# HG changeset patch # User Dan # Date 1251179020 14400 # Node ID 90225c988124ff3750d53a2dc3e573a5bcf37376 # Parent faef5e62e1e0bb40d4b9a55f78fb12a821cb7042# Parent 30d8bb88572d83f56a1169474a1728c8f3d0b787 Merging in work done on Charlie with upstream diff -r faef5e62e1e0 -r 90225c988124 README --- a/README Tue Aug 25 01:43:11 2009 -0400 +++ b/README Tue Aug 25 01:43:40 2009 -0400 @@ -1,5 +1,5 @@ Enano CMS -Version 1.1.6 +Version 1.1.7 ----------------------------- Thanks for downloading Enano! If you're looking for an installation guide, @@ -44,81 +44,59 @@ from other projects that are also released under Free licenses; see the various files under the licenses/ directory included with this release for details. -MODIFIED DISTRIBUTIONS / FORKS ------------------------------ - -Please note that the Enano team does not provide any support for modified or -"modded" releases. So if you modify the Enano sources at all, you will not -receive any support from official sources. If you distribute your modified -versions, providing support is entirely up to you. You also must remove any -links to official Enano support channels contained in the source code if you -distribute any modified version of Enano. We also respectfully request that you -not call any modified distributions "Enano" or any deviation thereof; while the -term "Enano" is not a registered trademark, we do ask that you respect it. - -Please note that the official Enano artwork is copyrighted and not under the -GPL. If you distribute any modified version of Enano, you must change the -artwork. (If you're seeking to include Enano as part of a larger software -distribution, such as GNU/Linux or BSD, e-mail Dan for special terms.) - -As permitted by the GPL, you may charge for the service of downloading Enano -from your server; however, you may not prevent others from distributing Enano -or any modified version. - CHANGES IN THIS RELEASE ----------------------------- -Please see for a list of changes in +Please see for a list of changes in this release. UPGRADING FROM PREVIOUS RELEASES ----------------------------- This archive includes a script that can migrate an Enano 1.0.x installation to -Enano 1.1. Before running the migration script, you should always be sure to -upgrade to the latest version of Enano 1.0.x (1.0.4 "Ellyyllon" at the time of -this writing). Migration is NOT REVERSIBLE. This is alpha-quality code. DO NOT +Enano 1.2. Before running the migration script, you should always be sure to +upgrade to the latest version of Enano 1.0.x (1.0.7 "FIXME" at the time of +this writing). Migration is NOT REVERSIBLE. This is beta-quality code. DO NOT UNDER ANY CIRCUMSTANCES UPGRADE A PRODUCTION SITE. -As of Enano 1.1.2, upgrades from previous 1.1.x versions are supported. The API -is considered fairly stable as of 1.1.4, but the interface is still a work in -progress except for the installer UI core, which is quite close to final. +Upgrades from any 1.1.x version are fully supported and generally more stable +than upgrades from 1.0 because of all the API changes. If you experience +trouble upgrading from a 1.0 version to 1.2, try upgrading first to version +1.1.6 or so. TRANSLATING ENANO ----------------------------- -This is the only the fifth formal release of Enano that is localized. Right -now since this is an alpha, you probably don't want to do any translation -because you'll be doing a TON more strings at every release. HOWEVER, we're -looking for people to sign up and volunteer for translation efforts later on. -If you have a native or very good knowledge of a language, drop us an e-mail -and we'll get you onto the translator list and eventually onto a mailing list -specifically for l10n. +There have been quite a few changes to strings in the 1.2 series. Since this +is a beta, you probably don't want to do a lot of translation because you'll +be doing a TON more strings at every release. HOWEVER, we're looking for +people to sign up and volunteer for translation efforts later on. If you have +a native or very good knowledge of a language, drop us an e-mail and we'll get +you onto the translator list and eventually onto a mailing list specifically +for l10n if that effort becomes big enough. -EXPANDING YOUR SITE'S CAPABILITIES +PLUG-INS ----------------------------- -There is a gallery of plugins for Enano at -. It's not very full right now because -not every plugin has a page on the website yet, and some plugins still have -yet to be ported to work with some of the newer API changes. Being an alpha -release you'll probably need to look in the Mercurial repositories at - for the latest versions of plugins that are designed -to work under both 1.0.x and 1.1.x. +Most Enano features you see are actually the work of plugins. You can see a +gallery of plugins at . Most of the +plugins there work under Enano 1.2, but some don't. Plugins with known +compatibility problems are marked; if you don't see any notes to the +contrary, it's probably compatible with Enano 1.2. -GIVING YOUR SITE A NEW LOOK +THEMES ----------------------------- You can find more themes for Enano at . -Again, we're still working on packaging up themes and creating pages for them, -so try to be patient. We have quite a few themes in the works. You can create -your own themes too; for more information, see Chapter V of the Enano -Administrator's handbook, at . Unless -specifically marked, themes on the Enano website are compatible with 1.0.x. -While you can use 1.0.x themes under 1.1.x, some features (namely viewing IPs -on comments and the default "Inherit" option in the ACL editor) will be missing -unless you copy over comment.tpl and acledit.tpl respectively from Oxygen or -one of the other themes included with this 1.1.x package. +We're not doing too great with developing themes, and what we have developed +often doesn't make it up to the website. :) So your choices on the website +look a little bit more limited than they really are. + +Unlike plugins, themes are generally very easy to port from 1.0 to 1.2. Copy +over acledit.tpl, comment.tpl, and toolbar.tpl from a 1.2 theme and remove +the '; } - $js_dynamic .= ''; + $js_dynamic .= ''; global $site_name, $site_desc; $site_default_name = ( !empty($site_name) ) ? $site_name : 'Critical error'; diff -r faef5e62e1e0 -r 90225c988124 includes/wikiengine/Tables.php --- a/includes/wikiengine/Tables.php Tue Aug 25 01:43:11 2009 -0400 +++ b/includes/wikiengine/Tables.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. diff -r faef5e62e1e0 -r 90225c988124 includes/wikiengine/TagSanitizer.php --- a/includes/wikiengine/TagSanitizer.php Tue Aug 25 01:43:11 2009 -0400 +++ b/includes/wikiengine/TagSanitizer.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. diff -r faef5e62e1e0 -r 90225c988124 includes/wikiengine/parse_mediawiki.php --- a/includes/wikiengine/parse_mediawiki.php Tue Aug 25 01:43:11 2009 -0400 +++ b/includes/wikiengine/parse_mediawiki.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. diff -r faef5e62e1e0 -r 90225c988124 includes/wikiengine/render_xhtml.php --- a/includes/wikiengine/render_xhtml.php Tue Aug 25 01:43:11 2009 -0400 +++ b/includes/wikiengine/render_xhtml.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. @@ -26,11 +25,10 @@ public function heading($text, $pieces) { - static $tocid = -1; foreach ( $pieces as $i => $piece ) { - $tocid++; - $tag = ''; + $tocid = sanitize_page_id(trim($piece['text'])); + $tag = ''; $tag .= trim($piece['text']); $tag .= ''; diff -r faef5e62e1e0 -r 90225c988124 includes/wikiformat.php --- a/includes/wikiformat.php Tue Aug 25 01:43:11 2009 -0400 +++ b/includes/wikiformat.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. @@ -100,6 +99,10 @@ $parser_class = "Carpenter_Parse_" . ucwords($this->parser); $renderer_class = "Carpenter_Render_" . ucwords($this->renderer); + // empty? + if ( trim($text) === '' ) + return $text; + // include files, if we haven't already if ( !class_exists($parser_class) ) { diff -r faef5e62e1e0 -r 90225c988124 index.php --- a/index.php Tue Aug 25 01:43:11 2009 -0400 +++ b/index.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. @@ -15,690 +14,690 @@ * @subpackage Frontend */ - define('ENANO_INTERFACE_INDEX', ''); - - // start up Enano - require('includes/common.php'); - - // decide on HTML compacting - $aggressive_optimize_html = !defined('ENANO_DEBUG') && !isset($_GET['nocompress']); - - // Set up gzip encoding before any output is sent - global $do_gzip; - // FIXME: make this configurable - $do_gzip = !defined('ENANO_DEBUG'); - - error_reporting(E_ALL); - - if($aggressive_optimize_html || $do_gzip) - { +define('ENANO_INTERFACE_INDEX', ''); + +// start up Enano +require('includes/common.php'); + +// decide on HTML compacting +$aggressive_optimize_html = !defined('ENANO_DEBUG') && !isset($_GET['nocompress']); + +// Set up gzip encoding before any output is sent +global $do_gzip; +// FIXME: make this configurable +$do_gzip = !defined('ENANO_DEBUG'); + +error_reporting(E_ALL); + +if($aggressive_optimize_html || $do_gzip) +{ + ob_start(); +} + +global $db, $session, $paths, $template, $plugins; // Common objects +$page_timestamp = time(); + +if ( !isset($_GET['do']) ) +{ + $_GET['do'] = 'view'; +} +switch($_GET['do']) +{ + default: + $code = $plugins->setHook('page_action'); ob_start(); - } - - global $db, $session, $paths, $template, $plugins; // Common objects - $page_timestamp = time(); - - if ( !isset($_GET['do']) ) - { - $_GET['do'] = 'view'; - } - switch($_GET['do']) - { - default: - $code = $plugins->setHook('page_action'); - ob_start(); - foreach ( $code as $cmd ) - { - eval($cmd); - } - if ( $contents = ob_get_contents() ) - { - ob_end_clean(); - echo $contents; - } - else - { - die_friendly('Invalid action', '

The action "'.htmlspecialchars($_GET['do']).'" is not defined. Return to viewing this page\'s text.

'); - } - break; - case 'view': - // echo PageUtils::getpage($paths->page, true, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false )); - $rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 ); - $page = new PageProcessor( $paths->page_id, $paths->namespace, $rev_id ); - // Feed this PageProcessor to the template processor. This prevents $template from starting another - // PageProcessor when we already have one going. - $template->set_page($page); - $page->send_headers = true; - $page->allow_redir = ( !isset($_GET['redirect']) || (isset($_GET['redirect']) && $_GET['redirect'] !== 'no') ); - $pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : ''; - $page->password = $pagepass; - $page->send(true); - $page_timestamp = $page->revision_time; - break; - case 'comments': - $output->header(); - require_once(ENANO_ROOT.'/includes/pageutils.php'); - $sub = ( isset ($_GET['sub']) ) ? $_GET['sub'] : false; - switch($sub) - { - case 'admin': - default: - $act = ( isset ($_GET['action']) ) ? $_GET['action'] : false; - $id = ( isset ($_GET['id']) ) ? intval($_GET['id']) : -1; - echo PageUtils::comments_html($paths->page_id, $paths->namespace, $act, Array('id'=>$id)); - break; - case 'postcomment': - if(empty($_POST['name']) || - empty($_POST['subj']) || - empty($_POST['text']) - ) { echo 'Invalid request'; break; } - $cid = ( isset($_POST['captcha_id']) ) ? $_POST['captcha_id'] : false; - $cin = ( isset($_POST['captcha_input']) ) ? $_POST['captcha_input'] : false; - - require_once('includes/comment.php'); - $comments = new Comments($paths->page_id, $paths->namespace); - - $submission = array( - 'mode' => 'submit', - 'captcha_id' => $cid, - 'captcha_code' => $cin, - 'name' => $_POST['name'], - 'subj' => $_POST['subj'], - 'text' => $_POST['text'], - ); - - $result = $comments->process_json($submission); - if ( $result['mode'] == 'error' ) - { - echo '
' . htmlspecialchars($result['error']) . '
'; - } - else - { - echo '
' . $lang->get('comment_msg_comment_posted') . '
'; - } - - echo PageUtils::comments_html($paths->page_id, $paths->namespace); - break; - case 'editcomment': - if(!isset($_GET['id']) || ( isset($_GET['id']) && !preg_match('#^([0-9]+)$#', $_GET['id']) )) { echo '

Invalid comment ID

'; break; } - $q = $db->sql_query('SELECT subject,comment_data,comment_id FROM '.table_prefix.'comments WHERE comment_id='.$_GET['id']); - if(!$q) $db->_die('The comment data could not be selected.'); - $row = $db->fetchrow(); - $db->free_result(); - $row['subject'] = str_replace('\'', ''', $row['subject']); - echo '
'; - echo "
- - - -
" . $lang->get('comment_postform_field_subject') . "
" . $lang->get('comment_postform_field_comment') . "
"; - echo '
'; - break; - case 'savecomment': - if(empty($_POST['subj']) || empty($_POST['text'])) { echo '

Invalid request

'; break; } - $r = PageUtils::savecomment_neater($paths->page_id, $paths->namespace, $_POST['subj'], $_POST['text'], (int)$_POST['id']); - if($r != 'good') { echo "
$r
"; break; } - echo PageUtils::comments_html($paths->page_id, $paths->namespace); - break; - case 'deletecomment': - if(!empty($_GET['id'])) - { - PageUtils::deletecomment_neater($paths->page_id, $paths->namespace, (int)$_GET['id']); - } - echo PageUtils::comments_html($paths->page_id, $paths->namespace); - break; - } - $output->footer(); - break; - case 'edit': - if(isset($_POST['_cancel'])) - { - redirect(makeUrl($paths->page), '', '', 0); + foreach ( $code as $cmd ) + { + eval($cmd); + } + if ( $contents = ob_get_contents() ) + { + ob_end_clean(); + echo $contents; + } + else + { + die_friendly('Invalid action', '

The action "'.htmlspecialchars($_GET['do']).'" is not defined. Return to viewing this page\'s text.

