--- a/includes/clientside/static/.acl.js.marks Mon Jul 02 20:33:57 2007 -0400
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,1 +0,0 @@
-!t;10617;10617
--- a/includes/clientside/static/acl.js Mon Jul 02 20:33:57 2007 -0400
+++ b/includes/clientside/static/acl.js Tue Jul 03 14:07:35 2007 -0400
@@ -26,6 +26,12 @@
{
__aclBuildWizardWindow();
groups = parseJSON(ajax.responseText);
+ if ( groups.mode == 'error' )
+ {
+ alert(groups.error);
+ killACLManager();
+ return false;
+ }
aclDataCache = groups;
__aclBuildSelector(groups);
}
@@ -52,6 +58,12 @@
document.getElementById(aclManagerID + '_back').style.display = 'none';
document.getElementById(aclManagerID + '_next').value = 'Next >';
groups = parseJSON(ajax.responseText);
+ if ( groups.mode == 'error' )
+ {
+ alert(groups.error);
+ killACLManager();
+ return false;
+ }
aclDataCache = groups;
thispage = strToPageID(title);
groups.page_id = thispage[0];
@@ -83,7 +95,7 @@
grpb = document.createElement('input');
grpb.type = 'radio';
grpb.name = 'target_type';
- grpb.value = 1; // ACL_TYPE_GROUP
+ grpb.value = '1'; // ACL_TYPE_GROUP
grpb.checked = 'checked';
grpb.className = seed;
grpb.onclick = function() { seed = this.className; document.getElementById('enACL_grpbox_'+seed).style.display = 'block'; document.getElementById('enACL_usrbox_'+seed).style.display = 'none'; };
@@ -96,7 +108,7 @@
usrb = document.createElement('input');
usrb.type = 'radio';
usrb.name = 'target_type';
- usrb.value = 2; // ACL_TYPE_USER
+ usrb.value = '2'; // ACL_TYPE_USER
usrb.className = seed;
usrb.onclick = function() { seed = this.className; document.getElementById('enACL_grpbox_'+seed).style.display = 'none'; document.getElementById('enACL_usrbox_'+seed).style.display = 'block'; };
lbl2 = document.createElement('label');
@@ -354,6 +366,7 @@
if(!document.getElementById(aclManagerID+'_deletelnk'))
document.getElementById(aclManagerID + '_main').innerHTML += '<p id="'+aclManagerID+'_deletelnk" style="text-align: right;"><a href="#delete_acl_rule" onclick="if(confirm(\'Do you really want to delete this rule?\')) __aclDeleteRule(); return false;" style="color: red;">Delete this rule</a></p>';
//fadeInfoBoxes();
+ document.getElementById(aclManagerID+'_main').scrollTop = 0;
break;
case 'delete':
@@ -517,8 +530,8 @@
el = document.getElementById(aclManagerID);
if(el)
{
- el.parentNode.removeChild(el);
- enlighten();
+ opacity(aclManagerID, 100, 0, 500);
+ setTimeout('var el = document.getElementById(aclManagerID); el.parentNode.removeChild(el); enlighten();', 750);
}
}
@@ -540,7 +553,7 @@
alert('BUG: can\'t get the state value from the form field.');
break;
case 'seltarget':
- var target_type = parseInt(getRadioState(thefrm, 'target_type'));
+ var target_type = parseInt(getRadioState(thefrm, 'target_type', ['1', '2']));
if(isNaN(target_type))
{
alert('Please select a target type.');
@@ -555,7 +568,7 @@
if(do_scopesel)
{
- scope = getRadioState(thefrm, 'scope');
+ scope = getRadioState(thefrm, 'scope', ['page', 'global']);
if(scope == 'page')
{
pageid = strToPageID(title);
@@ -589,16 +602,15 @@
case 'save_new':
var form = document.forms[aclManagerID + '_formobj'];
