $disabled = ( sizeof($cat_info) < 1 ) ? 'disabled="disabled"' : ''; - - $_ob .= '
'; + // spit out the form + $html .= '

' . $lang->get('catedit_title') . '

'; + $html .= '
'; + foreach ( $categories as $category ) + { + $html .= '
'; + } + if ( count($categories) < 1 ) + $html .= '

' . $lang->get('catedit_no_categories') . '

'; + // submit buttons + $save_disabled = ( count($categories) < 1 ) ? 'disabled="disabled"' : ''; + $html .= '
+ + +
'; - $cont = ob_get_contents(); - ob_end_clean(); - return Array($cont, $_ob); + $html .= '
'; + + return array($js, $html); } /** @@ -1444,65 +1479,122 @@ $page_perms = $session->fetch_page_acl($page_id, $namespace); $ns = namespace_factory($page_id, $namespace); $page_data = $ns->get_cdata(); + if ( !$page_perms->get_permissions('edit_cat') || + ( $page_data['really_protected'] && !$page_perms->get_permissions('even_when_protected') ) ) + return 'Insufficient privileges'; - $cat_all = array(); - $q = $db->sql_query('SELECT * FROM ' . table_prefix . 'pages WHERE namespace = \'Category\';'); + // Pull the list of categories this page is in + $cats_member_of = array(); + $q = $db->sql_query('SELECT category_id FROM ' . table_prefix . 'categories WHERE page_id = \'' . $db->escape($page_id) . '\' AND namespace = \'' . $db->escape($namespace) . '\';'); + if ( !$q ) + $db->_die(); + while ( $row = $db->fetchrow() ) + { + $cats_member_of[] = $row['category_id']; + } + + // Get a list of all categories on the site + $q = $db->sql_query('SELECT * FROM ' . table_prefix . 'pages WHERE namespace = \'Category\' ORDER BY name ASC;'); if ( !$q ) $db->_die(); - while ( $row = $db->fetchrow() ) + $categories = array(); + while ( $row = $db->fetchrow($q) ) { - $cat_all[] = Namespace_Default::bake_cdata($row); + // bake page information + $row = Namespace_Default::bake_cdata($row); + // add our own info + $row['checked'] = in_array($row['urlname_nons'], $cats_member_of); + $row['exists'] = true; + $row['perms'] = $session->fetch_page_acl($row['urlname_nons'], 'Category'); + $row['disabled'] = ( + // no permissions to edit categorization in this category, or + !$row['perms']->get_permissions('edit_cat') || + // category is protected, and no protect override permissions + ( $row['really_protected'] && !$row['perms']->get_permissions('even_when_protected') ) + ); + // append to array + $categories[ $row['urlname_nons'] ] = $row; } - // Make $cat_all an associative array, like $paths->pages - $sz = sizeof($cat_all); - for($i=0;$i<$sz;$i++) + // fabricate information on categories that don't exist. + foreach ( $cats_member_of as $category ) { - $cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i]; + if ( isset($categories[$category]) ) + // already have it in the array, skip + continue; + // create page metadata + $row = Namespace_Default::bake_cdata(array( + 'urlname' => $category, + 'namespace' => 'Category' + )); + // we know it's in this category + $row['checked'] = true; + // we know it doesn't exist + $row['exists'] = false; + $row['perms'] = $session->fetch_page_acl($category, 'Category'); + $row['disabled'] = ( + // no permissions to edit categorization in this category (honor inheritance and everything) + !$row['perms']->get_permissions('edit_cat') + // not checking protection because it's defaulted to off, and we know we are using the defaults + // because we made it past the check above ;) + ); + // append + $categories[ $category ] = $row; } - $rowlist = Array(); - - for($i=0;$i $category ) { - $auth = true; - $perms = $session->fetch_page_acl($cat_all[$i]['urlname_nons'], 'Category'); - if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') || - ( $cat_all[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) || - ( !$page_perms->get_permissions('even_when_protected') && $page_data['protected'] == '1' ) ) - $auth = false; - if(!$auth) + // allowed to change it? + if ( $category['disabled'] ) + continue; + + if ( $category['checked'] && !in_array($cat_id, $which_cats) ) + { + // delete + $to_delete[] = $cat_id; + } + else if ( !$category['checked'] && in_array($cat_id, $which_cats) ) + { + // insert + $to_insert[] = $cat_id; + } + else { - // Find out if the page is currently in the category - $q = $db->sql_query('SELECT * FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';'); - if(!$q) - return 'MySQL error: ' . $db->get_error(); - if($db->numrows() > 0) - { - $auth = true; - $which_cats[$cat_all[$i]['urlname_nons']] = true; // Force the category to stay in its current state - } - $db->free_result(); + // no change } - if(isset($which_cats[$cat_all[$i]['urlname_nons']]) && $which_cats[$cat_all[$i]['urlname_nons']] == true /* for clarity ;-) */ && $auth ) $rowlist[] = '(\'' . $page_id . '\', \'' . $namespace . '\', \'' . $cat_all[$i]['urlname_nons'] . '\')'; } - if(sizeof($rowlist) > 0) + + // commit changes + if ( !empty($to_insert) ) { - $val = implode(',', $rowlist); - $q = 'INSERT INTO ' . table_prefix.'categories(page_id,namespace,category_id) VALUES' . $val . ';'; - $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';'); - if(!$e) $db->_die('The old category data could not be deleted.'); - $e = $db->sql_query($q); - if(!$e) $db->_die('The new category data could not be inserted.'); - return('GOOD'); + $rows = array(); + foreach ( $to_insert as $cat_id ) + { + $rows[] = "('{$db->escape($page_id)}', '{$db->escape($namespace)}', '{$db->escape($cat_id)}')"; + } + $q = $db->sql_query("INSERT INTO " . table_prefix . "categories(page_id, namespace, category_id) VALUES\n " + . implode(",\n ", $rows) . ";"); + if ( !$q ) + $db->_die(); } - else + if ( !empty($to_delete) ) { - $e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';'); - if(!$e) $db->_die('The old category data could not be deleted.'); - return('GOOD'); + $entries = array(); + foreach ( $to_delete as $cat_id ) + { + $entries[] = "category_id = '{$db->escape($cat_id)}'"; + } + $q = $db->sql_query("DELETE FROM " . table_prefix . "categories WHERE page_id = '{$db->escape($page_id)}' AND namespace = '{$db->escape($namespace)}'\n" + . " AND ( " . implode(' OR ', $entries) . " );"); + if ( !$q ) + $db->_die(); } + + + return 'GOOD'; } /**