'); + } + break; + case 'view': + // echo PageUtils::getpage($paths->page, true, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false )); + $rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 ); + $page = new PageProcessor( $paths->page_id, $paths->namespace, $rev_id ); + // Feed this PageProcessor to the template processor. This prevents $template from starting another + // PageProcessor when we already have one going. + $template->set_page($page); + $page->send_headers = true; + $page->allow_redir = ( !isset($_GET['redirect']) || (isset($_GET['redirect']) && $_GET['redirect'] !== 'no') ); + $pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : ''; + $page->password = $pagepass; + $page->send(true); + $page_timestamp = $page->revision_time; + break; + case 'comments': + $output->header(); + require_once(ENANO_ROOT.'/includes/pageutils.php'); + $sub = ( isset ($_GET['sub']) ) ? $_GET['sub'] : false; + switch($sub) + { + case 'admin': + default: + $act = ( isset ($_GET['action']) ) ? $_GET['action'] : false; + $id = ( isset ($_GET['id']) ) ? intval($_GET['id']) : -1; + echo PageUtils::comments_html($paths->page_id, $paths->namespace, $act, Array('id'=>$id)); break; - } - require_once(ENANO_ROOT.'/includes/pageutils.php'); - if(isset($_POST['_save'])) - { - $captcha_valid = true; - if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' ) - { - $captcha_valid = false; - if ( isset($_POST['captcha_id']) && isset($_POST['captcha_code']) ) - { - $hash_correct = strtolower($session->get_captcha($_POST['captcha_id'])); - $hash_input = strtolower($_POST['captcha_code']); - if ( $hash_input === $hash_correct ) - $captcha_valid = true; - } - } - if ( $captcha_valid ) + case 'postcomment': + if(empty($_POST['name']) || + empty($_POST['subj']) || + empty($_POST['text']) + ) { echo 'Invalid request'; break; } + $cid = ( isset($_POST['captcha_id']) ) ? $_POST['captcha_id'] : false; + $cin = ( isset($_POST['captcha_input']) ) ? $_POST['captcha_input'] : false; + + require_once('includes/comment.php'); + $comments = new Comments($paths->page_id, $paths->namespace); + + $submission = array( + 'mode' => 'submit', + 'captcha_id' => $cid, + 'captcha_code' => $cin, + 'name' => $_POST['name'], + 'subj' => $_POST['subj'], + 'text' => $_POST['text'], + ); + + $result = $comments->process_json($submission); + if ( $result['mode'] == 'error' ) { - $e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['page_text'], $_POST['edit_summary'], isset($_POST['minor'])); - if ( $e == 'good' ) - { - redirect(makeUrl($paths->page), $lang->get('editor_msg_save_success_title'), $lang->get('editor_msg_save_success_body'), 3); - } - } - } - $template->header(); - if ( isset($captcha_valid) ) - { - echo '
' . $lang->get('editor_err_captcha_wrong') . '
'; - } - if(isset($_POST['_preview'])) - { - $text = $_POST['page_text']; - $edsumm = $_POST['edit_summary']; - echo PageUtils::genPreview($_POST['page_text']); - $text = htmlspecialchars($text); - $revid = 0; - } - else - { - $revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0; - $page = new PageProcessor($paths->page_id, $paths->namespace, $revid); - $text = $page->fetch_source(); - $edsumm = ''; - // $text = RenderMan::getPage($paths->cpage['urlname_nons'], $paths->namespace, 0, false, false, false, false); - } - if ( $revid > 0 ) - { - $time = $page->revision_time; - // Retrieve information about this revision and the current one - $q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1 - LEFT JOIN ' . table_prefix . 'logs AS l2 - ON ( l2.log_id = ' . $revid . ' - AND l2.log_type = \'page\' - AND l2.action = \'edit\' - AND l2.page_id = \'' . $db->escape($paths->page_id) . '\' - AND l2.namespace = \'' . $db->escape($paths->namespace) . '\' - AND l1.is_draft != 1 - ) - WHERE l1.log_type = \'page\' - AND l1.action = \'edit\' - AND l1.page_id = \'' . $db->escape($paths->page_id) . '\' - AND l1.namespace = \'' . $db->escape($paths->namespace) . '\' - AND l1.time_id > ' . $time . ' - AND l1.is_draft != 1 - ORDER BY l1.time_id DESC;'); - if ( !$q ) - $db->die_json(); - - if ( $db->numrows() > 0 ) - { - echo '
' . $lang->get('editor_msg_editing_old_revision') . '
'; - - $rev_count = $db->numrows() - 2; - $row = $db->fetchrow(); - $undo_info = array( - 'old_author' => $row['oldrev_author'], - 'current_author' => $row['currentrev_author'], - 'undo_count' => max($rev_count, 1), - 'last_rev_id' => $revid - ); + echo '
' . htmlspecialchars($result['error']) . '
'; } else { - $revid = 0; + echo '
' . $lang->get('comment_msg_comment_posted') . '
'; } + + echo PageUtils::comments_html($paths->page_id, $paths->namespace); + break; + case 'editcomment': + if(!isset($_GET['id']) || ( isset($_GET['id']) && !preg_match('#^([0-9]+)$#', $_GET['id']) )) { echo '

Invalid comment ID

'; break; } + $q = $db->sql_query('SELECT subject,comment_data,comment_id FROM '.table_prefix.'comments WHERE comment_id='.$_GET['id']); + if(!$q) $db->_die('The comment data could not be selected.'); + $row = $db->fetchrow(); $db->free_result(); - } - echo ' -
-
-
-
- '; - $edsumm = ( $revid > 0 ) ? $lang->get('editor_reversion_edit_summary', $undo_info) : $edsumm; - echo $lang->get('editor_lbl_edit_summary') . '

'; + $row['subject'] = str_replace('\'', ''', $row['subject']); + echo ''; + echo "
+ + + +
" . $lang->get('comment_postform_field_subject') . "
" . $lang->get('comment_postform_field_comment') . "
"; + echo '
'; + break; + case 'savecomment': + if(empty($_POST['subj']) || empty($_POST['text'])) { echo '

Invalid request

'; break; } + $r = PageUtils::savecomment_neater($paths->page_id, $paths->namespace, $_POST['subj'], $_POST['text'], (int)$_POST['id']); + if($r != 'good') { echo "
$r
"; break; } + echo PageUtils::comments_html($paths->page_id, $paths->namespace); + break; + case 'deletecomment': + if(!empty($_GET['id'])) + { + PageUtils::deletecomment_neater($paths->page_id, $paths->namespace, (int)$_GET['id']); + } + echo PageUtils::comments_html($paths->page_id, $paths->namespace); + break; + } + $output->footer(); + break; + case 'edit': + if(isset($_POST['_cancel'])) + { + redirect(makeUrl($paths->page), '', '', 0); + break; + } + require_once(ENANO_ROOT.'/includes/pageutils.php'); + if(isset($_POST['_save'])) + { + $captcha_valid = true; if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' ) { - echo '
'; - echo '' . $lang->get('editor_lbl_field_captcha') . '
' - . '
' - . $lang->get('editor_msg_captcha_pleaseenter') . '

' - . $lang->get('editor_msg_captcha_blind'); - echo '		'; - $hash = $session->make_captcha(); - echo '
'; - echo ''; - echo $lang->get('editor_lbl_field_captcha_code') . ' '; - echo '
'; + $captcha_valid = false; + if ( isset($_POST['captcha_id']) && isset($_POST['captcha_code']) ) + { + $hash_correct = strtolower($session->get_captcha($_POST['captcha_id'])); + $hash_input = strtolower($_POST['captcha_code']); + if ( $hash_input === $hash_correct ) + $captcha_valid = true; + } } - echo '
- - - - - - '; - if ( getConfig('wiki_edit_notice', '0') == '1' ) + if ( $captcha_valid ) { - $notice = getConfig('wiki_edit_notice_text'); - echo RenderMan::render($notice); + $e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['page_text'], $_POST['edit_summary'], isset($_POST['minor'])); + if ( $e == 'good' ) + { + redirect(makeUrl($paths->page), $lang->get('editor_msg_save_success_title'), $lang->get('editor_msg_save_success_body'), 3); + } } - $template->footer(); - break; - case 'viewsource': - $template->header(); - $text = RenderMan::getPage($paths->page_id, $paths->namespace, 0, false, false, false, false); + } + $template->header(); + if ( isset($captcha_valid) ) + { + echo '
' . $lang->get('editor_err_captcha_wrong') . '
'; + } + if(isset($_POST['_preview'])) + { + $text = $_POST['page_text']; + $edsumm = $_POST['edit_summary']; + echo PageUtils::genPreview($_POST['page_text']); $text = htmlspecialchars($text); - echo ' -
-
- '; - echo '
- -
- '; - $template->footer(); - break; - case 'history': - require_once(ENANO_ROOT.'/includes/pageutils.php'); - $hist = PageUtils::histlist($paths->page_id, $paths->namespace); - $template->header(); - echo $hist; - $template->footer(); - break; - case 'rollback': - $id = (isset($_GET['id'])) ? $_GET['id'] : false; - if(!$id || !ctype_digit($id)) die_friendly('Invalid action ID', '

The URL parameter "id" is not an integer. Exiting to prevent nasties like SQL injection, etc.

'); + $revid = 0; + } + else + { + $revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0; + $page = new PageProcessor($paths->page_id, $paths->namespace, $revid); + $text = $page->fetch_source(); + $edsumm = ''; + // $text = RenderMan::getPage($paths->cpage['urlname_nons'], $paths->namespace, 0, false, false, false, false); + } + if ( $revid > 0 ) + { + $time = $page->revision_time; + // Retrieve information about this revision and the current one + $q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1 +LEFT JOIN ' . table_prefix . 'logs AS l2 + ON ( l2.log_id = ' . $revid . ' + AND l2.log_type = \'page\' + AND l2.action = \'edit\' + AND l2.page_id = \'' . $db->escape($paths->page_id) . '\' + AND l2.namespace = \'' . $db->escape($paths->namespace) . '\' + AND l1.is_draft != 1 + ) +WHERE l1.log_type = \'page\' + AND l1.action = \'edit\' + AND l1.page_id = \'' . $db->escape($paths->page_id) . '\' + AND l1.namespace = \'' . $db->escape($paths->namespace) . '\' + AND l1.time_id > ' . $time . ' + AND l1.is_draft != 1 +ORDER BY l1.time_id DESC;'); + if ( !$q ) + $db->die_json(); - $id = intval($id); - - $page = new PageProcessor($paths->page_id, $paths->namespace); - $result = $page->rollback_log_entry($id); - - if ( $result['success'] ) + if ( $db->numrows() > 0 ) { - $result = $lang->get("page_msg_rb_success_{$result['action']}", array('dateline' => $result['dateline'])); + echo '
' . $lang->get('editor_msg_editing_old_revision') . '
'; + + $rev_count = $db->numrows() - 2; + $row = $db->fetchrow(); + $undo_info = array( + 'old_author' => $row['oldrev_author'], + 'current_author' => $row['currentrev_author'], + 'undo_count' => max($rev_count, 1), + 'last_rev_id' => $revid + ); } else { - $result = $lang->get("page_err_{$result['error']}", array('action' => @$result['action'])); + $revid = 0; } - - $template->header(); - echo '

'.$result.' ' . $lang->get('etc_return_to_page') . '

'; - $template->footer(); - break; - case 'catedit': - require_once(ENANO_ROOT.'/includes/pageutils.php'); - if(isset($_POST['__enanoSaveButton'])) - { - unset($_POST['__enanoSaveButton']); - $val = PageUtils::catsave($paths->page_id, $paths->namespace, $_POST); - if($val == 'GOOD') - { - header('Location: '.makeUrl($paths->page)); echo 'Redirecting...If you haven\'t been redirected yet, click here.'; break; - } else { - die_friendly('Error saving category information', '

'.$val.'

'); - } - } - elseif(isset($_POST['__enanoCatCancel'])) + $db->free_result(); + } + echo ' +
+
+
+
+ '; + $edsumm = ( $revid > 0 ) ? $lang->get('editor_reversion_edit_summary', $undo_info) : $edsumm; + echo $lang->get('editor_lbl_edit_summary') . '

'; + if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' ) + { + echo '
'; + echo '' . $lang->get('editor_lbl_field_captcha') . '
' + . '
' + . $lang->get('editor_msg_captcha_pleaseenter') . '

' + . $lang->get('editor_msg_captcha_blind'); + echo '		'; + $hash = $session->make_captcha(); + echo '
'; + echo ''; + echo $lang->get('editor_lbl_field_captcha_code') . ' '; + echo '
'; + } + echo '
+ + + + +
+ '; + if ( getConfig('wiki_edit_notice', '0') == '1' ) + { + $notice = getConfig('wiki_edit_notice_text'); + echo RenderMan::render($notice); + } + $template->footer(); + break; + case 'viewsource': + $template->header(); + $text = RenderMan::getPage($paths->page_id, $paths->namespace, 0, false, false, false, false); + $text = htmlspecialchars($text); + echo ' +
+
+ '; + echo '
+ +
+ '; + $template->footer(); + break; + case 'history': + require_once(ENANO_ROOT.'/includes/pageutils.php'); + $hist = PageUtils::histlist($paths->page_id, $paths->namespace); + $template->header(); + echo $hist; + $template->footer(); + break; + case 'rollback': + $id = (isset($_GET['id'])) ? $_GET['id'] : false; + if(!$id || !ctype_digit($id)) die_friendly('Invalid action ID', '

The URL parameter "id" is not an integer. Exiting to prevent nasties like SQL injection, etc.

'); + + $id = intval($id); + + $page = new PageProcessor($paths->page_id, $paths->namespace); + $result = $page->rollback_log_entry($id); + + if ( $result['success'] ) + { + $result = $lang->get("page_msg_rb_success_{$result['action']}", array('dateline' => $result['dateline'])); + } + else + { + $result = $lang->get("page_err_{$result['error']}", array('action' => @$result['action'])); + } + + $template->header(); + echo '

'.$result.' ' . $lang->get('etc_return_to_page') . '

'; + $template->footer(); + break; + case 'catedit': + require_once(ENANO_ROOT.'/includes/pageutils.php'); + if(isset($_POST['__enanoSaveButton'])) + { + unset($_POST['__enanoSaveButton']); + $val = PageUtils::catsave($paths->page_id, $paths->namespace, $_POST); + if($val == 'GOOD') { header('Location: '.makeUrl($paths->page)); echo 'Redirecting...If you haven\'t been redirected yet, click here.'; break; + } else { + die_friendly('Error saving category information', '

'.$val.'