selections = new Object();
+ var dbg = '';
for(var i in aclPermList)
{
- if(i != 'toJSONString' && i != aclPermList.length-1)
+ selections[aclPermList[i]] = getRadioState(form, aclPermList[i], [1, 2, 3, 4]);
+ dbg += aclPermList[i] + ': ' + selections[aclPermList[i]] + "\n";
+ if(!selections[aclPermList[i]])
{
- selections[aclPermList[i]] = getRadioState(form, aclPermList[i]);
- if(!selections[aclPermList[i]])
- {
- alert("Invalid return from getRadioState: "+i+": "+selections[i]+" ("+typeof(selections[i])+")");
- return false;
- }
+ alert("Invalid return from getRadioState: "+i+": "+selections[i]+" ("+typeof(selections[i])+")");
+ return false;
}
}
obj = new Object();
@@ -618,8 +630,47 @@
}
}
-function getRadioState(form, name)
+function getRadioState(form, name, valArray)
{
+ // Konqueror/Safari fix
+ if ( form[name] )
+ {
+ var formitem = form[name];
+ if ( String(formitem) == '[object DOMNamedNodesCollection]' || is_Safari )
+ {
+ var i = 0;
+ var radios = new Array();
+ var radioids = new Array();
+ while(true)
+ {
+ var elem = formitem[i];
+ if ( !elem )
+ break;
+ radios.push(elem);
+ if ( !elem.id )
+ {
+ elem.id = 'autoRadioBtn_' + Math.floor(Math.random() * 1000000);
+ }
+ radioids.push(elem.id);
+ i++;
+ }
+ var cr;
+ for ( var i = 0; i < radios.length; i++ )
+ {
+ cr = document.getElementById(radioids[i]);
+ if ( cr.value == 'on' || cr.checked == true )
+ {
+ try {
+ return ( typeof ( valArray[i] ) != 'undefined' ) ? valArray[i] : false;
+ } catch(e) {
+ // alert('Didn\'t get value for index: ' + i);
+ return false;
+ }
+ }
+ }
+ return false;
+ }
+ }
inputs = form.getElementsByTagName('input');
radios = new Array();
for(var i in inputs)
@@ -635,16 +686,20 @@
return false;
}
-function __aclSetAllRadios(val)
+function __aclSetAllRadios(val, valArray)
{
- val = val+'';
- form = document.forms[aclManagerID + '_formobj'];
+ val = String(val);
+ var form = document.forms[aclManagerID + '_formobj'];
if (!form)
+ {
return false;
- inputs = form.getElementsByTagName('input');
- radios = new Array();
- for(var i in inputs)
+ }
+ var inputs = form.getElementsByTagName('input');
+ var radios = new Array();
+ var dbg = '';
+ for(var i = 0; i < inputs.length; i++)
{
+ dbg += String(inputs[i]) + "\n";
if(inputs[i].type == 'radio')
radios.push(inputs[i]);
}
--- a/includes/clientside/static/ajax.js Mon Jul 02 20:33:57 2007 -0400
+++ b/includes/clientside/static/ajax.js Tue Jul 03 14:07:35 2007 -0400
@@ -33,7 +33,11 @@
ajax.onreadystatechange = f;
ajax.open('POST', uri, true);
ajax.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
- ajax.setRequestHeader("Content-length", parms.length);
+ // Setting Content-length in Safari triggers a warning
+ if ( !is_Safari )
+ {
+ ajax.setRequestHeader("Content-length", parms.length);
+ }
ajax.setRequestHeader("Connection", "close");
ajax.send(parms);
}
--- a/includes/clientside/static/dropdown.js Mon Jul 02 20:33:57 2007 -0400
+++ b/includes/clientside/static/dropdown.js Tue Jul 03 14:07:35 2007 -0400
@@ -32,7 +32,7 @@
var jBox_opacity = 100;
// Adds the jBox CSS to the HTML header. Called on window onload.
