# HG changeset patch # User Dan # Date 1185401194 14400 # Node ID 68469a95658d8378ce14b5b0613a606c719acd92 # Parent 0a74676a2f2f31f02483a1407c84abe37e8ff54c Various bugfixes and cleanups, too much to remember... see the diffs for what got changed :-) diff -r 0a74676a2f2f -r 68469a95658d includes/clientside/static/acl.js --- a/includes/clientside/static/acl.js Sat Jul 21 18:12:10 2007 -0400 +++ b/includes/clientside/static/acl.js Wed Jul 25 18:06:34 2007 -0400 @@ -316,7 +316,7 @@ act_desc = ( data.type == 'new' ) ? 'Create access rule' : 'Editing permissions'; target_type_t = ( data.target_type == 1 ) ? 'group' : 'user'; target_name_t = data.target_name; - var scope_type = ( data.page_id == false && data.namespace == false ) ? 'this entire site' : 'this page'; + var scope_type = ( data.page_id == false && data.namespace == false ) ? 'this entire site' : ( data.namespace == '__PageGroup' ) ? 'this group of pages' : 'this page'; html = '

'+act_desc+'

This panel allows you to edit what the '+target_type_t+' "'+target_name_t+'" can do on ' + scope_type + '. Unless you set a permission to "Deny", these permissions may be overridden by other rules.

'; parser = new templateParser(data.template.acl_field_begin); html += parser.run(); @@ -390,7 +390,7 @@ b.appendChild(document.createTextNode('Permissions updated')); note.appendChild(b); note.appendChild(document.createElement('br')); - note.appendChild(document.createTextNode('The permissions for '+data.target_name+' on this page have been updated successfully.')); + note.appendChild(document.createTextNode('The permissions for '+data.target_name+' on this page have been updated successfully. If you changed permissions that affect your user account, you may not see changes until you reload the page.')); note.appendChild(document.createElement('br')); var a = document.createElement('a'); a.href = 'javascript:void(0);'; diff -r 0a74676a2f2f -r 68469a95658d includes/clientside/static/comments.js --- a/includes/clientside/static/comments.js Sat Jul 21 18:12:10 2007 -0400 +++ b/includes/clientside/static/comments.js Wed Jul 25 18:06:34 2007 -0400 @@ -166,7 +166,10 @@ } } - // Posting form + if ( data.auth_post_comments ) + { + + // Posting form html += '

Got something to say?

'; html += '

If you have comments or suggestions on this article, you can shout it out here.'; @@ -193,6 +196,8 @@ html += ' '; html += ''; + } + document.getElementById('ajaxEditContainer').innerHTML = html; for ( i = 0; i < data.comments.length; i++ ) diff -r 0a74676a2f2f -r 68469a95658d includes/clientside/static/flyin.js --- a/includes/clientside/static/flyin.js Sat Jul 21 18:12:10 2007 -0400 +++ b/includes/clientside/static/flyin.js Wed Jul 25 18:06:34 2007 -0400 @@ -137,7 +137,11 @@ { topc = GlideEffect.easeInOut(i, topi, diff_top, frames); leftc = GlideEffect.easeInOut(i, lefti, diff_left, frames); - setTimeout('var o = fly_in_cache['+rand_seed+']; o.style.top=\''+topc+'px\'; o.style.left=\''+leftc+'px\';', timeout); + var code = 'var o = fly_in_cache['+rand_seed+']; o.style.top=\''+topc+'px\';'; + if ( !height_taken_care_of ) + code += ' o.style.left=\''+leftc+'px\''; + code += ';'; + setTimeout(code, timeout); timeout += timerstep; var ratio = i / frames; diff -r 0a74676a2f2f -r 68469a95658d includes/clientside/static/misc.js --- a/includes/clientside/static/misc.js Sat Jul 21 18:12:10 2007 -0400 +++ b/includes/clientside/static/misc.js Wed Jul 25 18:06:34 2007 -0400 @@ -18,8 +18,17 @@ function findParentForm(o) { - // Not implemented - someone please let me know how to do this, what I need to do is - // find the first parent