'); } - $template->header(); - $c = PageUtils::catedit_raw($paths->page_id, $paths->namespace); - echo $c[1]; - $template->footer(); - break; - case 'moreoptions': - $template->header(); - echo '
  • ' . $lang->get('ajax_lbl_moreoptions_nojs') . '
    • '.$template->toolbar_menu.'
'; - $template->footer(); - break; - case 'protect': - if ( !$session->sid_super ) + } + elseif(isset($_POST['__enanoCatCancel'])) + { + header('Location: '.makeUrl($paths->page)); echo 'Redirecting...If you haven\'t been redirected yet, click here.'; break; + } + $template->header(); + $c = PageUtils::catedit_raw($paths->page_id, $paths->namespace); + echo $c[1]; + $template->footer(); + break; + case 'moreoptions': + $template->header(); + echo '
  • ' . $lang->get('ajax_lbl_moreoptions_nojs') . '
    • '.$template->toolbar_menu.'
'; + $template->footer(); + break; + case 'protect': + if ( !$session->sid_super ) + { + redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=protect&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); + } + + if ( isset($_POST['level']) && isset($_POST['reason']) ) + { + $level = intval($_POST['level']); + if ( !in_array($level, array(PROTECT_FULL, PROTECT_SEMI, PROTECT_NONE)) ) { - redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=protect&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); + $errors[] = 'bad level'; + } + $reason = trim($_POST['reason']); + if ( empty($reason) ) + { + $errors[] = $lang->get('onpage_protect_err_need_reason'); } - if ( isset($_POST['level']) && isset($_POST['reason']) ) + $page = new PageProcessor($paths->page_id, $paths->namespace); + $result = $page->protect_page($level, $reason); + if ( $result['success'] ) + { + redirect(makeUrl($paths->page), $lang->get('page_protect_lbl_success_title'), $lang->get('page_protect_lbl_success_body', array('page_link' => makeUrl($paths->page, false, true))), 3); + } + else { - $level = intval($_POST['level']); - if ( !in_array($level, array(PROTECT_FULL, PROTECT_SEMI, PROTECT_NONE)) ) - { - $errors[] = 'bad level'; - } - $reason = trim($_POST['reason']); - if ( empty($reason) ) - { - $errors[] = $lang->get('onpage_protect_err_need_reason'); - } - - $page = new PageProcessor($paths->page_id, $paths->namespace); - $result = $page->protect_page($level, $reason); - if ( $result['success'] ) - { - redirect(makeUrl($paths->page), $lang->get('page_protect_lbl_success_title'), $lang->get('page_protect_lbl_success_body', array('page_link' => makeUrl($paths->page, false, true))), 3); - } - else - { - $errors[] = $lang->get('page_err_' . $result['error']); - } + $errors[] = $lang->get('page_err_' . $result['error']); } - $template->header(); + } + $template->header(); + ?> +
+

get('onpage_protect_heading'); ?>

+

get('onpage_protect_msg_select_level'); ?>

+ +
  • ' . implode('
  • ', $errors) . '
    • '; + } ?> - -

    get('onpage_protect_heading'); ?>

    -

    get('onpage_protect_msg_select_level'); ?>

    - -
  • ' . implode('
  • ', $errors) . '
    • '; - } - ?> - -
    - -
    -
    - get('onpage_protect_btn_full_hint'); ?> -
    - -
    - -
    -
    - get('onpage_protect_btn_semi_hint'); ?> -
    - -
    - -
    -
    - get('onpage_protect_btn_none_hint'); ?> -
    - - - - - - -
    - get('onpage_protect_lbl_reason'); ?> - -
    - get('onpage_protect_lbl_reason_hint'); ?> -
    - -

    - - get('etc_cancel'); ?> -

    + +
    + +
    +
    + get('onpage_protect_btn_full_hint'); ?> +
    + +
    + +
    +
    + get('onpage_protect_btn_semi_hint'); ?> +
    + +
    + +
    +
    + get('onpage_protect_btn_none_hint'); ?> +
    + + + + + + +
    + get('onpage_protect_lbl_reason'); ?> + +
    + get('onpage_protect_lbl_reason_hint'); ?> +
    + +

    + + get('etc_cancel'); ?> +

    +
    + footer(); + break; + case 'rename': + require_once(ENANO_ROOT.'/includes/pageutils.php'); + if(!empty($_POST['newname'])) + { + $r = PageUtils::rename($paths->page_id, $paths->namespace, $_POST['newname']); + die_friendly($lang->get('page_rename_success_title'), '

    '.nl2br($r).' ' . $lang->get('etc_return_to_page') . '.

    '); + } + $template->header(); + ?> +
    + ' . $lang->get('page_rename_err_need_name') . '

    '; ?> +

    get('page_rename_lbl'); ?>

    +

    +

    +
    + footer(); + break; + case 'flushlogs': + if(!$session->get_permissions('clear_logs')) + { + die_friendly($lang->get('etc_access_denied_short'), '

    ' . $lang->get('etc_access_denied') . '

    '); + } + if ( !$session->sid_super ) + { + redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=flushlogs&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); + } + require_once(ENANO_ROOT.'/includes/pageutils.php'); + if(isset($_POST['_downthejohn'])) + { + $template->header(); + $result = PageUtils::flushlogs($paths->page_id, $paths->namespace); + echo '

    '.$result.' ' . $lang->get('etc_return_to_page') . '.

    '; + $template->footer(); + break; + } + $template->header(); + ?> +
    + get('page_flushlogs_warning_stern'); ?> +

    footer(); + break; + case 'delvote': + require_once(ENANO_ROOT.'/includes/pageutils.php'); + if(isset($_POST['_ballotbox'])) + { + $template->header(); + $result = PageUtils::delvote($paths->page_id, $paths->namespace); + echo '

    '.$result.' ' . $lang->get('etc_return_to_page') . '.

    '; $template->footer(); break; - case 'rename': - require_once(ENANO_ROOT.'/includes/pageutils.php'); - if(!empty($_POST['newname'])) - { - $r = PageUtils::rename($paths->page_id, $paths->namespace, $_POST['newname']); - die_friendly($lang->get('page_rename_success_title'), '

    '.nl2br($r).' ' . $lang->get('etc_return_to_page') . '.

    '); - } - $template->header(); + } + $template->header(); ?> -
    - ' . $lang->get('page_rename_err_need_name') . '

    '; ?> -

    get('page_rename_lbl'); ?>

    -

    -

    + + get('page_delvote_warning_stern'); + echo '

    '; + switch($paths->cpage['delvotes']) + { + case 0: echo $lang->get('page_delvote_count_zero'); break; + case 1: echo $lang->get('page_delvote_count_one'); break; + default: echo $lang->get('page_delvote_count_plural', array('delvotes' => $paths->cpage['delvotes'])); break; + } + echo '

    '; + ?> +

    footer(); + $template->footer(); + break; + case 'resetvotes': + require_once(ENANO_ROOT.'/includes/pageutils.php'); + if(!$session->get_permissions('vote_reset')) + { + die_friendly($lang->get('etc_access_denied_short'), '

    ' . $lang->get('etc_access_denied') . '

    '); + } + if(isset($_POST['_youmaylivealittlelonger'])) + { + $template->header(); + $result = PageUtils::resetdelvotes($paths->page_id, $paths->namespace); + echo '

    '.$result.' ' . $lang->get('etc_return_to_page') . '.

    '; + $template->footer(); break; - case 'flushlogs': - if(!$session->get_permissions('clear_logs')) - { - die_friendly($lang->get('etc_access_denied_short'), '

    ' . $lang->get('etc_access_denied') . '

    '); - } - if ( !$session->sid_super ) - { - redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=flushlogs&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); - } - require_once(ENANO_ROOT.'/includes/pageutils.php'); - if(isset($_POST['_downthejohn'])) + } + $template->header(); + ?> +
    +

    get('ajax_delvote_reset_confirm'); ?>

    +

    +
    + footer(); + break; + case 'deletepage': + if(!$session->get_permissions('delete_page')) + { + die_friendly($lang->get('etc_access_denied_short'), '

    ' . $lang->get('etc_access_denied') . '

    '); + } + if ( !$session->sid_super ) + { + redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=deletepage&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); + } + + require_once(ENANO_ROOT.'/includes/pageutils.php'); + if(isset($_POST['_adiossucker'])) + { + $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false; + if ( empty($reason) ) + $error = $lang->get('ajax_delete_prompt_reason'); + else { $template->header(); - $result = PageUtils::flushlogs($paths->page_id, $paths->namespace); + $result = PageUtils::deletepage($paths->page_id, $paths->namespace, $reason); echo '

    '.$result.' ' . $lang->get('etc_return_to_page') . '.

    '; $template->footer(); break; } - $template->header(); - ?> -
    - get('page_flushlogs_warning_stern'); ?> -

    -
    - footer(); - break; - case 'delvote': - require_once(ENANO_ROOT.'/includes/pageutils.php'); - if(isset($_POST['_ballotbox'])) + } + $template->header(); + ?> +
    + get('page_delete_warning_stern'); ?> + $error

    "; ?> +

    get('page_delete_lbl_reason'); ?>

    +

    +
    + footer(); + break; + case 'setwikimode': + if(!$session->get_permissions('set_wiki_mode')) + { + die_friendly($lang->get('etc_access_denied_short'), '

    ' . $lang->get('etc_access_denied') . '

    '); + } + if ( isset($_POST['finish']) ) + { + $level = intval($_POST['level']); + if ( !in_array($level, array(0, 1, 2) ) ) { - $template->header(); - $result = PageUtils::delvote($paths->page_id, $paths->namespace); - echo '

    '.$result.' ' . $lang->get('etc_return_to_page') . '.

    '; - $template->footer(); - break; + die_friendly('Invalid request', '

    Level not specified

    '); } - $template->header(); - ?> -
    - get('page_delvote_warning_stern'); - echo '

    '; - switch($paths->cpage['delvotes']) - { - case 0: echo $lang->get('page_delvote_count_zero'); break; - case 1: echo $lang->get('page_delvote_count_one'); break; - default: echo $lang->get('page_delvote_count_plural', array('delvotes' => $paths->cpage['delvotes'])); break; - } - echo '

    '; - ?> -

    -
    - footer(); - break; - case 'resetvotes': - require_once(ENANO_ROOT.'/includes/pageutils.php'); - if(!$session->get_permissions('vote_reset')) - { - die_friendly($lang->get('etc_access_denied_short'), '

    ' . $lang->get('etc_access_denied') . '

    '); - } - if(isset($_POST['_youmaylivealittlelonger'])) - { - $template->header(); - $result = PageUtils::resetdelvotes($paths->page_id, $paths->namespace); - echo '

    '.$result.' ' . $lang->get('etc_return_to_page') . '.

    '; - $template->footer(); - break; - } + $q = $db->sql_query('UPDATE '.table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $paths->namespace . '\';'); + if ( !$q ) + $db->_die(); + redirect(makeUrl($paths->page), htmlspecialchars($paths->cpage['name']), $lang->get('page_wikimode_success_redirect'), 2); + } + else + { $template->header(); - ?> -
    -

    get('ajax_delvote_reset_confirm'); ?>

    -

    -
    - footer(); - break; - case 'deletepage': - if(!$session->get_permissions('delete_page')) - { - die_friendly($lang->get('etc_access_denied_short'), '

    ' . $lang->get('etc_access_denied') . '

    '); - } - if ( !$session->sid_super ) - { - redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=deletepage&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); - } - - require_once(ENANO_ROOT.'/includes/pageutils.php'); - if(isset($_POST['_adiossucker'])) - { - $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false; - if ( empty($reason) ) - $error = $lang->get('ajax_delete_prompt_reason'); - else - { - $template->header(); - $result = PageUtils::deletepage($paths->page_id, $paths->namespace, $reason); - echo '

    '.$result.' ' . $lang->get('etc_return_to_page') . '.

    '; - $template->footer(); - break; - } - } - $template->header(); - ?> -
    - get('page_delete_warning_stern'); ?> - $error

    "; ?> -

    get('page_delete_lbl_reason'); ?>

    -

    -
    - footer(); - break; - case 'setwikimode': - if(!$session->get_permissions('set_wiki_mode')) - { - die_friendly($lang->get('etc_access_denied_short'), '

    ' . $lang->get('etc_access_denied') . '

    '); - } - if ( isset($_POST['finish']) ) - { - $level = intval($_POST['level']); + if(!isset($_GET['level']) || ( isset($_GET['level']) && !preg_match('#^([0-9])$#', $_GET['level']))) die_friendly('Invalid request', '

    Level not specified

    '); + $level = intval($_GET['level']); if ( !in_array($level, array(0, 1, 2) ) ) { die_friendly('Invalid request', '

    Level not specified

    '); } - $q = $db->sql_query('UPDATE '.table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $paths->namespace . '\';'); - if ( !$q ) - $db->_die(); - redirect(makeUrl($paths->page), htmlspecialchars($paths->cpage['name']), $lang->get('page_wikimode_success_redirect'), 2); - } - else - { - $template->header(); - if(!isset($_GET['level']) || ( isset($_GET['level']) && !preg_match('#^([0-9])$#', $_GET['level']))) die_friendly('Invalid request', '

    Level not specified

    '); - $level = intval($_GET['level']); - if ( !in_array($level, array(0, 1, 2) ) ) - { - die_friendly('Invalid request', '

    Level not specified

    '); - } - echo '
    '; - echo ''; - echo ''; - $level_txt = ( $level == 0 ) ? 'page_wikimode_level_off' : ( ( $level == 1 ) ? 'page_wikimode_level_on' : 'page_wikimode_level_global' ); - $blurb = ( $level == 0 || ( $level == 2 && getConfig('wiki_mode') != '1' ) ) ? 'page_wikimode_blurb_disable' : 'page_wikimode_blurb_enable'; - ?> -

    get('page_wikimode_heading'); ?>

    -

    get($level_txt) . ' ' . $lang->get($blurb); ?>

    -

    get('page_wikimode_warning'); ?>

    -

    - '; - $template->footer(); - } + echo ''; + echo ''; + echo ''; + $level_txt = ( $level == 0 ) ? 'page_wikimode_level_off' : ( ( $level == 1 ) ? 'page_wikimode_level_on' : 'page_wikimode_level_global' ); + $blurb = ( $level == 0 || ( $level == 2 && getConfig('wiki_mode') != '1' ) ) ? 'page_wikimode_blurb_disable' : 'page_wikimode_blurb_enable'; + ?> +

    get('page_wikimode_heading'); ?>

    +

    get($level_txt) . ' ' . $lang->get($blurb); ?>

    +

    get('page_wikimode_warning'); ?>

    +

    + '; + $template->footer(); + } + break; + case 'diff': + require_once(ENANO_ROOT.'/includes/pageutils.php'); + require_once(ENANO_ROOT.'/includes/diff.php'); + $template->header(); + $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false; + $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false; + if ( !$id1 || !$id2 ) + { + echo '

    Invalid request.