-function jBoxInit()
+var jBoxInit = function()
{
setTimeout('jBoxBatchSetup();', 200);
}
@@ -57,34 +57,40 @@
{
$(obj).addClass('menu');
removeTextNodes(obj);
- for ( var i in obj.childNodes )
+
+ for ( var i = 0; i < obj.childNodes.length; i++ )
{
/* normally this would be done in about 2 lines of code, but javascript is so picky..... */
if ( obj.childNodes[i] )
{
if ( obj.childNodes[i].tagName )
{
- if ( obj.childNodes[i].tagName.toLowerCase() == 'a' )
+ if ( obj.childNodes[i].tagName == 'A' )
{
- if ( obj.childNodes[i].nextSibling.tagName )
+ // if ( is_Safari ) alert('It\'s an A: '+obj);
+ if ( obj.childNodes[i].nextSibling )
{
- if ( obj.childNodes[i].nextSibling.tagName.toLowerCase() == 'ul' || ( obj.childNodes[i].nextSibling.tagName.toLowerCase() == 'div' && obj.childNodes[i].nextSibling.className == 'submenu' ) )
+ // alert("Next sibling: " + obj.childNodes[i].nextSibling);
+ if ( obj.childNodes[i].nextSibling.tagName )
{
- // Calculate height
- var ul = obj.childNodes[i].nextSibling;
- domObjChangeOpac(0, ul);
- ul.style.display = 'block';
- var dim = fetch_dimensions(ul);
- if ( !ul.id )
- ul.id = 'jBoxmenuobj_' + Math.floor(Math.random() * 10000000);
- jBoxMenuHeights[ul.id] = parseInt(dim['h']) - 2; // subtract 2px for border width
- ul.style.display = 'none';
- domObjChangeOpac(100, ul);
-
- // Setup events
- obj.childNodes[i].onmouseover = function() { jBoxOverHandler(this); };
- obj.childNodes[i].onmouseout = function(e) { jBoxOutHandler(this, e); };
- obj.childNodes[i].nextSibling.onmouseout = function(e) { jBoxOutHandler(this, e); };
+ if ( obj.childNodes[i].nextSibling.tagName == 'UL' || ( obj.childNodes[i].nextSibling.tagName.toLowerCase() == 'div' && obj.childNodes[i].nextSibling.className == 'submenu' ) )
+ {
+ // Calculate height
+ var ul = obj.childNodes[i].nextSibling;
+ domObjChangeOpac(0, ul);
+ ul.style.display = 'block';
+ var dim = fetch_dimensions(ul);
+ if ( !ul.id )
+ ul.id = 'jBoxmenuobj_' + Math.floor(Math.random() * 10000000);
+ jBoxMenuHeights[ul.id] = parseInt(dim['h']) - 2; // subtract 2px for border width
+ ul.style.display = 'none';
+ domObjChangeOpac(100, ul);
+
+ // Setup events
+ obj.childNodes[i].onmouseover = function() { jBoxOverHandler(this); };
+ obj.childNodes[i].onmouseout = function(e) { jBoxOutHandler(this, e); };
+ obj.childNodes[i].nextSibling.onmouseout = function(e) { jBoxOutHandler(this, e); };
+ }
}
}
}
@@ -96,8 +102,8 @@
// Called when user hovers mouse over a submenu
function jBoxOverHandler(obj)
{
- if ( is_Safari )
- alert('Safari and over');
+ // if ( is_Safari )
+ // alert('Safari and over');
// Random ID used to track the object to perform on
var seed = Math.floor(Math.random() * 1000000);
jBoxObjCache[seed] = obj;
@@ -420,9 +426,9 @@
{
if(obj)
{
- if(typeof(obj.tagName) != 'string')
+ if(typeof(obj.tagName) != 'string' || ( String(obj) == '[object Text]' && is_Safari ) )
{
- if ( obj.nodeType == 3 && obj.data.match(/^([\s]*)$/ig) )
+ if ( ( obj.nodeType == 3 && obj.data.match(/^([\s]*)$/ig) ) ) // || ( typeof(obj.innerHTML) == undefined && is_Safari ) )
{
obj.parentNode.removeChild(obj);
