1
+ − 1
<?php
+ − 2
/*
+ − 3
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
256
+ − 4
* Version 1.0.3 (Dyrad)
1
+ − 5
* Copyright (C) 2006-2007 Dan Fuhry
+ − 6
* pageutils.php - a class that handles raw page manipulations, used mostly by AJAX requests or their old-fashioned form-based counterparts
+ − 7
*
+ − 8
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 9
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 10
*
+ − 11
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 12
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 13
*/
+ − 14
+ − 15
class PageUtils {
+ − 16
+ − 17
/**
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 18
* Tell if a username is used or not.
1
+ − 19
* @param $name the name to check for
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 20
* @return string
1
+ − 21
*/
+ − 22
+ − 23
function checkusername($name)
+ − 24
{
+ − 25
global $db, $session, $paths, $template, $plugins; // Common objects
217
5bcdee999015
Major fixes to the ban system - large IP match lists don't slow down the server miserably anymore.
Dan
diff
changeset
+ − 26
$name = str_replace('_', ' ', $name);
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 27
$q = $db->sql_query('SELECT username FROM ' . table_prefix.'users WHERE username=\'' . $db->escape(rawurldecode($name)) . '\'');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 28
if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 29
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 30
die(mysql_error());
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 31
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 32
if ( $db->numrows() < 1)
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 33
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 34
$db->free_result(); return('good');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 35
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 36
else
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 37
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 38
$db->free_result(); return('bad');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 39
}
1
+ − 40
}
+ − 41
+ − 42
/**
+ − 43
* Get the wiki formatting source for a page
+ − 44
* @param $page the full page id (Namespace:Pagename)
+ − 45
* @return string
+ − 46
* @todo (DONE) Make it require a password (just for security purposes)
+ − 47
*/
+ − 48
+ − 49
function getsource($page, $password = false)
+ − 50
{
+ − 51
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 52
if(!isset($paths->pages[$page]))
+ − 53
{
+ − 54
return '';
+ − 55
}
+ − 56
+ − 57
if(strlen($paths->pages[$page]['password']) == 40)
+ − 58
{
+ − 59
if(!$password || ( $password != $paths->pages[$page]['password']))
+ − 60
{
+ − 61
return 'invalid_password';
+ − 62
}
+ − 63
}
+ − 64
+ − 65
if(!$session->get_permissions('view_source')) // Dependencies handle this for us - this also checks for read privileges
+ − 66
return 'access_denied';
+ − 67
$pid = RenderMan::strToPageID($page);
+ − 68
if($pid[1] == 'Special' || $pid[1] == 'Admin')
+ − 69
{
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 70
die('This type of page (' . $paths->nslist[$pid[1]] . ') cannot be edited because the page source code is not stored in the database.');
1
+ − 71
}
+ − 72
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 73
$e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $pid[0] . '\' AND namespace=\'' . $pid[1] . '\'');
1
+ − 74
if ( !$e )
+ − 75
{
+ − 76
$db->_die('The page text could not be selected.');
+ − 77
}
+ − 78
if( $db->numrows() < 1 )
+ − 79
{
+ − 80
return ''; //$db->_die('There were no rows in the text table that matched the page text query.');
+ − 81
}
+ − 82
+ − 83
$r = $db->fetchrow();
+ − 84
$db->free_result();
+ − 85
$message = $r['page_text'];
+ − 86
+ − 87
return htmlspecialchars($message);
+ − 88
}
+ − 89
+ − 90
/**
+ − 91
* Basically a frontend to RenderMan::getPage(), with the ability to send valid data for nonexistent pages
+ − 92
* @param $page the full page id (Namespace:Pagename)
+ − 93
* @param $send_headers true if the theme headers should be sent (still dependent on current page settings), false otherwise
+ − 94
* @return string
+ − 95
*/
+ − 96
+ − 97
function getpage($page, $send_headers = false, $hist_id = false)
+ − 98
{
+ − 99
die('PageUtils->getpage is deprecated.');
+ − 100
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 101
ob_start();
+ − 102
$pid = RenderMan::strToPageID($page);
+ − 103
//die('<pre>'.print_r($pid, true).'</pre>');
+ − 104
if(isset($paths->pages[$page]['password']) && strlen($paths->pages[$page]['password']) == 40)
+ − 105
{
+ − 106
password_prompt($page);
+ − 107
}
+ − 108
if(isset($paths->pages[$page]))
+ − 109
{
+ − 110
doStats($pid[0], $pid[1]);
+ − 111
}
+ − 112
if($paths->custom_page || $pid[1] == 'Special')
+ − 113
{
+ − 114
// If we don't have access to the page, get out and quick!
+ − 115
if(!$session->get_permissions('read') && $pid[0] != 'Login' && $pid[0] != 'Register')
+ − 116
{
+ − 117
$template->tpl_strings['PAGE_NAME'] = 'Access denied';
+ − 118
+ − 119
if ( $send_headers )
+ − 120
{
+ − 121
$template->header();
+ − 122
}
+ − 123
+ − 124
echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
+ − 125
+ − 126
if ( $send_headers )
+ − 127
{
+ − 128
$template->footer();
+ − 129
}
+ − 130
+ − 131
$r = ob_get_contents();
+ − 132
ob_end_clean();
+ − 133
return $r;
+ − 134
}
+ − 135
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 136
$fname = 'page_' . $pid[1] . '_' . $paths->pages[$page]['urlname_nons'];
1
+ − 137
@call_user_func($fname);
+ − 138
+ − 139
}
+ − 140
else if ( $pid[1] == 'Admin' )
+ − 141
{
+ − 142
// If we don't have access to the page, get out and quick!