tag above param 'o', not sure how to do it with DOM + if ( o.tagName == 'FORM' ) + return o; + while(true) + { + o = o.parentNode; + if ( !o ) + return false; + if ( o.tagName == 'FORM' ) + return o; + } + return false; } function ajaxReverseDNS(o, text) @@ -565,6 +574,8 @@ div.innerHTML = 'Go to page:
»×'; var body = document.getElementsByTagName('body')[0]; + domObjChangeOpac(0, div); + body.appendChild(div); document.getElementById(vtmp).onkeypress = function(e){if(e.keyCode==13)this.nextSibling.nextSibling.onclick();}; @@ -576,6 +587,7 @@ var from = '#33FF33'; Fat.fade_element(div.id,30,2000,from,Fat.get_bgcolor(div.id)); */ + fly_in_bottom(div, false, true); var divh = $(div).Width(); @@ -598,3 +610,30 @@ window.location = url; } +/** + * Insert a DOM object _after_ the specified child. + * @param object Parent node + * @param object Node to insert + * @param object Node to insert after + */ + +function insertAfter(parent, baby, bigsister) +{ + try + { + if ( parent.childNodes[parent.childNodes.length-1] == bigsister ) + parent.appendChild(baby); + else + parent.insertBefore(baby, bigsister.nextSibling); + } + catch(e) + { + alert(e.toString()); + if ( window.console ) + { + // Firebug support + window.console.warn(e); + } + } +} + diff -r 0a74676a2f2f -r 68469a95658d includes/comment.php --- a/includes/comment.php Sat Jul 21 18:12:10 2007 -0400 +++ b/includes/comment.php Wed Jul 25 18:06:34 2007 -0400 @@ -233,7 +233,7 @@ // Authorization // Like the rest of the ACL system, this call is a one-stop check for ALL ACL entries. if ( !$this->perms->get_permissions('post_comments') ) - $errors[] = 'An ACL entry is preventing the comment from being posted.'; + $errors[] = 'The site security policy prevents your user account from posting comments;'; // Guest authorization if ( getConfig('comments_need_login') == '2' && !$session->user_logged_in ) diff -r 0a74676a2f2f -r 68469a95658d includes/functions.php --- a/includes/functions.php Sat Jul 21 18:12:10 2007 -0400 +++ b/includes/functions.php Wed Jul 25 18:06:34 2007 -0400 @@ -1963,7 +1963,7 @@ { if ( isset($callers[$j]) ) { - $tmp = ( is_callable($callers[$j]) ) ? @call_user_func($callers[$j], $val, $row) : $v; + $tmp = ( is_callable($callers[$j]) ) ? @call_user_func($callers[$j], $val, $row) : $val; if ( $tmp ) { diff -r 0a74676a2f2f -r 68469a95658d includes/paths.php --- a/includes/paths.php Sat Jul 21 18:12:10 2007 -0400 +++ b/includes/paths.php Wed Jul 25 18:06:34 2007 -0400 @@ -853,6 +853,8 @@ $group_list[] = $row['pg_id']; } + $db->free_result(); + // Static-page groups $q = $db->sql_query('SELECT g.pg_id FROM '.table_prefix.'page_groups AS g LEFT JOIN '.table_prefix.'page_group_members AS m diff -r 0a74676a2f2f -r 68469a95658d plugins/SpecialAdmin.php --- a/plugins/SpecialAdmin.php Sat Jul 21 18:12:10 2007 -0400 +++ b/plugins/SpecialAdmin.php Wed Jul 25 18:06:34 2007 -0400 @@ -39,6 +39,9 @@ )); '); +// Admin pages that were too enormous to be in this file were split off into the plugins/admin/ directory in 1.0.1 +require(ENANO_ROOT . '/plugins/admin/PageGroups.php'); + // function names are IMPORTANT!!! The name pattern is: page__ function page_Admin_Home() { @@ -138,6 +141,7 @@ case "sql_inject": echo 'SQL injection attempt
Offending query: ' . htmlspecialchars($r['page_text']) . '
'; break; case "db_backup": echo 'Database backup created
Tables: ' . $r['page_text'] . ''; break; case "install_enano": echo "Installed Enano version {$r['page_text']}"; break; + case "upgrade_enano": echo "Upgraded Enano to version {$r['page_text']}"; break; } echo ''.date('d M Y h:i a', $r['time_id']).''.$r['author'].''.$r['edit_summary'].''; } @@ -1710,487 +1714,6 @@ } } -function page_Admin_PageGroups() -{ - global $db, $session, $paths, $template, $plugins; // Common objects - if ( $session->auth_level < USER_LEVEL_ADMIN || $session->user_level < USER_LEVEL_ADMIN ) - { - echo '

Error: Not authenticated

It looks like your administration session is invalid or you are not authorized to access this administration page. Please re-authenticate to continue.