    '; + $template->footer(); break; - case 'diff': - require_once(ENANO_ROOT.'/includes/pageutils.php'); - require_once(ENANO_ROOT.'/includes/diff.php'); - $template->header(); - $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false; - $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false; - if ( !$id1 || !$id2 ) - { - echo '

    Invalid request.

    '; - $template->footer(); - break; - } - if ( !ctype_digit($_GET['diff1']) || !ctype_digit($_GET['diff1']) ) - { - echo '

    SQL injection attempt

    '; - $template->footer(); - break; - } - echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2); + } + if ( !ctype_digit($_GET['diff1']) || !ctype_digit($_GET['diff1']) ) + { + echo '

    SQL injection attempt

    '; $template->footer(); break; - case 'detag': - if ( $session->user_level < USER_LEVEL_ADMIN ) - { - die_friendly($lang->get('etc_access_denied_short'), '

    ' . $lang->get('etc_access_denied') . '

    '); - } - if ( $paths->page_exists ) - { - die_friendly($lang->get('etc_invalid_request_short'), '

    ' . $lang->get('page_detag_err_page_exists') . '

    '); - } - $q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $paths->namespace . '\';'); - if ( !$q ) - $db->_die('Detag query, index.php:'.__LINE__); - die_friendly($lang->get('page_detag_success_title'), '

    ' . $lang->get('page_detag_success_body') . '

    '); - break; - case 'aclmanager': - if ( !$session->sid_super ) - { - redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=aclmanager&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); - } - - require_once(ENANO_ROOT.'/includes/pageutils.php'); - $data = ( isset($_POST['data']) ) ? $_POST['data'] : Array('mode' => 'listgroups'); - PageUtils::aclmanager($data); - break; - case 'sql_report': - $rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 ); - $page = new PageProcessor( $paths->page_id, $paths->namespace, $rev_id ); - $page->send_headers = true; - $pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : ''; - $page->password = $pagepass; - $page->send(true); - ob_end_clean(); - ob_start(); - $db->sql_report(); - break; + } + echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2); + $template->footer(); + break; + case 'detag': + if ( $session->user_level < USER_LEVEL_ADMIN ) + { + die_friendly($lang->get('etc_access_denied_short'), '

    ' . $lang->get('etc_access_denied') . '

    '); + } + if ( $paths->page_exists ) + { + die_friendly($lang->get('etc_invalid_request_short'), '

    ' . $lang->get('page_detag_err_page_exists') . '

    '); + } + $q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $paths->namespace . '\';'); + if ( !$q ) + $db->_die('Detag query, index.php:'.__LINE__); + die_friendly($lang->get('page_detag_success_title'), '

    ' . $lang->get('page_detag_success_body') . '

    '); + break; + case 'aclmanager': + if ( !$session->sid_super ) + { + redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=aclmanager&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); + } + + require_once(ENANO_ROOT.'/includes/pageutils.php'); + $data = ( isset($_POST['data']) ) ? $_POST['data'] : Array('mode' => 'listgroups'); + PageUtils::aclmanager($data); + break; + case 'sql_report': + $rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 ); + $page = new PageProcessor( $paths->page_id, $paths->namespace, $rev_id ); + $page->send_headers = true; + $pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : ''; + $page->password = $pagepass; + $page->send(true); + ob_end_clean(); + ob_start(); + $db->sql_report(); + break; +} + +// Generate an ETag +/* +// format: first 10 digits of SHA1 of page name, user id in hex, user and auth levels, page timestamp in hex +$etag = substr(sha1($paths->namespace . ':' . $paths->page_id), 0, 10) . '-' . + "u{$session->user_id}l{$session->user_level}a{$session->auth_level}-" . + dechex($page_timestamp); + +if ( isset($_SERVER['HTTP_IF_NONE_MATCH']) ) +{ + if ( "\"$etag\"" == $_SERVER['HTTP_IF_NONE_MATCH'] ) + { + header('HTTP/1.1 304 Not Modified'); + exit(); } - - // Generate an ETag - /* - // format: first 10 digits of SHA1 of page name, user id in hex, user and auth levels, page timestamp in hex - $etag = substr(sha1($paths->namespace . ':' . $paths->page_id), 0, 10) . '-' . - "u{$session->user_id}l{$session->user_level}a{$session->auth_level}-" . - dechex($page_timestamp); +} - if ( isset($_SERVER['HTTP_IF_NONE_MATCH']) ) - { - if ( "\"$etag\"" == $_SERVER['HTTP_IF_NONE_MATCH'] ) - { - header('HTTP/1.1 304 Not Modified'); - exit(); - } - } - - header("ETag: \"$etag\""); - */ - - $db->close(); - gzip_output(); - - @ob_end_flush(); +header("ETag: \"$etag\""); +*/ + +$db->close(); +gzip_output(); + +@ob_end_flush(); ?> diff -r faef5e62e1e0 -r 90225c988124 install/includes/cli-core.php --- a/install/includes/cli-core.php Tue Aug 25 01:43:11 2009 -0400 +++ b/install/includes/cli-core.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * Installation package * cli-core.php - CLI installation wizard/core * diff -r faef5e62e1e0 -r 90225c988124 install/includes/common.php --- a/install/includes/common.php Tue Aug 25 01:43:11 2009 -0400 +++ b/install/includes/common.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * Installation package * common.php - Installer common functions * @@ -16,7 +15,7 @@ // Our version number. This needs to be changed for any custom releases. $installer_version = array( - 'version' => '1.1.6', + 'version' => '1.1.7', 'type' => 'beta' // If type is set to "rc", "beta", or "alpha", optionally another version number can be issued with the key 'sub': // 'sub' => '3' will produce Enano 1.1.1a3 / Enano 1.1.1 alpha 3 diff -r faef5e62e1e0 -r 90225c988124 install/includes/libenanoinstall.php --- a/install/includes/libenanoinstall.php Tue Aug 25 01:43:11 2009 -0400 +++ b/install/includes/libenanoinstall.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * Installation package * libenanoinstall.php - Installation payload backend * diff -r faef5e62e1e0 -r 90225c988124 install/includes/libenanoinstallcli.php --- a/install/includes/libenanoinstallcli.php Tue Aug 25 01:43:11 2009 -0400 +++ b/install/includes/libenanoinstallcli.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * Installation package * libenanoinstallcli.php - Installer frontend logic, CLI version * diff -r faef5e62e1e0 -r 90225c988124 install/includes/payload.php --- a/install/includes/payload.php Tue Aug 25 01:43:11 2009 -0400 +++ b/install/includes/payload.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * Installation package * payload.php - Installer payload (the installation logic) * @@ -425,7 +424,7 @@ global $db, $session, $paths, $template, $plugins; // Common objects global $installer_version; - $q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES(\'security\', \'install_enano\', ' . time() . ', \'' . enano_date('d M Y h:i a') . '\', \'' . $db->escape($_POST['username']) . '\', \'' . $db->escape(enano_version()) . '\', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\');'); + $q = $db->sql_query('INSERT INTO ' . table_prefix . 'logs(log_type,action,time_id,date_string,author,page_text,edit_summary) VALUES(\'security\', \'install_enano\', ' . time() . ', \'' . enano_date(ED_DATE | ED_TIME) . '\', \'' . $db->escape($_POST['username']) . '\', \'' . $db->escape(enano_version()) . '\', \'' . $db->escape($_SERVER['REMOTE_ADDR']) . '\');'); if ( !$q ) { echo '

    MySQL return: ' . $db->sql_error() . '