return;
@@ -430,7 +436,7 @@
}
if(obj.firstChild)
{
- for(var i in obj.childNodes)
+ for(var i = 0; i < obj.childNodes.length; i++)
{
removeTextNodes(obj.childNodes[i]);
}
@@ -443,7 +449,7 @@
type = '*';
ret = new Array();
el = parent.getElementsByTagName(type);
- for ( var i in el )
+ for ( var i = 0; i < el.length; i++ )
{
if ( typeof(el[i]) != 'object')
continue; // toJSONString() compatibility
--- a/includes/clientside/static/editor.js Mon Jul 02 20:33:57 2007 -0400
+++ b/includes/clientside/static/editor.js Tue Jul 03 14:07:35 2007 -0400
@@ -1,10 +1,10 @@
// Javascript routines for the page editor
-function initTinyMCE(e)
+var initTinyMCE = function(e)
{
if ( typeof(tinyMCE) == 'object' )
{
- tinyMCE.init({
+ var options = {
mode : "exact",
elements : '',
plugins : 'table',
@@ -15,7 +15,8 @@
theme_advanced_buttons1_add : "fontselect,fontsizeselect",
theme_advanced_buttons3_add_before : "tablecontrols,separator",
theme_advanced_statusbar_location : 'bottom'
- });
+ }
+ tinyMCE.init(options);
}
}
addOnloadHook(initTinyMCE);
--- a/includes/clientside/static/enano-lib-basic.js Mon Jul 02 20:33:57 2007 -0400
+++ b/includes/clientside/static/enano-lib-basic.js Tue Jul 03 14:07:35 2007 -0400
@@ -283,7 +283,16 @@
function addOnloadHook(func)
{
if ( typeof ( func ) == 'function' )
- onload_hooks[onload_hooks.length] = func;
+ {
+ try
+ {
+ onload_hooks.push(func);
+ }
+ catch(e)
+ {
+ onload_hooks[onload_hooks.length] = func;
+ }
+ }
}
function runOnloadHooks(e)
--- a/includes/clientside/static/json.js Mon Jul 02 20:33:57 2007 -0400
+++ b/includes/clientside/static/json.js Tue Jul 03 14:07:35 2007 -0400
@@ -47,7 +47,7 @@
l = input.length,
v;
- function p(s) {
+ var p = function (s) {
if (b) {
a.push(',');
@@ -78,7 +78,7 @@
return a.join('');
break;
case 'date':
- function f(n)
+ var f = function (n)
{
return n < 10 ? '0' + n : n;
}
@@ -101,7 +101,7 @@
k,
v;
- function p(s)
+ var p = function (s)
{
if (b)
{
--- a/includes/clientside/static/misc.js Mon Jul 02 20:33:57 2007 -0400
+++ b/includes/clientside/static/misc.js Tue Jul 03 14:07:35 2007 -0400
@@ -84,8 +84,12 @@
bdim = { 'w' : getWidth(), 'h' : getHeight() };
so = getScrollOffset();
- left = (bdim['w'] / 2) - ( dim['w'] / 2 );
- top = (bdim['h'] / 2) - ( dim['h'] / 2 ) + so;
+ var left = (bdim['w'] / 2) - ( dim['w'] / 2 );
+
+ var top = (bdim['h'] / 2);
+ top = top - ( dim['h'] / 2 );
+
+ top = top + so;
thediv.style.top = top + 'px';
thediv.style.left = left + 'px';
@@ -313,7 +317,7 @@
ajaxGet(makeUrlNS('Special', 'Login', 'act=getkey'), function() {
if ( ajax.readyState == 4 )
{
- var response = ajax.responseText;
+ var response = String(ajax.responseText);
if ( response.substr(0,1) != '{' )
{
alert('Invalid JSON response from server: ' + response);
@@ -343,7 +347,7 @@
$('messageBox').object.nextSibling.firstChild.tabindex = '3';
$('ajaxlogin_user').object.focus();
$('ajaxlogin_pass').object.onblur = function(e) { if ( !shift ) $('messageBox').object.nextSibling.firstChild.focus(); };
- $('ajaxlogin_pass').object.onkeypress = function(e) { if ( e.keyCode == 13 ) $('messageBox').object.nextSibling.firstChild.click(); };