'; - return; - } - - if ( isset($_POST['action']) ) - { - if ( isset($_POST['action']['create']) || isset($_POST['action']['create_stage2']) ) - { - switch ( isset($_POST['action']['create_stage2']) ) - { - case true: - if ( empty($_POST['pg_name']) || empty($_POST['group_type']) ) - { - echo '
Please enter a name for the page group.
'; - return; - } - if ( $_POST['group_type'] == PAGE_GRP_TAGGED && empty($_POST['member_tag']) ) - { - echo '
Please enter a page tag.
'; - return; - } - if ( $_POST['group_type'] == PAGE_GRP_CATLINK && empty($_POST['member_cat']) ) - { - echo '
Please create a category page before linking a page group to a category.
'; - return; - } - if ( $_POST['group_type'] == PAGE_GRP_NORMAL && empty($_POST['member_page_0']) ) - { - echo '
Please specify at least one page to place in this group.
'; - return; - } - if ( $_POST['group_type'] != PAGE_GRP_TAGGED && $_POST['group_type'] != PAGE_GRP_CATLINK && $_POST['group_type'] != PAGE_GRP_NORMAL ) - { - echo '
Umm, you sent an invalid group type. I\'d put a real error message here but this will only be shown if you try to hack the system.
'; - return; - } - // All checks passed, create the group - switch($_POST['group_type']) - { - case PAGE_GRP_TAGGED: - $name = $db->escape($_POST['pg_name']); - $tag = $db->escape($_POST['member_tag']); - $sql = 'INSERT INTO '.table_prefix.'page_groups(pg_type,pg_name,pg_target) VALUES(' . PAGE_GRP_TAGGED . ', \'' . $name . '\', \'' . $tag . '\');'; - $q = $db->sql_query($sql); - if ( !$q ) - $db->_die(); - break; - case PAGE_GRP_CATLINK: - $name = $db->escape($_POST['pg_name']); - $cat = $db->escape($_POST['member_cat']); - $sql = 'INSERT INTO '.table_prefix.'page_groups(pg_type,pg_name,pg_target) VALUES(' . PAGE_GRP_CATLINK . ', \'' . $name . '\', \'' . $cat . '\');'; - $q = $db->sql_query($sql); - if ( !$q ) - $db->_die(); - break; - case PAGE_GRP_NORMAL: - $name = $db->escape($_POST['pg_name']); - $sql = 'INSERT INTO '.table_prefix.'page_groups(pg_type,pg_name) VALUES(' . PAGE_GRP_NORMAL . ', \'' . $name . '\');'; - $q = $db->sql_query($sql); - if ( !$q ) - $db->_die(); - - $ins_id = $db->insert_id(); - - // Page list - $keys = array_keys($_POST); - $arr_pages = array(); - foreach ( $keys as $val ) - { - if ( preg_match('/^member_page_([0-9]+?)$/', $val) && !empty($_POST[$val]) ) - { - $arr_pages[] = $_POST[$val]; - } - } - $arr_sql = array(); - foreach ( $arr_pages as $page ) - { - list($id, $ns) = RenderMan::strToPageID($page); - $id = sanitize_page_id($id); - $arr_sql[] = '(' . $ins_id . ',\'' . $db->escape($id) . '\', \'' . $ns . '\')'; - } - $sql = 'INSERT INTO '.table_prefix.'page_group_members(pg_id,page_id,namespace) VALUES' . implode(',', $arr_sql) . ';'; - $q = $db->sql_query($sql); - if ( !$q ) - $db->_die(); - break; - } - echo '
The page group "' . htmlspecialchars($_POST['pg_name']) . '" has been created.
'; - break; - } - // A little Javascript magic - ?> - - sql_query('SELECT name,urlname FROM '.table_prefix.'pages WHERE namespace=\'Category\';'); - if ( !$q ) - $db->_die(); - - if ( $db->numrows() < 1 ) - { - $catlist = 'There aren\'t any categories on this site.'; - } - else - { - $catlist = ''; - } - - echo ''; - - echo '
- - - - '; - - // Name - echo ' - - - '; - - // Group type - echo ' - - - '; - - // Titles - echo ' - - '; - - echo ' - '; - - echo ' - '; - - // Submit button - echo ' - - '; - - echo '
Create page group
- Group name:
- This should be short, descriptive, and human-readable. - 		- -
- Group type: - - -
- - Static group of pages - - - Group of commonly tagged pages - - - Mirror a category - -
-
- Member pages:
- Click the "plus" button to add more fields. -
- -
- Include pages with this tag: -
- 		-
-
-
-
-
-
- -
-
- -
- -
-
'; - - echo ''; - return; - } - else if ( isset($_POST['action']['del']) ) - { - // Confirmation to delete a group (this is really only a stub) - - $delete_id = array_keys($_POST['action']['del']); - $delete_id = intval($delete_id[0]); - - if ( !empty($delete_id) ) - { - echo '