    '; diff -r faef5e62e1e0 -r 90225c988124 install/includes/stages/confirm.php --- a/install/includes/stages/confirm.php Tue Aug 25 01:43:11 2009 -0400 +++ b/install/includes/stages/confirm.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * Installation package * confirm.php - Installer installation summary/confirmation stage * diff -r faef5e62e1e0 -r 90225c988124 install/includes/stages/database.php --- a/install/includes/stages/database.php Tue Aug 25 01:43:11 2009 -0400 +++ b/install/includes/stages/database.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * Installation package * database.php - Installer database driver selection stage * diff -r faef5e62e1e0 -r 90225c988124 install/includes/stages/database_mysql.php --- a/install/includes/stages/database_mysql.php Tue Aug 25 01:43:11 2009 -0400 +++ b/install/includes/stages/database_mysql.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * Installation package * database_mysql.php - Installer database info page, MySQL * diff -r faef5e62e1e0 -r 90225c988124 install/includes/stages/database_post.php --- a/install/includes/stages/database_post.php Tue Aug 25 01:43:11 2009 -0400 +++ b/install/includes/stages/database_post.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * Installation package * database_post.php - Database installation, stage 1 * diff -r faef5e62e1e0 -r 90225c988124 install/includes/stages/database_postgresql.php --- a/install/includes/stages/database_postgresql.php Tue Aug 25 01:43:11 2009 -0400 +++ b/install/includes/stages/database_postgresql.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * Installation package * database_postgresql.php - Installer database info page, PostgreSQL * diff -r faef5e62e1e0 -r 90225c988124 install/includes/stages/finish.php --- a/install/includes/stages/finish.php Tue Aug 25 01:43:11 2009 -0400 +++ b/install/includes/stages/finish.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * Installation package * finish.php - Installer finalization stage * diff -r faef5e62e1e0 -r 90225c988124 install/includes/stages/install.php --- a/install/includes/stages/install.php Tue Aug 25 01:43:11 2009 -0400 +++ b/install/includes/stages/install.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * Installation package * install.php - Installer payload stage * diff -r faef5e62e1e0 -r 90225c988124 install/includes/stages/license.php --- a/install/includes/stages/license.php Tue Aug 25 01:43:11 2009 -0400 +++ b/install/includes/stages/license.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * Installation package * license.php - Installer license-agreement stage * diff -r faef5e62e1e0 -r 90225c988124 install/includes/stages/login.php --- a/install/includes/stages/login.php Tue Aug 25 01:43:11 2009 -0400 +++ b/install/includes/stages/login.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * Installation package * login.php - Installer login information stage * diff -r faef5e62e1e0 -r 90225c988124 install/includes/stages/sysreqs.php --- a/install/includes/stages/sysreqs.php Tue Aug 25 01:43:11 2009 -0400 +++ b/install/includes/stages/sysreqs.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * Installation package * sysreqs.php - Installer system-requirements page * diff -r faef5e62e1e0 -r 90225c988124 install/includes/stages/website.php --- a/install/includes/stages/website.php Tue Aug 25 01:43:11 2009 -0400 +++ b/install/includes/stages/website.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * Installation package * website.php - Installer website-settings stage * diff -r faef5e62e1e0 -r 90225c988124 install/includes/ui.php --- a/install/includes/ui.php Tue Aug 25 01:43:11 2009 -0400 +++ b/install/includes/ui.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * Installation package * ui.php - User interface for installations and upgrades * diff -r faef5e62e1e0 -r 90225c988124 install/index.php --- a/install/index.php Tue Aug 25 01:43:11 2009 -0400 +++ b/install/index.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * Installation package * welcome.php - Portal to upgrade, readme, and install pages * diff -r faef5e62e1e0 -r 90225c988124 install/install-cli.php --- a/install/install-cli.php Tue Aug 25 01:43:11 2009 -0400 +++ b/install/install-cli.php Tue Aug 25 01:43:40 2009 -0400 @@ -3,8 +3,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * Installation package * install-cli.php - CLI installation frontend stub * diff -r faef5e62e1e0 -r 90225c988124 install/install.php --- a/install/install.php Tue Aug 25 01:43:11 2009 -0400 +++ b/install/install.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * Installation package * install.php - Main installation interface * diff -r faef5e62e1e0 -r 90225c988124 install/readme.php --- a/install/readme.php Tue Aug 25 01:43:11 2009 -0400 +++ b/install/readme.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * Installation package * install.php - Main installation interface * diff -r faef5e62e1e0 -r 90225c988124 install/schemas/mysql_stage2.sql --- a/install/schemas/mysql_stage2.sql Tue Aug 25 01:43:11 2009 -0400 +++ b/install/schemas/mysql_stage2.sql Tue Aug 25 01:43:40 2009 -0400 @@ -135,6 +135,8 @@ user_hobbies text, email_public tinyint(1) NOT NULL DEFAULT 0, disable_js_fx tinyint(1) NOT NULL DEFAULT 0, + date_format varchar(32) NOT NULL DEFAULT 'F d, Y', + time_format varchar(32) NOT NULL DEFAULT 'G:i', PRIMARY KEY ( user_id ) ) CHARACTER SET `utf8` COLLATE `utf8_bin`; diff -r faef5e62e1e0 -r 90225c988124 install/schemas/postgresql_stage2.sql --- a/install/schemas/postgresql_stage2.sql Tue Aug 25 01:43:11 2009 -0400 +++ b/install/schemas/postgresql_stage2.sql Tue Aug 25 01:43:40 2009 -0400 @@ -136,6 +136,8 @@ user_hobbies text, email_public smallint NOT NULL DEFAULT 0, disable_js_fx smallint NOT NULL DEFAULT 0, + date_format varchar(32) NOT NULL DEFAULT 'F d, Y', + time_format varchar(32) NOT NULL DEFAULT 'G:i', PRIMARY KEY ( user_id ) ); diff -r faef5e62e1e0 -r 90225c988124 install/schemas/upgrade/1.1.6-1.1.7-mysql.sql --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/install/schemas/upgrade/1.1.6-1.1.7-mysql.sql Tue Aug 25 01:43:40 2009 -0400 @@ -0,0 +1,2 @@ +ALTER TABLE {{TABLE_PREFIX}}users_extra ADD COLUMN date_format varchar(32) NOT NULL DEFAULT 'F d, Y'; +ALTER TABLE {{TABLE_PREFIX}}users_extra ADD COLUMN time_format varchar(32) NOT NULL DEFAULT 'G:i'; diff -r faef5e62e1e0 -r 90225c988124 install/schemas/upgrade/1.1.6-1.1.7-postgresql.sql --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/install/schemas/upgrade/1.1.6-1.1.7-postgresql.sql Tue Aug 25 01:43:40 2009 -0400 @@ -0,0 +1,2 @@ +ALTER TABLE {{TABLE_PREFIX}}users_extra ADD COLUMN date_format varchar(32) NOT NULL DEFAULT 'F d, Y'; +ALTER TABLE {{TABLE_PREFIX}}users_extra ADD COLUMN time_format varchar(32) NOT NULL DEFAULT 'G:i'; diff -r faef5e62e1e0 -r 90225c988124 install/upgrade.php --- a/install/upgrade.php Tue Aug 25 01:43:11 2009 -0400 +++ b/install/upgrade.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * Installation package * upgrade.php - Upgrade interface * @@ -19,7 +18,7 @@ // The list of versions in THIS AND PREVIOUS branches, in chronological order. $enano_versions = array(); $enano_versions['1.0'] = array('1.0', '1.0.1', '1.0.2b1', '1.0.2', '1.0.3', '1.0.4', '1.0.5', '1.0.6'); -$enano_versions['1.1'] = array('1.1.1', '1.1.2', '1.1.3', '1.1.4', '1.1.5', '1.1.6'); +$enano_versions['1.1'] = array('1.1.1', '1.1.2', '1.1.3', '1.1.4', '1.1.5', '1.1.6', '1.1.7'); // If true, this will do a full langimport instead of only adding new strings. // Will probably be left on, but some change probably needs to be made to mark @@ -108,6 +107,9 @@ if ( !$session->user_logged_in || ( $session->user_logged_in && $session->auth_level < USER_LEVEL_ADMIN ) ) { + // if we're not logged in, destroy any existing session keys in the browser + @setcookie('sid', '', time() - 86400); + $ui->set_visible_stage($stg_login); if ( isset($_POST['do_login']) ) { diff -r faef5e62e1e0 -r 90225c988124 language/english/install/default-tutorial/Basic_administration.txt --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/language/english/install/default-tutorial/Basic_administration.txt Tue Aug 25 01:43:40 2009 -0400 @@ -0,0 +1,66 @@ +The ACP is where you can go to manage things most users can't, such as website configuration, security settings, users, and plugins. This tutorial page covers the basic parts of the administration panel. + +To get started, open this link in a new browser window or tab: [[Special:Administration|Administration panel]]. You'll probably be asked to enter your password again; if prompted, please do so. + +== Layout of the ACP == + +Enano's administration panel combines design elements from several other web applications with our own bits of design. It emphasizes familiarity and tries to be as self-explanatory as possible. We accomplish this by using lots of text and, except when such a design would be limiting, working with the same 2-column layout in every page. + +=== RTFD (Read The Friendly Descriptions) === + +Except for completely self-explanatory basic options, all controls have descriptions of what exactly they do, in smaller text just below the label. This layout lets you scan quickly for what you're looking for, but puts help a glance away when you need it. + +== Applets == + +There are 20 applets that make up Enano's administration panel. This might seem intimidating, but applets are sorted by category in Enano 1.2, so it's easy to find what you're looking for. + +'''Administration panel home:''' This shows you basic information about your website. Here you can find statistics, version information, active alerts, and instructions for getting support for Enano. +'''General configuration:''' Here is where basic parameters of your site can be viewed and changed. There are a lot of settings here that can affect your site's security and permissions, so read everything twice on here. +'''File uploads:''' Specific options related to Enano's file uploading feature. +'''Allowed file types:''' Configure which file extensions may be uploaded through the [[Special:UploadFile|Upload File]] page. +'''Manage pages:''' Batch control of pages, plus specific administrator options like moving pages to a new URL. +'''Edit page content:''' Merely a front-end for finding and editing pages. This was included in Enano 1.0, so we left it in just in case you're still looking for this button here. +'''Manage page groups:''' Group pages together, so that you can assign the same set of permissions to multiple pages at once. +'''Manage themes:''' Install themes, change the default theme, and view or change permissions. +'''Manage plugins:''' Install, remove, upgrade, and enable or disable installed plugins. This is also where you can see the list of system plugins (plugins that run basic functions) that come bundled with Enano. +'''Backup database:''' Download a copy of your database that can be restored if something ever goes wrong with your website. This is only available on Enano installations based on MySQL. +'''Language manager:''' View and change languages your site uses. You can also edit individual strings to customize your site. +'''Cache settings:''' Check the status of individual caches. Caching lets Enano save some generated values so that pages can be produced faster. +'''Manage users:''' Edit or delete user accounts on your website. Here you can reset passwords, activate or deactivate accounts, and a lot more. +'''Edit user groups:''' Create, edit, and delete user groups. User groups let you place any number of users within one common category, so you can assign permissions, username colors (ranks) and more to lots of users at the same time. +'''COPPA support:''' Enable or disable Enano's support for COPPA, a United States law that requires websites with a target audience under the age of 13 to seek parental consent before allowing new members to participate. +'''Mass e-mail:''' Send out an e-mail to everybody on your website, or to a certain user group. +'''User ranks and titles:''' Assign different visual properties to user titles. In addition to changing the color and basic formatting, you can enter custom CSS rules. +'''Security log:''' See a list of things done on your site that pertain to security. You can see successful and failed attempts to log in, information on actions taken with plugins, changing of sensitive settings, and more. +'''Ban control:''' Ban (or unban) people by username, IP address or e-mail address from your website. +'''Log out of admin panel:''' Tell Enano that you're finished working with the admin panel and wish to discard your privileged state, so that a password is required to use the administration panel again. You should always use this when you're finished using the ACP. + +== Getting started == + +OK, you should have, in a separate browser window or tab, the ACP home page now. On the left you should see a tree menu with several different categories of applets. Click each one to open it, so that you can see everything. Also take the time now to click "Turn on keep-alive", since you'll be switching back and forth between your admin panel and this tutorial a lot. + +The right side is where the current ACP page is loaded. In this case, it should be the Administration Dashboard, also available through the "Administration panel home" link at the top of the menu. You should see a table with statistics about your website and, if you scroll down a bit, an alert or two. Finally, you can see your fresh new security log showing the date, time, and source IP address of your Enano installation as well as a pair of light-blue boxes with links to Enano documentation and support. + +Look to the far right: you'll see a light blue bar with an arrow peeking out. If you click that, you'll see your site's sidebar, so that you can navigate around from the admin panel. We usually keep this hidden because it makes space a bit limited on non-widescreen displays. + +Let's take a shot at some configuration. Click on "General configuration" in the navigation tree. Scroll down a little bit and look for something you'd like to change - we usually like to start by turning on approval of comments and visual confirmation when guests post to cut down on comment spam. If you can send e-mail from your server, try also setting account activation to "User." Save your changes by scrolling all the way to the bottom and clicking "Save Changes." + +Did you catch that? Not too hard. That's how just about all the forms in Enano work. + +== Install a plug-in == + +Now we're ready for something a little more advanced. Let's start off with a relatively basic plugin: [http://enanocms.org/plugin/ajim2 AjIM2]. + +Start off by downloading the plugin as instructed on the page. Unzip the file and upload the files to your webserver the same way you uploaded Enano. Make sure you put both the "AjIM2.0.php" file and the "ajim" folder under Enano's "plugins" folder. + +Now go to Manage Plugins in your ACP tab. You should see an entry for "AjIM 2.0". Click on it and watch the table cell expand. You'll see a description of the plugin as well as information like its author, version, and enanocms.org plugin page URL. Off to the right you'll see a button labeled "Install." Click it and confirm the installation when prompted. If all goes well, you'll see the page refresh and the entry for AjIM will now be green. Congratulations! You just installed your first plugin. + +Since AjIM adds a sidebar block, let's also go in and enable that. Expand the sidebar by clicking the light blue bar on the right side of the admin panel window and click "Edit the Sidebar." Then click "Create a new block." Select "Plugin block" from the drop-down box, then enter the name of the new block and which sidebar you want it on. Finally select "AjIM Shoutbox" from the last drop-down box and click Create new block. You'll see a message that says "The item was added" and the new AjIM Shoutbox block at the bottom of the sidebar you selected. Drag the gray handle at the top of the block to rearrange it, if you want. That's it - AjIM is installed and enabled on your site. + +Most plugins are easy to install but need just a little help to become fully integrated with your site. For example, if you install [http://enanocms.org/plugin/snapr Snapr] or [http://enanocms.org/plugin/newsboy Newsboy], you might want to edit your Navigation sidebar block to add a link or change your main page. Plugins are totally flexible in this regard, so experiment - a plugin often drives the main feature of an Enano site. + +== That's it! == + +Now you're familiar with the administration control panel. We've accomplished a knowledge of Enano's basic features and familiarized ourselves with its interface. Now it's time to explore some more advanced features. + +[[Moderation|Next step: Moderation, security, and access controls »]] diff -r faef5e62e1e0 -r 90225c988124 language/english/install/default-tutorial/Creating_and_editing_pages.txt --- a/language/english/install/default-tutorial/Creating_and_editing_pages.txt Tue Aug 25 01:43:11 2009 -0400 +++ b/language/english/install/default-tutorial/Creating_and_editing_pages.txt Tue Aug 25 01:43:40 2009 -0400 @@ -1,7 +1,67 @@ -OK, I lied. The beta doesn't have a tutorial. +At its heart, Enano is a wiki. Why is this special? Because content is at the heart of the Enano design, not an afterthought. In Enano, editing - like most other tasks - is done right on the page. The page is updated live so you can see your changes right away. You can edit a page simply by clicking the "Edit this page" button on the shiny black toolbar. Create a page simply by editing it - the first time you save it, it will be created automatically. + +=== Your first edit === + +Let's try some basic editing now. Click the "edit this page" button you see on the textual toolbar at the top of this page. Type between the two HTML comments (<!-- like this -->) you see in the text box (you might have to scroll down a bit). Click "Save Changes" - you should see what you typed show up right away! + +==== User-entered text ==== + + + + + +=== Create your first page === + +Now let's try creating a page. Open [[My first page|this link]] in a new browser tab or window so that you can keep these instructions available. Click the same "edit this page" button and type some text. What you typed should be visible on the page now! -=== Oh noes! What am I to do? === +=== Add some flair === + +Have you noticed the way links and headings look on this page? They are embedded using a very simple language called ''wikitext''. You can use wikitext to organize and format your page, and to link to other pages. Linking to other pages is what makes a wiki, a wiki. + +To use bold text: + +'''Your text here''' + +To use italic text: + +''Your text here'' + +Create a link: + +[[Page title]] + +Create a link, but using your own text: -For now, use the [http://enanocms.org/download?series=1.0 stable releases] of Enano if you don't feel comfortable. Also read the [http://docs.enanocms.org/ documentation] - it won't give you a tutorial ''per se'', but it will explain how to run an Enano website. If you're stuck, try our [http://forum.enanocms.org/ support forums] or see [http://enanocms.org/Support other support options]. +[[Page title|Your text here]] + +Create a large heading: + +== Your text here == + +Create a medium heading: + +=== Your text here === + +Create a small heading: + +==== Your text here ==== + +Link to an external site: -
    Remember that this is a beta release of Enano. We don't provide official support for problems, but we will fix bugs and take suggestions. Take this into account when you post for help - it will make getting an answer more likely!
    +[http://www.example.com/ Your text here] + +== Visual editing == + +If you prefer to design your documents in a more graphical way, click the Convert to HTML button in the editor. Enano includes [http://tinymce.moxiecode.com/ TinyMCE], a widely-used graphical editor for the web. + +== Moving up from Enano 1.0? == + +Good news: You don't have to learn anything new to use Enano 1.2's formatting syntax or editor. We've improved the interface of the editor a lot though. Enano 1.2 also has new features like auto-saving and the ability to detect when someone else saves the page while you're working on it. Another new feature is a guard against automatically closing out the editor, so it's much harder to lose a page you're working on. + +The biggest change to page editing in Enano 1.2 is the way the renderer behaves when you use TinyMCE to edit the page. We made this process a lot smarter so the wikitext engine doesn't try to apply formatting that should already be done by TinyMCE. This means, however, that you can't use certain bits of wikitext syntax - such as bold, italics, headings and tables - that are already covered through TinyMCE features. + +== All done! == + +That's it! Now you know how to write pages with Enano. Let's move on and learn how to do some basic administration of your new website. + +[[Basic_administration|Next step: Basic administation »]] diff -r faef5e62e1e0 -r 90225c988124 language/english/user.json --- a/language/english/user.json Tue Aug 25 01:43:11 2009 -0400 +++ b/language/english/user.json Tue Aug 25 01:43:40 2009 -0400 @@ -317,6 +317,8 @@ publicinfo_field_changetheme_title: 'Change theme:', publicinfo_field_changetheme_hint: 'If you don\'t like the look of the site, need a visual break, or are just curious, we might have some different themes for you to try out!', publicinfo_field_changetheme: 'Change my theme...', + publicinfo_field_dateformat: 'Date format:', + publicinfo_field_timeformat: 'Time format:', publicinfo_field_timezone: 'Time zone:', publicinfo_field_timezone_hint: 'Select the time zone you live in and when Daylight Savings Time occurs, if at all.', publicinfo_field_dst: 'Daylight saving time:', @@ -357,7 +359,7 @@ avatar_lbl_url_desc: 'This must start with the http:// prefix and must be a valid URL. The image will be copied from the existing URL to this server - dynamic avatars are not supported.', avatar_lbl_file: 'Upload file:', avatar_lbl_file_desc: 'Your browser needs to support file uploads for this option to work.', - avatar_limits: 'The image cannot be more than %config.avatar_max_size% bytes in size. The maximum dimensions are %config.avatar_max_width% × %config.avatar_max_height% pixels. Allowed formats are PNG, GIF, and JPEG.', + avatar_limits: 'The maximum file size is %config.avatar_max_size% bytes, and maximum dimensions are %config.avatar_max_width% × %config.avatar_max_height% pixels; we\'ll try resizing it if necessary. Allowed formats are PNG, GIF, and JPEG.', avatar_delete_success: 'Your avatar has been deleted.', avatar_bad_write: 'Either the remote server had trouble finding the image, or your image exceeded the allowed file size.', avatar_bad_filetype: 'The file you selected is invalid. You must choose a file in PNG, JPEG, or GIF format.', @@ -367,6 +369,7 @@ avatar_move_failed: 'Your image was accepted, but there was a problem moving the image file to the correct location.', avatar_upload_success: 'Your avatar has been updated.', avatar_file_too_large: 'The image you uploaded exceeds the maximum file size allowed for avatars on this site.', + avatar_invalid_url: 'The URL you entered to your avatar image is not valid. Please enter another URL and try again.', avatar_gravatar_success: 'Your Gravatar will now be used as your avatar on this site.', avatar_gravatar_rating_g: 'The highest allowed rating for your Gravatar image is G. Images must be suitable for display on all websites with any audience type.', avatar_gravatar_rating_pg: 'The highest allowed rating for your Gravatar image is PG. Rude gestures, lesser swear words, mild violence, and mildly provocatively dressed individuals are permitted.', diff -r faef5e62e1e0 -r 90225c988124 plugins/PrivateMessages.php --- a/plugins/PrivateMessages.php Tue Aug 25 01:43:11 2009 -0400 +++ b/plugins/PrivateMessages.php Tue Aug 25 01:43:40 2009 -0400 @@ -12,8 +12,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. @@ -83,7 +82,7 @@
    - + '; + echo ''; } $db->free_result(); } diff -r faef5e62e1e0 -r 90225c988124 plugins/SpecialAdmin.php --- a/plugins/SpecialAdmin.php Tue Aug 25 01:43:11 2009 -0400 +++ b/plugins/SpecialAdmin.php Tue Aug 25 01:43:40 2009 -0400 @@ -12,8 +12,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. @@ -1482,7 +1481,7 @@ $filename = 'enano_backup_' . enano_date('ymd') . '.sql' . $aesext; ob_start(); // Spew some headers - $headdate = enano_date('F d, Y \a\t h:i a'); + $headdate = enano_date(ED_DATE | ED_TIME); echo <<
    username} @@ -1494,7 +1493,7 @@ $tables = array_merge($base, $add); // Log it! - $e = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'db_backup\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$db->escape($session->username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(implode(', ', $tables)) . '\')'); + $e = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'db_backup\', '.time().', \''.enano_date(ED_DATE | ED_TIME).'\', \''.$db->escape($session->username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(implode(', ', $tables)) . '\')'); if ( !$e ) $db->_die(); @@ -2227,26 +2226,22 @@
    + + + + + + + + @@ -745,6 +786,8 @@
    get('privmsgs_lbl_message_from', array('sender' => htmlspecialchars($r['message_from']))); ?>
    get('privmsgs_lbl_subject') ?>
    get('privmsgs_lbl_date') ?>
    get('privmsgs_lbl_date') ?>
    get('privmsgs_lbl_message') ?>get('etc_access_denied_short'), '