+ $('ajaxlogin_pass').object.onkeypress = function(e) { if ( !e && IE ) return true; if ( e.keyCode == 13 ) $('messageBox').object.nextSibling.firstChild.click(); };
}
});
}
--- a/includes/clientside/tinymce/tiny_mce_src.js Mon Jul 02 20:33:57 2007 -0400
+++ b/includes/clientside/tinymce/tiny_mce_src.js Tue Jul 03 14:07:35 2007 -0400
@@ -439,12 +439,24 @@
return;
if (this.loadingIndex < this.pendingFiles.length) {
- se = d.createElementNS('http://www.w3.org/1999/xhtml', 'script');
- se.setAttribute('language', 'javascript');
- se.setAttribute('type', 'text/javascript');
- se.setAttribute('src', this.pendingFiles[this.loadingIndex++]);
-
- d.getElementsByTagName("head")[0].appendChild(se);
+ try {
+ /*
+ se = d.createElementNS('http://www.w3.org/1999/xhtml', 'script');
+ se.setAttribute('language', 'javascript');
+ se.setAttribute('type', 'text/javascript');
+ se.setAttribute('src', this.pendingFiles[this.loadingIndex++]);
+ */
+
+ se = d.createElement('script');
+ se.language = 'javascript';
+ se.type = 'text/javascript';
+ se.src = this.pendingFiles[this.loadingIndex++];
+
+ d.getElementsByTagName("head")[0].appendChild(se);
+ } catch(e) {
+ var error = e.toString();
+ alert(error);
+ }
} else
this.loadingIndex = -1; // Done with loading
},
@@ -1520,8 +1532,40 @@
return;
}
- if (tinyMCE.isRealIE && window.event.type == "readystatechange" && document.readyState != "complete")
- return true;
+ if (tinyMCE.isRealIE)
+ {
+ try
+ {
+ if ( typeof(window.event) == 'object' && window.event != null )
+ {
+ try
+ {
+ if ( window.event.type == "onreadystatechange" )
+ {
+ try
+ {
+ if ( document.readyState != "complete" )
+ {
+ return true;
+ }
+ }
+ catch(e)
+ {
+ alert('inner error: ' + e.description);
+ }
+ }
+ }
+ catch(e)
+ {
+ alert('middle error: ' + e.description);
+ }
+ }
+ }
+ catch(e)
+ {
+ alert('Outer error: ' + e.description);
+ }
+ }
if (tinyMCE.isLoaded)
return true;
--- a/includes/functions.php Mon Jul 02 20:33:57 2007 -0400
+++ b/includes/functions.php Tue Jul 03 14:07:35 2007 -0400
@@ -1154,13 +1154,15 @@
{
if(enano_get_magic_quotes_gpc())
{
- $_POST = stripslashes_recurse($_POST);
- $_GET = stripslashes_recurse($_GET);
- $_COOKIE = stripslashes_recurse($_COOKIE);
+ $_POST = stripslashes_recurse($_POST);
+ $_GET = stripslashes_recurse($_GET);
+ $_COOKIE = stripslashes_recurse($_COOKIE);
+ $_REQUEST = stripslashes_recurse($_REQUEST);
}
- $_POST = strip_nul_chars($_POST);
- $_GET = strip_nul_chars($_GET);
- $_COOKIE = strip_nul_chars($_COOKIE);
+ $_POST = strip_nul_chars($_POST);
+ $_GET = strip_nul_chars($_GET);
+ $_COOKIE = strip_nul_chars($_COOKIE);
+ $_REQUEST = strip_nul_chars($_REQUEST);
}
/**
--- a/includes/pageutils.php Mon Jul 02 20:33:57 2007 -0400
+++ b/includes/pageutils.php Tue Jul 03 14:07:35 2007 -0400
@@ -1655,7 +1655,12 @@
{
global $db, $session, $paths, $template, $plugins; // Common objects
if(!$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN)
- return 'Access is denied.';
+ {
+ return Array(
+ 'mode' => 'error',
+ 'error' => 'You are not authorized to view or edit access control lists.'