'; - echo ''; - echo '
'; - echo ' '; - echo ' '; - echo ' '; - echo ' '; - echo '
Confirm deletion
Are you sure you want to delete this page group?
'; - echo ' '; - echo ' '; - echo '
'; - echo ''; - - return; - } - } - else if ( isset($_POST['action']['del_confirm']) ) - { - $delete_id = intval($_POST['delete_id']); - if ( empty($delete_id) ) - { - echo 'Hack attempt'; - return; - } - // Obtain group name - $q = $db->sql_query('SELECT pg_name FROM '.table_prefix.'page_groups WHERE pg_id=' . $delete_id . ';'); - if ( !$q ) - $db->_die(); - if ( $db->numrows() < 1 ) - { - echo 'Page group dun exist.'; - return; - } - $row = $db->fetchrow(); - $pg_name = $row['pg_name']; - unset($row); - // Delete the group - $q = $db->sql_query('DELETE FROM '.table_prefix.'page_groups WHERE pg_id=' . $delete_id . ';'); - if ( !$q ) - $db->_die(); - $q = $db->sql_query('DELETE FROM '.table_prefix.'page_group_members WHERE pg_id=' . $delete_id . ';'); - if ( !$q ) - $db->_die(); - echo "
The group ".'"'."$pg_name".'"'." has been deleted.
"; - } - else if ( isset($_POST['action']['edit']) ) - { - return; - } - else if ( isset($_POST['action']['noop']) ) - { - // Do nothing - } - else - { - echo '
Invalid format of $_POST[action].
'; - } - } - // No action defined - show default menu - $q = $db->sql_query('SELECT pg_id, pg_type, pg_name, pg_target FROM '.table_prefix.'page_groups;'); - if ( !$q ) - $db->_die(); - - echo '
'; - - echo '
- - - - - - - '; - - if ( $row = $db->fetchrow() ) - { - do - { - $name = htmlspecialchars($row['pg_name']); - $type = 'Invalid'; - switch ( $row['pg_type'] ) - { - case PAGE_GRP_CATLINK: - $type = 'Link to category'; - break; - case PAGE_GRP_TAGGED: - $type = 'Set of tagged pages'; - break; - case PAGE_GRP_NORMAL: - $type = 'Static set of pages'; - break; - } - $target = ''; - if ( $row['pg_type'] == PAGE_GRP_TAGGED ) - { - $target = 'Tag: ' . htmlspecialchars($row['pg_target']); - } - else if ( $row['pg_type'] == PAGE_GRP_CATLINK ) - { - $target = 'Category: ' . htmlspecialchars(get_page_title($paths->nslist['Category'] . sanitize_page_id($row['pg_target']))); - } - $btn_edit = ''; - $btn_del = ''; - // stupid jEdit bug/hack - $quot = '"'; - echo " - - - - - - "; - } - while ( $row = $db->fetchrow() ); - } - else - { - echo ' '; - } - - echo ' - - '; - - echo '
Group nameTypeTargetActions
$name$type$target$btn_edit$btn_del
No page groups defined.
- -
-
'; - - echo '
'; - -} - function page_Admin_ThemeManager() { diff -r 0a74676a2f2f -r 68469a95658d plugins/SpecialUserPrefs.php --- a/plugins/SpecialUserPrefs.php Sat Jul 21 18:12:10 2007 -0400 +++ b/plugins/SpecialUserPrefs.php Wed Jul 25 18:06:34 2007 -0400 @@ -399,7 +399,7 @@ echo '
Your signature has been saved.
'; } echo '
'; - echo $template->tinymce_textarea('new_sig', $session->signature); + echo $template->tinymce_textarea('new_sig', htmlspecialchars($session->signature)); echo ''; echo '
'; break; diff -r 0a74676a2f2f -r 68469a95658d themes/oxygen/header.tpl --- a/themes/oxygen/header.tpl Sat Jul 21 18:12:10 2007 -0400 +++ b/themes/oxygen/header.tpl Wed Jul 25 18:06:34 2007 -0400 @@ -22,7 +22,7 @@ { elem.style.display = 'block'; counter.style.display = 'none'; - elem.parentNode.style.width = '156px'; + elem.parentNode.style.width = ''; if ( !KILL_SWITCH ) { createCookie(side+'_sidebar', 'open', 365); diff -r 0a74676a2f2f -r 68469a95658d upgrade.php --- a/upgrade.php Sat Jul 21 18:12:10 2007 -0400 +++ b/upgrade.php Wed Jul 25 18:06:34 2007 -0400 @@ -705,6 +705,9 @@ } } + // Log the upgrade + $q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES(\'security\', \'upgrade_enano\', ' . time() . ', \'' . date('d M Y h:i a') . '\', \'' . mysql_real_escape_string($session->username) . '\', \'' . mysql_real_escape_string($this_version) . '\', \'' . mysql_real_escape_string($_SERVER['REMOTE_ADDR']) . '\');'); + echo 'done!

'; echo '

You will be redirected shortly. If you aren\'t redirected, click here.

';