    You are not authorized to view the contents of this message.

    '); } $subj = 'Re: ' . $r['subject']; - $text = "\n\n\nOn " . enano_date('M j, Y G:i', $r['date']) . ", " . $r['message_from'] . " wrote:\n> " . str_replace("\n", "\n> ", $r['message_text']); // Way less complicated than using a regex ;-) + $text = "\n\n\nOn " . enano_date(ED_DATE | ED_TIME, $r['date']) . ", " . $r['message_from'] . " wrote:\n> " . str_replace("\n", "\n> ", $r['message_text']); // Way less complicated than using a regex ;-) $tbuf = $text; while( preg_match("/\n([\> ]*?)\> \>/", $text) ) @@ -637,7 +636,7 @@ { echo ''; } - echo '    		'.enano_date('M j, Y G:i', $r['date']).'
    '.enano_date(ED_DATE | ED_TIME, $r['date']).'
    nslist); - for ( $i = 0; $i < sizeof($paths->nslist); $i++ ) + list($module) = explode('/', $_GET['module']); + list($page_id, $namespace) = RenderMan::strToPageID($module); + if ( $namespace != 'Admin' ) { - $ln = strlen( $paths->nslist[ $k[ $i ] ] ); - if ( substr($_GET['module'], 0, $ln) == $paths->nslist[$k[$i]] ) - { - $ns = $k[$i]; - $nm = substr($_GET['module'], $ln, strlen($_GET['module'])); - } + echo '
    Module must be in the Admin namespace
    '; } - $fname = 'page_'.$ns.'_'.$nm; - $s = strpos($fname, '?noheaders'); - if($s) $fname = substr($fname, 0, $s); - $paths->cpage['module'] = $_GET['module']; - if ( function_exists($fname) && $_GET['module'] != $paths->nslist['Special'] . 'Administration' ) + else { - call_user_func($fname); + $paths->fullpage = $_GET['module']; + $paths->cpage['module'] = $_GET['module']; + $page = new PageProcessor($page_id, $namespace); + $page->send_headers = false; + $page->send(); + $paths->fullpage = $paths->page; } } else @@ -2603,7 +2598,7 @@ } if(isset($_GET['ajax'])) { - ob_end_clean(); + @ob_end_clean(); die('GOOD'); } break; diff -r faef5e62e1e0 -r 90225c988124 plugins/SpecialCSS.php --- a/plugins/SpecialCSS.php Tue Aug 25 01:43:11 2009 -0400 +++ b/plugins/SpecialCSS.php Tue Aug 25 01:43:40 2009 -0400 @@ -12,8 +12,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. diff -r faef5e62e1e0 -r 90225c988124 plugins/SpecialGroups.php --- a/plugins/SpecialGroups.php Tue Aug 25 01:43:11 2009 -0400 +++ b/plugins/SpecialGroups.php Tue Aug 25 01:43:40 2009 -0400 @@ -12,7 +12,6 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) * Copyright (C) 2007 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License @@ -377,7 +376,7 @@ foreach ( $pending as $member ) { - $date = enano_date('F d, Y', $member['reg_time']); + $date = enano_date(ED_DATE, $member['reg_time']); $cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; $addy = $email->encryptEmail($member['email']); @@ -423,7 +422,7 @@ if ( $member['is_mod'] != 1 ) break; - $date = enano_date('F d, Y', $member['reg_time']); + $date = enano_date(ED_DATE, $member['reg_time']); $cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; $addy = $email->encryptEmail($member['email']); @@ -447,7 +446,7 @@ if ( $member['is_mod'] == 1 ) continue; - $date = enano_date('F d, Y', $member['reg_time']); + $date = enano_date(ED_DATE, $member['reg_time']); $cls = ( $cls == 'row2' ) ? 'row1' : 'row2'; $addy = $email->encryptEmail($member['email']); diff -r faef5e62e1e0 -r 90225c988124 plugins/SpecialLog.php --- a/plugins/SpecialLog.php Tue Aug 25 01:43:11 2009 -0400 +++ b/plugins/SpecialLog.php Tue Aug 25 01:43:40 2009 -0400 @@ -12,8 +12,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. diff -r faef5e62e1e0 -r 90225c988124 plugins/SpecialPageFuncs.php --- a/plugins/SpecialPageFuncs.php Tue Aug 25 01:43:11 2009 -0400 +++ b/plugins/SpecialPageFuncs.php Tue Aug 25 01:43:40 2009 -0400 @@ -12,8 +12,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. @@ -641,7 +640,7 @@ if ( !$q ) $db->die_json(); - while ( $row = $db->fetchrow() ) + while ( $row = $db->fetchrow($q) ) { $key = array( 'name' => $row['username'], diff -r faef5e62e1e0 -r 90225c988124 plugins/SpecialSearch.php --- a/plugins/SpecialSearch.php Tue Aug 25 01:43:11 2009 -0400 +++ b/plugins/SpecialSearch.php Tue Aug 25 01:43:40 2009 -0400 @@ -12,8 +12,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. diff -r faef5e62e1e0 -r 90225c988124 plugins/SpecialUpdownload.php --- a/plugins/SpecialUpdownload.php Tue Aug 25 01:43:11 2009 -0400 +++ b/plugins/SpecialUpdownload.php Tue Aug 25 01:43:40 2009 -0400 @@ -12,8 +12,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * SpecialUpdownload.php - handles uploading and downloading of user-uploaded files - possibly the most rigorously security-enforcing script in all of Enano, although sessions.php comes in a close second * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License @@ -128,13 +127,13 @@ if(!$db->sql_query('INSERT INTO '.table_prefix.'files(time_id,page_id,filename,size,mimetype,file_extension,file_key) VALUES('.$utime.', \''.$urln.'\', \''.$filename.'\', '.$flen.', \''.$type.'\', \''.$ext.'\', \''.$key.'\')')) $db->_die('The file data entry could not be inserted.'); if(!isset($_POST['update'])) { - if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.$utime.', \''.enano_date('d M Y h:i a').'\', \'page\', \'create\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\');')) $db->_die('The page log could not be updated.'); + if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.$utime.', \''.enano_date(ED_DATE | ED_TIME).'\', \'page\', \'create\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\');')) $db->_die('The page log could not be updated.'); if(!$db->sql_query('INSERT INTO '.table_prefix.'pages(name,urlname,namespace,protected,delvotes,delvote_ips) VALUES(\''.$filename.'\', \''.$urln.'\', \'File\', 0, 0, \'\')')) $db->_die('The page listing entry could not be inserted.'); if(!$db->sql_query('INSERT INTO '.table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\''.$urln.'\', \'File\', \''.$comments.'\', \''.$chartag.'\')')) $db->_die('The page text entry could not be inserted.'); } else { - if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.$utime.', \''.enano_date('d M Y h:i a').'\', \'page\', \'reupload\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\', \''.$comments.'\');')) $db->_die('The page log could not be updated.'); + if(!$db->sql_query('INSERT INTO '.table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.$utime.', \''.enano_date(ED_DATE | ED_TIME).'\', \'page\', \'reupload\', \''.$session->username.'\', \''.$filename.'\', \''.'File'.'\', \''.$comments.'\');')) $db->_die('The page log could not be updated.'); } $cache->purge('page_meta'); die_friendly($lang->get('upload_success_title'), '

    ' . $lang->get('upload_success_body', array('file_link' => makeUrlNS('File', $filename))) . '