+ );
+ }
$parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false;
$parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false;
$page_id =& $parms['page_id'];
--- a/includes/paths.php Mon Jul 02 20:33:57 2007 -0400
+++ b/includes/paths.php Tue Jul 03 14:07:35 2007 -0400
@@ -40,7 +40,7 @@
'System' =>'Enano:',
'Template'=>'Template:',
'Category'=>'Category:',
- 'Project' =>str_replace(' ', '_', getConfig('site_name')).':',
+ 'Project' =>sanitize_page_id(getConfig('site_name')).':',
);
// ACL types
--- a/includes/rijndael.php Mon Jul 02 20:33:57 2007 -0400
+++ b/includes/rijndael.php Tue Jul 03 14:07:35 2007 -0400
@@ -913,7 +913,9 @@
{
$ret = $this->hexToByteArray($this->strtohex($text));
if(count($ret) != strlen($text))
- die('problem seems to be the hex conversion');
+ {
+ die('Could not convert string "' . $text . '" to hex byte array for encryption');
+ }
return $ret;
}
--- a/includes/template.php Mon Jul 02 20:33:57 2007 -0400
+++ b/includes/template.php Tue Jul 03 14:07:35 2007 -0400
@@ -702,9 +702,9 @@
$tpl_strings = Array(
'PAGE_NAME'=>htmlspecialchars($paths->cpage['name']),
'PAGE_URLNAME'=> $urlname_clean,
- 'SITE_NAME'=>getConfig('site_name'),
+ 'SITE_NAME'=>htmlspecialchars(getConfig('site_name')),
'USERNAME'=>$session->username,
- 'SITE_DESC'=>getConfig('site_desc'),
+ 'SITE_DESC'=>htmlspecialchars(getConfig('site_desc')),
'TOOLBAR'=>$tb,
'SCRIPTPATH'=>scriptPath,
'CONTENTPATH'=>contentPath,
--- a/install.php Mon Jul 02 20:33:57 2007 -0400
+++ b/install.php Tue Jul 03 14:07:35 2007 -0400
@@ -61,6 +61,8 @@
require('includes/rijndael.php');
require('includes/functions.php');
+strip_magic_quotes_gpc();
+
//die('Key size: ' . AES_BITS . '<br />Block size: ' . AES_BLOCKSIZE);
if(!function_exists('wikiFormat'))
@@ -664,7 +666,7 @@
{
var frm = document.forms.siteinfo;
ret = true;
- if(frm.sitename.value.match(/^([A-z0-9 ]+)$/g) && frm.sitename.value != 'Enano')
+ if(frm.sitename.value.match(/^(.+)$/g) && frm.sitename.value != 'Enano')
{
document.getElementById('s_name').src='images/good.gif';
}
@@ -701,7 +703,7 @@
<?php
$k = array_keys($_POST);
for($i=0;$i<sizeof($_POST);$i++) {
- echo '<input type="hidden" name="'.$k[$i].'" value="'.$_POST[$k[$i]].'" />'."\n";
+ echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
}
?>
<p>The next step is to enter some information about your website. You can always change this information later, using the administration panel.</p>
@@ -796,7 +798,7 @@
<?php
$k = array_keys($_POST);
for($i=0;$i<sizeof($_POST);$i++) {
- echo '<input type="hidden" name="'.$k[$i].'" value="'.$_POST[$k[$i]].'" />'."\n";
+ echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
}
?>
<p>Next, enter your desired username and password. The account you create here will be used to administer your site.</p>
@@ -836,48 +838,52 @@
</form>
<script type="text/javascript">
// <![CDATA[
- disableJSONExts();
- str = '';
- for(i=0;i<keySizeInBits/4;i++) str+='0';
- var key = hexToByteArray(str);
- var pt = hexToByteArray(str);
- var ct = rijndaelEncrypt(pt, key, "ECB");
- var ect = byteArrayToHex(ct);
- switch(keySizeInBits)
- {
- case 128:
- v = '66e94bd4ef8a2c3b884cfa59ca342b2e';
- break;
- case 192:
- v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7';
- break;
- case 256:
- v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087';
- break;
- }
- var testpassed = ( ect == v && md5_vm_test() );
- var frm = document.forms.login;
- if(testpassed)
- {
- frm.use_crypt.value = 'yes';
- var cryptkey = frm.crypt_key.value;
- frm.crypt_key.value = '';
- if(cryptkey != byteArrayToHex(hexToByteArray(cryptkey)))
- {
- alert('Byte array conversion SUCKS');
- testpassed = false;
- }
- cryptkey = hexToByteArray(cryptkey);
- if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
- {
- frm._cont.disabled = true;
- len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
- alert('The key is messed up\nType: '+typeof(cryptkey)+len);
- }
- }
frm.admin_user.focus();
function runEncryption()
{
+ str = '';
+ for(i=0;i<keySizeInBits/4;i++) str+='0';
+ var key = hexToByteArray(str);
+ var pt = hexToByteArray(str);
+ var ct = rijndaelEncrypt(pt, key, "ECB");
+ var ect = byteArrayToHex(ct);
+ switch(keySizeInBits)
+ {
+ case 128:
+ v = '66e94bd4ef8a2c3b884cfa59ca342b2e';
+ break;
+ case 192:
+ v = 'aae06992acbf52a3e8f4a96ec9300bd7aae06992acbf52a3e8f4a96ec9300bd7';
+ break;
+ case 256:
+ v = 'dc95c078a2408989ad48a21492842087dc95c078a2408989ad48a21492842087';
+ break;
+ }
+ var testpassed = ( ect == v && md5_vm_test() );
+ var frm = document.forms.login;
+ if(testpassed)
+ {
+ // alert('encryption self-test passed');
+ frm.use_crypt.value = 'yes';
+ var cryptkey = frm.crypt_key.value;
+ frm.crypt_key.value = '';
+ if(cryptkey != byteArrayToHex(hexToByteArray(cryptkey)))
+ {
+ alert('Byte array conversion SUCKS');
+ testpassed = false;
+ }
+ cryptkey = hexToByteArray(cryptkey);
+ if(!cryptkey || ( ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ) && cryptkey.length != keySizeInBits / 8 )
+ {
+ frm._cont.disabled = true;
+ len = ( typeof cryptkey == 'string' || typeof cryptkey == 'object' ) ? '\nLen: '+cryptkey.length : '';
+ alert('The key is messed up\nType: '+typeof(cryptkey)+len);
+ }
+ }
+ else
+ {
+ // alert('encryption self-test FAILED');
+ }
if(testpassed)
{
pass = frm.admin_pass.value;
@@ -891,7 +897,7 @@
return false;
}
cryptstring = byteArrayToHex(cryptstring);
- document.getElementById('cryptdebug').innerHTML = '<pre>Data: '+cryptstring+'<br />Key: '+byteArrayToHex(cryptkey)+'</pre>';
+ // document.getElementById('cryptdebug').innerHTML = '<pre>Data: '+cryptstring+'<br />Key: '+byteArrayToHex(cryptkey)+'</pre>';
frm.crypt_data.value = cryptstring;
frm.admin_pass.value = '';
frm.admin_pass_confirm.value = '';
@@ -914,7 +920,7 @@
<?php
$k = array_keys($_POST);
for($i=0;$i<sizeof($_POST);$i++) {
- echo '<input type="hidden" name="'.$k[$i].'" value="'.$_POST[$k[$i]].'" />'."\n";
+ echo '<input type="hidden" name="'.htmlspecialchars($k[$i]).'" value="'.htmlspecialchars($_POST[$k[$i]]).'" />'."\n";
}
?>
<h3>Enano is ready to install.</h3>
@@ -1012,17 +1018,26 @@
$cacheonoff = is_writable(ENANO_ROOT.'/cache/') ? '1' : '0';
echo 'Decrypting administration password...';
- require('config.php');
- if ( !isset($cryptkey) )
+
+ $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
+
+ if ( !empty($_POST['crypt_data']) )
{
- echo 'failed!<br />Cannot get the key from config.php';
- break;
+ require('config.php');
+ if ( !isset($cryptkey) )
+ {
+ echo 'failed!<br />Cannot get the key from config.php';
+ break;
+ }
+ $key = hexdecode($cryptkey);
+
+ $dec = $aes->decrypt($_POST['crypt_data'], $key, ENC_HEX);
+
}
- $aes = new AESCrypt(AES_BITS, AES_BLOCKSIZE);
- $key = $aes->hexToByteArray($cryptkey);
- $enc = $aes->hexToByteArray($_POST['crypt_data']);
- $dec = $aes->rijndaelDecrypt($enc, $key, 'ECB');
- $dec = $aes->byteArrayToString($dec);
+ else
+ {
+ $dec = $_POST['admin_pass'];
+ }
echo 'done!<br />Generating '.AES_BITS.'-bit AES private key...';
$privkey = $aes->gen_readymade_key();
$pkba = hexdecode($privkey);
--- a/plugins/SpecialAdmin.php Mon Jul 02 20:33:57 2007 -0400
+++ b/plugins/SpecialAdmin.php Tue Jul 03 14:07:35 2007 -0400
@@ -246,10 +246,10 @@
<tr><th colspan="2">Global site options</th></tr>
<tr><th colspan="2" class="subhead">These options control the entire site.</th></tr>