    '); diff -r faef5e62e1e0 -r 90225c988124 plugins/SpecialUserFuncs.php --- a/plugins/SpecialUserFuncs.php Tue Aug 25 01:43:11 2009 -0400 +++ b/plugins/SpecialUserFuncs.php Tue Aug 25 01:43:40 2009 -0400 @@ -12,8 +12,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. @@ -406,6 +405,10 @@ echo ''; } } + else if ( isset($_POST['get_fwd']) ) + { + echo ''; + } ?> fullpage = $GLOBALS['title']; if ( $paths->getParam(0) === 'action.json' ) { if ( !isset($_POST['r']) ) @@ -1838,47 +1842,8 @@ public static function format_date($time) { - global $lang; - // Our formattting string to pass to enano_date() - // This should not include minute/second info, only today's date in whatever format suits your fancy - $formatstring = 'F j, Y'; - // Today's date - $today = enano_date($formatstring); - // Yesterday's date - $yesterday = enano_date($formatstring, (time() - (24*60*60))); - // Date on the input - $then = enano_date($formatstring, $time); - // "X days ago" logic - for ( $i = 2; $i <= 6; $i++ ) - { - // hours_in_day * minutes_in_hour * seconds_in_minute * num_days - $offset = 24 * 60 * 60 * $i; - $days_ago = enano_date($formatstring, (time() - $offset)); - // so does the input timestamp match the date from $i days ago? - if ( $then == $days_ago ) - { - // yes, return $i - return $lang->get('userfuncs_ml_date_daysago', array('days_ago' => $i)); - } - } - // either yesterday, today, or before 6 days ago - switch($then) - { - case $today: - return $lang->get('userfuncs_ml_date_today'); - case $yesterday: - return $lang->get('userfuncs_ml_date_yesterday'); - default: - return $then; - } - // .--. - // |o_o | - // |!_/ | - // // \ \ - // (| | ) - // /'\_ _/`\ - // \___)=(___/ - return 'Linux rocks!'; + // merged into enano_date() :) + return enano_date(ED_DATE, $time); } function reg_time($time, $row) { diff -r faef5e62e1e0 -r 90225c988124 plugins/SpecialUserPrefs.php --- a/plugins/SpecialUserPrefs.php Tue Aug 25 01:43:11 2009 -0400 +++ b/plugins/SpecialUserPrefs.php Tue Aug 25 01:43:40 2009 -0400 @@ -12,8 +12,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute it and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. @@ -185,6 +184,10 @@ switch ( $section ) { + case 'Avatar': + $template->preload_js('jquery'); + $template->preload_js('jquery-ui'); + break; case 'EmailPassword': // Require elevated privileges (well sortof) if ( $session->auth_level < USER_LEVEL_CHPREF ) @@ -306,6 +309,10 @@ $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_signature_title'); break; case 'Profile': + case 'Home': + if ( isset($_POST['submit']) ) + csrf_request_confirm(); + $template->tpl_strings['PAGE_NAME'] = $lang->get('usercp_publicinfo_title'); break; } @@ -454,6 +461,9 @@ $hobbies = htmlspecialchars($_POST['hobbies']); $hobbies = $db->escape($hobbies); + $date_format = $db->escape(htmlspecialchars($_POST['date_format'])); + $time_format = $db->escape(htmlspecialchars($_POST['time_format'])); + $email_public = ( isset($_POST['email_public']) ) ? '1' : '0'; $disable_js_fx = ( isset($_POST['disable_js_fx']) ) ? '1' : '0'; @@ -483,6 +493,8 @@ $session->user_extra['user_job'] = $occupation; $session->user_extra['user_hobbies'] = $hobbies; $session->user_extra['email_public'] = intval($email_public); + $session->date_format = $date_format; + $session->time_format = $time_format; // user title $user_title_col = ''; @@ -536,7 +548,8 @@ $q = $db->sql_query('UPDATE '.table_prefix."users_extra SET user_aim='$imaddr_aim',user_yahoo='$imaddr_yahoo',user_msn='$imaddr_msn', user_xmpp='$imaddr_xmpp',user_homepage='$homepage',user_location='$location',user_job='$occupation', - user_hobbies='$hobbies',email_public=$email_public,disable_js_fx=$disable_js_fx + user_hobbies='$hobbies',email_public=$email_public,disable_js_fx=$disable_js_fx,date_format='$date_format', + time_format='$time_format' WHERE user_id=$session->user_id;"); if ( !$q ) @@ -632,6 +645,34 @@
    		get('usercp_publicinfo_field_changetheme_hint'); ?> get('usercp_publicinfo_field_changetheme'); ?>
    get('usercp_publicinfo_field_dateformat'); ?> + +
    get('usercp_publicinfo_field_timeformat'); ?> + +
    get('usercp_publicinfo_field_timezone'); ?>
    get('usercp_publicinfo_field_timezone_hint'); ?>
    csrf_token . '" />'; echo ''; break; case 'Avatar': @@ -754,197 +797,18 @@ break; } - // Determine current avatar - $q = $db->sql_query('SELECT user_has_avatar, avatar_type FROM ' . table_prefix . 'users WHERE user_id = ' . $session->user_id . ';'); - if ( !$q ) - $db->_die('Avatar CP selecting user\'s avatar data'); - - list($has_avi, $avi_type) = $db->fetchrow_num(); - if ( isset($_POST['submit']) ) { - $action = ( isset($_POST['avatar_action']) ) ? $_POST['avatar_action'] : 'keep'; - $avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $session->user_id . '.' . $avi_type; - switch($action) - { - case 'keep': - default: - break; - case 'remove': - if ( $has_avi ) - { - // First switch the avatar off - $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 0 WHERE user_id = ' . $session->user_id . ';'); - if ( !$q ) - $db->_die('Avatar CP switching user avatar off'); - - if ( @unlink($avi_path) ) - { - echo '
    ' . $lang->get('usercp_avatar_delete_success') . '
    '; - } - $has_avi = 0; - } - break; - case 'set_http': - case 'set_file': - // Hackish way to preserve the UNIX philosophy of reusing as much code as possible - if ( $action == 'set_http' ) - { - // Check if this action is enabled - if ( getConfig('avatar_upload_http', 1) !== 1 ) - { - // non-localized, only appears on hack attempt - echo '
    Uploads over HTTP are disabled.
    '; - break; - } - // Download the file - require_once( ENANO_ROOT . '/includes/http.php' ); - - if ( !preg_match('/^http:\/\/([a-z0-9-\.]+)(:([0-9]+))?\/(.+)$/', $_POST['avatar_http_url'], $match) ) - { - echo '
    ' . $lang->get('usercp_avatar_invalid_url') . '
    '; - break; - } - - $hostname = $match[1]; - $uri = '/' . $match[4]; - $port = ( $match[3] ) ? intval($match[3]) : 80; - $max_size = intval(getConfig('avatar_max_size')); - - // Get temporary file - $tempfile = tempnam(false, "enanoavatar_{$session->user_id}"); - if ( !$tempfile ) - echo '
    Error getting temp file.
    '; - - @unlink($tempfile); - $request = new Request_HTTP($hostname, $uri, 'GET', $port); - $result = $request->write_response_to_file($tempfile, 50, $max_size); - if ( !$result || $request->response_code != HTTP_OK ) - { - @unlink($tempfile); - echo '
    ' . $lang->get('usercp_avatar_bad_write') . '
    '; - break; - } - - // Response written. Proceed to validation... - } - else - { - // Check if this action is enabled - if ( getConfig('avatar_upload_file', 1) !== 1 ) - { - // non-localized, only appears on hack attempt - echo '
    Uploads from the browser are disabled.
    '; - break; - } - - $max_size = intval(getConfig('avatar_max_size')); - - $file =& $_FILES['avatar_file']; - $tempfile =& $file['tmp_name']; - if ( filesize($tempfile) > $max_size ) - { - @unlink($tempfile); - echo '
    ' . $lang->get('usercp_avatar_file_too_large') . '
    '; - break; - } - } - $file_type = get_image_filetype($tempfile); - if ( !$file_type ) - { - unlink($tempfile); - echo '
    ' . $lang->get('usercp_avatar_bad_filetype') . '
    '; - break; - } - - $avi_path_new = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $session->user_id . '.' . $file_type; - - // The file type is good - validate dimensions and animation - switch($file_type) - { - case 'png': - $is_animated = is_png_animated($tempfile); - $dimensions = png_get_dimensions($tempfile); - break; - case 'gif': - $is_animated = is_gif_animated($tempfile); - $dimensions = gif_get_dimensions($tempfile); - break; - case 'jpg': - $is_animated = false; - $dimensions = jpg_get_dimensions($tempfile); - break; - default: - echo '
    API mismatch
    '; - break 2; - } - // Did we get invalid size data? If so the image is probably corrupt. - if ( !$dimensions ) - { - @unlink($tempfile); - echo '
    ' . $lang->get('usercp_avatar_corrupt_image') . '
    '; - break; - } - // Is the image animated? - if ( $is_animated && getConfig('avatar_enable_anim') !== '1' ) - { - @unlink($tempfile); - echo '
    ' . $lang->get('usercp_avatar_disallowed_animation') . '
    '; - break; - } - // Check image dimensions - list($image_x, $image_y) = $dimensions; - $max_x = intval(getConfig('avatar_max_width')); - $max_y = intval(getConfig('avatar_max_height')); - if ( $image_x > $max_x || $image_y > $max_y ) - { - @unlink($tempfile); - echo '
    ' . $lang->get('usercp_avatar_too_large') . '
    '; - break; - } - // All good! - @unlink($avi_path); - if ( rename($tempfile, $avi_path_new) ) - { - $q = $db->sql_query('UPDATE ' . table_prefix . "users SET user_has_avatar = 1, avatar_type = '$file_type' WHERE user_id = {$session->user_id};"); - if ( !$q ) - $db->_die('Avatar CP updating users table after successful avatar upload'); - $has_avi = 1; - $avi_type = $file_type; - echo '
    ' . $lang->get('usercp_avatar_upload_success') . '
    '; - } - else - { - echo '
    ' . $lang->get('usercp_avatar_move_failed') . '
    '; - } - break; - case 'set_gravatar': - // set avatar to use Gravatar - // make sure we're allowed to do this - if ( getConfig('avatar_upload_gravatar') != '1' ) - { - // access denied - break; - } - // first, remove old image - if ( $has_avi ) - { - // First switch the avatar off - $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 0 WHERE user_id = ' . $session->user_id . ';'); - if ( !$q ) - $db->_die('Avatar CP switching user avatar off'); - - @unlink($avi_path); - } - // set to gravatar mode - $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 1, avatar_type = \'grv\' WHERE user_id = ' . $session->user_id . ';'); - if ( !$q ) - $db->_die('Avatar CP switching user avatar off'); - - $has_avi = 1; - echo '
    ' . $lang->get('usercp_avatar_gravatar_success') . '
    '; - break; - } + list($has_avi, $avi_type) = avatar_post($session->user_id); + } + else + { + // Determine current avatar + $q = $db->sql_query('SELECT user_has_avatar, avatar_type FROM ' . table_prefix . 'users WHERE user_id = ' . $session->user_id . ';'); + if ( !$q ) + $db->_die('Avatar CP selecting user\'s avatar data'); + + list($has_avi, $avi_type) = $db->fetchrow_num(); } ?> @@ -952,28 +816,17 @@ function avatar_select_field(elParent) { + $('td#avatar_upload_btns > div:visible').hide('blind'); switch(elParent.value) { - case 'keep': - case 'remove': - $('avatar_upload_http').object.style.display = 'none'; - $('avatar_upload_file').object.style.display = 'none'; - $('avatar_upload_gravatar').object.style.display = 'none'; - break; case 'set_http': - $('avatar_upload_http').object.style.display = 'block'; - $('avatar_upload_file').object.style.display = 'none'; - $('avatar_upload_gravatar').object.style.display = 'none'; + $('#avatar_upload_http').show('blind'); break; case 'set_file': - $('avatar_upload_http').object.style.display = 'none'; - $('avatar_upload_file').object.style.display = 'block'; - $('avatar_upload_gravatar').object.style.display = 'none'; + $('#avatar_upload_file').show('blind'); break; case 'set_gravatar': - $('avatar_upload_gravatar').object.style.display = 'block'; - $('avatar_upload_http').object.style.display = 'none'; - $('avatar_upload_file').object.style.display = 'none'; + $('#avatar_upload_gravatar').show('blind'); break; } } @@ -991,7 +844,7 @@ '; echo ' - + ' . $lang->get('usercp_avatar_label_current') . ' '; @@ -1012,7 +865,7 @@ ' . $lang->get('usercp_avatar_lbl_change') . ' - +