- <tr><td class="row1" style="width: 50%;">Site name:</td> <td class="row1" style="width: 50%;"><input type="text" name="site_name" size="30" value="<?php echo getConfig('site_name'); ?>" /></td></tr>
- <tr><td class="row2">Site description:</td> <td class="row2"><input type="text" name="site_desc" size="30" value="<?php echo getConfig('site_desc'); ?>" /></td></tr>
- <tr><td class="row1">Main page:</td> <td class="row1"><?php echo $template->pagename_field('main_page', str_replace('_', ' ', getConfig('main_page'))); ?></td></tr>
- <tr><td class="row2">Copyright notice shown on pages:</td><td class="row2"><input type="text" name="copyright" size="30" value="<?php echo getConfig('copyright_notice'); ?>" /></td></tr>
+ <tr><td class="row1" style="width: 50%;">Site name:</td> <td class="row1" style="width: 50%;"><input type="text" name="site_name" size="30" value="<?php echo htmlspecialchars(getConfig('site_name')); ?>" /></td></tr>
+ <tr><td class="row2">Site description:</td> <td class="row2"><input type="text" name="site_desc" size="30" value="<?php echo htmlspecialchars(getConfig('site_desc')); ?>" /></td></tr>
+ <tr><td class="row1">Main page:</td> <td class="row1"><?php echo $template->pagename_field('main_page', htmlspecialchars(str_replace('_', ' ', getConfig('main_page')))); ?></td></tr>
+ <tr><td class="row2">Copyright notice shown on pages:</td><td class="row2"><input type="text" name="copyright" size="30" value="<?php echo htmlspecialchars(getConfig('copyright_notice')); ?>" /></td></tr>
<tr><td class="row1" colspan="2">Hint: If you're using Windows, you can make a "©" symbol by holding ALT and pressing 0169 on the numeric keypad.</td></tr>
<tr><td class="row2">Contact e-mail<br /><small>All e-mail sent from this site will appear to have come from the address shown here.</small></td><td class="row2"><input name="contact_email" type="text" size="40" value="<?php echo htmlspecialchars(getConfig('contact_email')); ?>" /></td></tr>
@@ -1475,7 +1475,7 @@
if(isset($_POST['page_id']) && isset($_POST['namespace']) && !isset($_POST['cancel']))
{
- $cpage = $paths->pages[$paths->nslist[$_POST['namespace']].$_POST['old_page_id']];
+ $cpage = $paths->pages[$paths->nslist[$_POST['old_namespace']].$_POST['old_page_id']];
if(isset($_POST['submit']))
{
switch(true)
@@ -1492,7 +1492,7 @@
'protected'=>isset($_POST['protected']) ? '1' : '0'
);
- $updating_urlname_or_namespace = ( $page_info['namespace'] != $cpage['namespace'] || $page_info['urlname'] != $cpage['urlname'] );
+ $updating_urlname_or_namespace = ( $page_info['namespace'] != $cpage['namespace'] || $page_info['urlname'] != $cpage['urlname_nons'] );
if ( !isset($paths->nslist[ $page_info['namespace'] ]) )
{
@@ -1515,6 +1515,8 @@
// Build the WHERE statements
$q .= ' WHERE ';
$k = array_keys($cpage);
+ if ( !isset($cpage) )
+ die('no cpage');
foreach($k as $c)
{
if($c != 'urlname_nons' && $c != 'urlname' && $c != 'really_protected')
--- a/schema.sql Mon Jul 02 20:33:57 2007 -0400
+++ b/schema.sql Tue Jul 03 14:07:35 2007 -0400
@@ -263,8 +263,8 @@
INSERT INTO {{TABLE_PREFIX}}users(user_id, username, password, email, real_name, user_level, theme, style, signature, reg_time, account_active) VALUES
(1, 'Anonymous', 'invalid-pass-hash', 'anonspam@enanocms.org', 'None', 1, 'oxygen', 'bleu', '', 0, 0),
- (2, '{{ADMIN_USER}}', '{{ADMIN_PASS}}', '{{ADMIN_EMAIL}}', '{{REAL_NAME}}', 9, 'oxygen', 'bleu', 1, UNIX_TIMESTAMP(), 1);
-
+ (2, '{{ADMIN_USER}}', '{{ADMIN_PASS}}', '{{ADMIN_EMAIL}}', '{{REAL_NAME}}', 9, 'oxygen', 'bleu', '', UNIX_TIMESTAMP(), 1);
+
INSERT INTO {{TABLE_PREFIX}}users_extra(user_id) VALUES
(2);