    '; if ( getConfig('avatar_upload_http') == '1' ) @@ -1023,10 +876,6 @@ ' . $lang->get('usercp_avatar_lbl_url_desc') . ' ' . $lang->get('usercp_avatar_limits') . ' '; } - else - { - echo ' '; - } if ( getConfig('avatar_upload_file') == '1' ) { echo '
    @@ -1035,10 +884,6 @@ ' . $lang->get('usercp_avatar_lbl_file_desc') . ' ' . $lang->get('usercp_avatar_limits') . ' '; } - else - { - echo ' '; - } if ( getConfig('avatar_upload_gravatar') == '1' ) { $rating_images = array('g' => '0', 'pg' => '1', 'r' => '2', 'x' => '3'); @@ -1053,10 +898,6 @@ ' . $lang->get("usercp_avatar_gravatar_rating_$max_rating") . ' '; } - else - { - echo ' '; - } echo ' '; @@ -1089,4 +930,237 @@ $template->footer(); } +// Avatar POST processor +function avatar_post($user_id, $quiet = false) +{ + global $db, $session, $paths, $template, $plugins; // Common objects + global $lang; + + $had_a_boo_boo = true; + + // Determine current avatar + $q = $db->sql_query('SELECT user_has_avatar, avatar_type FROM ' . table_prefix . 'users WHERE user_id = ' . $session->user_id . ';'); + if ( !$q ) + $db->_die('Avatar CP selecting user\'s avatar data'); + + list($has_avi, $avi_type) = $db->fetchrow_num(); + + $action = ( isset($_POST['avatar_action']) ) ? $_POST['avatar_action'] : 'keep'; + $avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $avi_type; + switch($action) + { + case 'keep': + default: + $had_a_boo_boo = false; + break; + case 'remove': + if ( $has_avi ) + { + // First switch the avatar off + $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 0 WHERE user_id = ' . $user_id . ';'); + if ( !$q ) + $db->_die('Avatar CP switching user avatar off'); + + if ( @unlink($avi_path) ) + { + $quiet || print '
    ' . $lang->get('usercp_avatar_delete_success') . '
    '; + } + $has_avi = 0; + } + $had_a_boo_boo = false; + break; + case 'set_http': + case 'set_file': + // Hackish way to preserve the UNIX philosophy of reusing as much code as possible + if ( $action == 'set_http' ) + { + // Check if this action is enabled + if ( getConfig('avatar_upload_http', 1) !== 1 ) + { + // non-localized, only appears on hack attempt + echo '
    Uploads over HTTP are disabled.
    '; + break; + } + // Download the file + require_once( ENANO_ROOT . '/includes/http.php' ); + + if ( !preg_match('/^http:\/\/((?:[a-z0-9-\.]+|\[[a-f0-9:]+\]))(:([0-9]+))?\/(.+)$/', $_POST['avatar_http_url'], $match) ) + { + echo '
    ' . $lang->get('usercp_avatar_invalid_url') . '
    '; + break; + } + + $hostname = $match[1]; + $uri = '/' . $match[4]; + $port = ( $match[3] ) ? intval($match[3]) : 80; + $max_size = intval(getConfig('avatar_max_size')); + + // Get temporary file + $tempfile = tempnam(false, "enanoavatar_{$user_id}"); + if ( !$tempfile ) + echo '
    Error getting temp file.
    '; + + @unlink($tempfile); + $request = new Request_HTTP($hostname, $uri, 'GET', $port); + // max download size: 2MB, keeps things reasonable + // note: we'll try to scale the image down before checking filesize + $result = $request->write_response_to_file($tempfile, 1160, 2097152); + if ( !$result || $request->response_code != HTTP_OK ) + { + @unlink($tempfile); + echo '
    ' . $lang->get('usercp_avatar_bad_write') . '
    '; + break; + } + + // Response written. Proceed to validation... + } + else + { + // Check if this action is enabled + if ( getConfig('avatar_upload_file', 1) !== 1 ) + { + // non-localized, only appears on hack attempt + echo '
    Uploads from the browser are disabled.
    '; + break; + } + + $max_size = intval(getConfig('avatar_max_size')); + + $file =& $_FILES['avatar_file']; + $tempfile =& $file['tmp_name']; + } + $file_type = get_image_filetype($tempfile); + if ( !$file_type ) + { + @unlink($tempfile); + echo '
    ' . $lang->get('usercp_avatar_bad_filetype') . '
    '; + break; + } + + $avi_path_new = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $file_type; + + // The file type is good - validate dimensions and animation + switch($file_type) + { + case 'png': + $is_animated = is_png_animated($tempfile); + $dimensions = png_get_dimensions($tempfile); + break; + case 'gif': + $is_animated = is_gif_animated($tempfile); + $dimensions = gif_get_dimensions($tempfile); + break; + case 'jpg': + $is_animated = false; + $dimensions = jpg_get_dimensions($tempfile); + break; + default: + echo '
    API mismatch
    '; + break 2; + } + // Did we get invalid size data? If so the image is probably corrupt. + if ( !$dimensions ) + { + @unlink($tempfile); + echo '
    ' . $lang->get('usercp_avatar_corrupt_image') . '
    '; + break; + } + // Is the image animated? + if ( $is_animated && getConfig('avatar_enable_anim', 0) !== 1 ) + { + @unlink($tempfile); + echo '
    ' . $lang->get('usercp_avatar_disallowed_animation') . '
    '; + break; + } + // Check image dimensions + list($image_x, $image_y) = $dimensions; + $max_x = intval(getConfig('avatar_max_width')); + $max_y = intval(getConfig('avatar_max_height')); + if ( $image_x > $max_x || $image_y > $max_y ) + { + // try to scale the image + try + { + @rename($tempfile, "$tempfile-unscaled.$file_type"); + $scale_result = scale_image("$tempfile-unscaled.$file_type", "$tempfile.$file_type", $max_x, $max_y, true); + if ( $scale_result ) + { + if ( !(@unlink("$tempfile-unscaled.$file_type") && @rename("$tempfile.$file_type", $tempfile)) ) + { + // scale failed + @unlink("$tempfile-scale.$file_type"); + echo '
    Rename failure: ' . $lang->get('usercp_avatar_too_large') . '
    '; + break; + } + } + else + { + @unlink($tempfile); + @unlink("$tempfile-unscaled.$file_type"); + echo '
    Scale failure: ' . $lang->get('usercp_avatar_too_large') . '
    '; + break; + } + } + catch ( Exception $e ) + { + // If we get here, the scaling process most definitely failed. + echo '
    EXCEPTION: ' . $lang->get('usercp_avatar_too_large') . '
    '; + break; + } + } + // Check file size last, so that the scale operation is considered + if ( filesize($tempfile) > $max_size ) + { + @unlink($tempfile); + echo '
    ' . $lang->get('usercp_avatar_file_too_large') . '
    '; + break; + } + // All good! + @unlink($avi_path); + if ( rename($tempfile, $avi_path_new) ) + { + $q = $db->sql_query('UPDATE ' . table_prefix . "users SET user_has_avatar = 1, avatar_type = '$file_type' WHERE user_id = {$user_id};"); + if ( !$q ) + $db->_die('Avatar CP updating users table after successful avatar upload'); + $has_avi = 1; + $avi_type = $file_type; + $quiet || print '
    ' . $lang->get('usercp_avatar_upload_success') . '
    '; + } + else + { + echo '
    ' . $lang->get('usercp_avatar_move_failed') . '
    '; + } + $had_a_boo_boo = false; + break; + case 'set_gravatar': + // set avatar to use Gravatar + // make sure we're allowed to do this + if ( getConfig('avatar_upload_gravatar') != '1' ) + { + // access denied + break; + } + // first, remove old image + if ( $has_avi ) + { + // First switch the avatar off + $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 0 WHERE user_id = ' . $user_id . ';'); + if ( !$q ) + $db->_die('Avatar CP switching user avatar off'); + + @unlink($avi_path); + } + // set to gravatar mode + $q = $db->sql_query('UPDATE ' . table_prefix . 'users SET user_has_avatar = 1, avatar_type = \'grv\' WHERE user_id = ' . $user_id . ';'); + if ( !$q ) + $db->_die('Avatar CP switching user avatar off'); + + $has_avi = 1; + $quiet || print '
    ' . $lang->get('usercp_avatar_gravatar_success') . '
    '; + $had_a_boo_boo = false; + break; + } + return array($has_avi, $avi_type, $had_a_boo_boo); +} + ?> diff -r faef5e62e1e0 -r 90225c988124 plugins/admin/CacheManager.php --- a/plugins/admin/CacheManager.php Tue Aug 25 01:43:11 2009 -0400 +++ b/plugins/admin/CacheManager.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. diff -r faef5e62e1e0 -r 90225c988124 plugins/admin/GroupManager.php --- a/plugins/admin/GroupManager.php Tue Aug 25 01:43:11 2009 -0400 +++ b/plugins/admin/GroupManager.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. diff -r faef5e62e1e0 -r 90225c988124 plugins/admin/Home.php --- a/plugins/admin/Home.php Tue Aug 25 01:43:11 2009 -0400 +++ b/plugins/admin/Home.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. diff -r faef5e62e1e0 -r 90225c988124 plugins/admin/LangManager.php --- a/plugins/admin/LangManager.php Tue Aug 25 01:43:11 2009 -0400 +++ b/plugins/admin/LangManager.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. diff -r faef5e62e1e0 -r 90225c988124 plugins/admin/PageEditor.php --- a/plugins/admin/PageEditor.php Tue Aug 25 01:43:11 2009 -0400 +++ b/plugins/admin/PageEditor.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. diff -r faef5e62e1e0 -r 90225c988124 plugins/admin/PageGroups.php --- a/plugins/admin/PageGroups.php Tue Aug 25 01:43:11 2009 -0400 +++ b/plugins/admin/PageGroups.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. diff -r faef5e62e1e0 -r 90225c988124 plugins/admin/PageManager.php --- a/plugins/admin/PageManager.php Tue Aug 25 01:43:11 2009 -0400 +++ b/plugins/admin/PageManager.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. diff -r faef5e62e1e0 -r 90225c988124 plugins/admin/PluginManager.php --- a/plugins/admin/PluginManager.php Tue Aug 25 01:43:11 2009 -0400 +++ b/plugins/admin/PluginManager.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. diff -r faef5e62e1e0 -r 90225c988124 plugins/admin/SecurityLog.php --- a/plugins/admin/SecurityLog.php Tue Aug 25 01:43:11 2009 -0400 +++ b/plugins/admin/SecurityLog.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. @@ -176,7 +175,7 @@ case "u_to_mod" : $return .= $lang->get('acpsl_entry_u_to_mod' , array('username' => $r['page_text'])); break; case "view_comment_ip" : $return .= $lang->get('acpsl_entry_view_comment_ip' , array('username' => htmlspecialchars($r['page_text']))); break; } - $return .= ''.enano_date('d M Y h:i a', $r['time_id']).''.$r['author'].''.$r['edit_summary'].''; + $return .= ''.enano_date(ED_DATE | ED_TIME, $r['time_id']).''.$r['author'].''.$r['edit_summary'].''; return $return; } diff -r faef5e62e1e0 -r 90225c988124 plugins/admin/ThemeManager.php --- a/plugins/admin/ThemeManager.php Tue Aug 25 01:43:11 2009 -0400 +++ b/plugins/admin/ThemeManager.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. diff -r faef5e62e1e0 -r 90225c988124 plugins/admin/UserManager.php --- a/plugins/admin/UserManager.php Tue Aug 25 01:43:11 2009 -0400 +++ b/plugins/admin/UserManager.php Tue Aug 25 01:43:40 2009 -0400 @@ -2,8 +2,7 @@ /* * Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between - * Version 1.1.6 (Caoineag beta 1) - * Copyright (C) 2006-2008 Dan Fuhry + * Copyright (C) 2006-2009 Dan Fuhry * * This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License * as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. @@ -60,6 +59,24 @@ if ( !$q ) $db->_die(); echo '
    ' . $lang->get('acpum_msg_delete_success') . '
    '; + + // deleting own account? + if ( $user_id === $session->user_id ) + { + // cute little hack to boot them out of the admin panel + echo ''; + } } else { @@ -89,7 +106,7 @@ $real_name = $_POST['real_name']; } - $signature = RenderMan::preprocess_text($_POST['signature'], true, true); + $signature = RenderMan::preprocess_text($_POST['signature'], true, false); $user_level = intval($_POST['user_level']); if ( $user_level < USER_LEVEL_MEMBER || $user_level > USER_LEVEL_ADMIN ) @@ -129,7 +146,10 @@ $homepage = ''; } - if ( count($errors) < 1 ) + // true for quiet operation + list(, , $avatar_post_fail) = avatar_post($user_id, true); + + if ( count($errors) < 1 && !$avatar_post_fail ) { $q = $db->sql_query('SELECT u.user_level, u.user_has_avatar, u.avatar_type FROM '.table_prefix.'users AS u WHERE u.user_id = ' . $user_id . ';'); if ( !$q ) @@ -177,167 +197,6 @@ $to_update_users['activation_key'] = sha1($session->dss_rand()); } - // Avatar validation - $action = ( isset($_POST['avatar_action']) ) ? $_POST['avatar_action'] : 'keep'; - $avi_path = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $avi_type; - switch($action) - { - case 'keep': - default: - break; - case 'remove': - if ( $has_avi ) - { - // First switch the avatar off - $to_update_users['user_has_avatar'] = '0'; - @unlink($avi_path); - } - break; - case 'set_http': - case 'set_file': - // Hackish way to preserve the UNIX philosophy of reusing as much code as possible - if ( $action == 'set_http' ) - { - // Check if this action is enabled - if ( getConfig('avatar_upload_http', 1) !== 1 ) - { - // non-localized, only appears on hack attempt - $errors[] = 'Uploads over HTTP are disabled.'; - break; - } - // Download the file - require_once( ENANO_ROOT . '/includes/http.php' ); - - if ( !preg_match('/^http:\/\/([a-z0-9-\.]+)(:([0-9]+))?\/(.+)$/', $_POST['avatar_http_url'], $match) ) - { - $errors[] = $lang->get('usercp_avatar_invalid_url'); - break; - } - - $hostname = $match[1]; - $uri = '/' . $match[4]; - $port = ( $match[3] ) ? intval($match[3]) : 80; - $max_size = intval(getConfig('avatar_max_size')); - - // Get temporary file - $tempfile = tempnam(false, "enanoavatar_{$user_id}"); - if ( !$tempfile ) - $errors[] = 'Error getting temp file.'; - - @unlink($tempfile); - $request = new Request_HTTP($hostname, $uri, 'GET', $port); - $result = $request->write_response_to_file($tempfile, 50, $max_size); - if ( !$result || $request->response_code != HTTP_OK ) - { - @unlink($tempfile); - $errors[] = $lang->get('usercp_avatar_bad_write'); - break; - } - - // Response written. Proceed to validation... - } - else - { - // Check if this action is enabled - if ( getConfig('avatar_upload_file', 1) !== 1 ) - { - // non-localized, only appears on hack attempt - $errors[] = 'Uploads from the browser are disabled.'; - break; - } - - $max_size = intval(getConfig('avatar_max_size')); - - $file =& $_FILES['avatar_file']; - $tempfile =& $file['tmp_name']; - if ( filesize($tempfile) > $max_size ) - { - @unlink($tempfile); - $errors[] = $lang->get('usercp_avatar_file_too_large'); - break; - } - } - $file_type = get_image_filetype($tempfile); - if ( !$file_type ) - { - unlink($tempfile); - $errors[] = $lang->get('usercp_avatar_bad_filetype'); - break; - } - - $avi_path_new = ENANO_ROOT . '/' . getConfig('avatar_directory') . '/' . $user_id . '.' . $file_type; - - // The file type is good - validate dimensions and animation - switch($file_type) - { - case 'png': - $is_animated = is_png_animated($tempfile); - $dimensions = png_get_dimensions($tempfile); - break; - case 'gif': - $is_animated = is_gif_animated($tempfile); - $dimensions = gif_get_dimensions($tempfile); - break; - case 'jpg': - $is_animated = false; - $dimensions = jpg_get_dimensions($tempfile); - break; - default: - $errors[] = 'API mismatch'; - break 2; - } - // Did we get invalid size data? If so the image is probably corrupt. - if ( !$dimensions ) - { - @unlink($tempfile); - $errors[] = $lang->get('usercp_avatar_corrupt_image'); - break; - } - // Is the image animated? - if ( $is_animated && getConfig('avatar_enable_anim') !== '1' ) - { - @unlink($tempfile); - $errors[] = $lang->get('usercp_avatar_disallowed_animation'); - break; - } - // Check image dimensions - list($image_x, $image_y) = $dimensions; - $max_x = intval(getConfig('avatar_max_width')); - $max_y = intval(getConfig('avatar_max_height')); - if ( $image_x > $max_x || $image_y > $max_y ) - { - @unlink($tempfile); - $errors[] = $lang->get('usercp_avatar_too_large'); - break; - } - // All good! - @unlink($avi_path); - if ( rename($tempfile, $avi_path_new) ) - { - $to_update_users['user_has_avatar'] = '1'; - $to_update_users['avatar_type'] = $file_type; - } - else - { - // move failed - turn avatar off - $to_update_users['user_has_avatar'] = '0'; - } - break; - case 'set_gravatar': - // set avatar to use Gravatar - // first, remove old image - if ( $has_avi ) - { - @unlink($avi_path); - } - // set to gravatar mode - $to_update_users['user_has_avatar'] = '1'; - $to_update_users['avatar_type'] = 'grv'; - - $has_avi = 1; - break; - } - if ( count($errors) < 1 ) { $to_update_users_extra = array(); @@ -423,14 +282,17 @@ } } - if ( count($errors) > 0 ) + if ( count($errors) > 0 || @$avatar_post_fail ) { - echo '
    - ' . $lang->get('acpum_err_validation_fail') . ' -
      -
    • ' . implode("
      • \n
    • ", $errors) . '
      • -
    -
    '; + if ( count($errors) > 0 ) + { + echo '
    + ' . $lang->get('acpum_err_validation_fail') . ' +
      +
    • ' . implode("
      • \n
    • ", $errors) . '
      • +
    +
    '; + } $form = new Admin_UserManager_SmartForm(); $form->user_id = $user_id; $form->username = $username; @@ -466,7 +328,7 @@ # END VALIDATION # } - else if ( isset($_POST['action']['go']) || ( isset($_GET['src']) && $_GET['src'] == 'get' ) ) + else if ( isset($_POST['action']['go']) || ( isset($_GET['src']) && $_GET['src'] == 'get' ) || ($pathsuser = $paths->getParam(0)) ) { if ( isset($_GET['user']) ) { @@ -480,6 +342,10 @@ { $username =& $_POST['username']; } + else if ( $pathsuser ) + { + $username = str_replace('_', ' ', dirtify_page_id($pathsuser)); + } else { echo 'No username provided'; @@ -680,7 +546,7 @@ else $cls = 'row2'; $coppa = ( $row['user_coppa'] == '1' ) ? '' . $lang->get('acpum_coppauser_yes') . '' : $lang->get('acpum_coppauser_no'); echo ' - '.enano_date('F d, Y h:i a', $row['time_id']).' + '.enano_date(ED_DATE | ED_TIME, $row['time_id']).' '.$row['author'].' '.$row['edit_summary'].' ' . $coppa . ' @@ -1091,32 +957,21 @@ {lang:acpum_avatar_lbl_change} - +