+ − 143
if(!$session->get_permissions('read'))
+ − 144
{
+ − 145
$template->tpl_strings['PAGE_NAME'] = 'Access denied';
+ − 146
if ( $send_headers )
+ − 147
{
+ − 148
$template->header();
+ − 149
}
+ − 150
echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
+ − 151
if ( $send_headers )
+ − 152
{
+ − 153
$template->footer();
+ − 154
}
+ − 155
$r = ob_get_contents();
+ − 156
ob_end_clean();
+ − 157
return $r;
+ − 158
}
+ − 159
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 160
$fname = 'page_' . $pid[1] . '_' . $pid[0];
1
+ − 161
if ( !function_exists($fname) )
+ − 162
{
+ − 163
$title = 'Page backend not found';
+ − 164
$message = "The administration page you are looking for was properly registered using the page API, but the backend function
+ − 165
(<tt>$fname</tt>) was not found. If this is a plugin page, then this is almost certainly a bug with the plugin.";
+ − 166
if ( $send_headers )
+ − 167
{
+ − 168
die_friendly($title, "<p>$message</p>");
+ − 169
}
+ − 170
else
+ − 171
{
+ − 172
echo "<h2>$title</h2>\n<p>$message</p>";
+ − 173
}
+ − 174
}
+ − 175
@call_user_func($fname);
+ − 176
}
+ − 177
else if ( !isset( $paths->pages[$page] ) )
+ − 178
{
+ − 179
ob_start();
+ − 180
$code = $plugins->setHook('page_not_found');
+ − 181
foreach ( $code as $cmd )
+ − 182
{
+ − 183
eval($cmd);
+ − 184
}
+ − 185
$text = ob_get_contents();
+ − 186
if ( $text != '' )
+ − 187
{
+ − 188
ob_end_clean();
+ − 189
return $text;
+ − 190
}
+ − 191
$template->header();
+ − 192
if($m = $paths->sysmsg('Page_not_found'))
+ − 193
{
+ − 194
eval('?>'.RenderMan::render($m));
+ − 195
}
+ − 196
else
+ − 197
{
+ − 198
header('HTTP/1.1 404 Not Found');
+ − 199
echo '<h3>There is no page with this title yet.</h3>
+ − 200
<p>You have requested a page that doesn\'t exist yet.';
+ − 201
if($session->get_permissions('create_page')) echo ' You can <a href="'.makeUrl($paths->page, 'do=edit', true).'" onclick="ajaxEditor(); return false;">create this page</a>, or return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.';
+ − 202
else echo ' Return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.</p>';
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 203
if ( $session->get_permissions('history_rollback') )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 204
{
261
+ − 205
$e = $db->sql_query('SELECT * FROM ' . table_prefix.'logs WHERE action=\'delete\' AND page_id=\'' . $paths->page_id . '\' AND namespace=\'' . $pid[1] . '\' ORDER BY time_id DESC;');
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 206
if ( !$e )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 207
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 208
$db->_die('The deletion log could not be selected.');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 209
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 210
if ($db->numrows() > 0 )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 211
{
1
+ − 212
$r = $db->fetchrow();
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 213
echo '<p>This page also appears to have some log entries in the database - it seems that it was deleted on ' . $r['date_string'] . '. You can probably <a href="'.makeUrl($paths->page, 'do=rollback&id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">roll back</a> the deletion.</p>';
1
+ − 214
}
+ − 215
$db->free_result();
+ − 216
}
+ − 217
echo '<p>
+ − 218
HTTP Error: 404 Not Found
+ − 219
</p>';
+ − 220
}
+ − 221
$template->footer();
+ − 222
}
+ − 223
else
+ − 224
{
+ − 225
+ − 226
// If we don't have access to the page, get out and quick!
+ − 227
if(!$session->get_permissions('read'))
+ − 228
{
+ − 229
$template->tpl_strings['PAGE_NAME'] = 'Access denied';
+ − 230
if($send_headers) $template->header();
+ − 231
echo '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
+ − 232
if($send_headers) $template->footer();
+ − 233
$r = ob_get_contents();
+ − 234
ob_end_clean();
+ − 235
return $r;
+ − 236
}
+ − 237
+ − 238
ob_start();
+ − 239
$code = $plugins->setHook('page_custom_handler');
+ − 240
foreach ( $code as $cmd )
+ − 241
{
+ − 242
eval($cmd);
+ − 243
}
+ − 244
$text = ob_get_contents();
+ − 245
if ( $text != '' )
+ − 246
{
+ − 247
ob_end_clean();
+ − 248
return $text;
+ − 249
}
+ − 250
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 251
if ( $hist_id )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 252
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 253
$e = $db->sql_query('SELECT page_text,date_string,char_tag FROM ' . table_prefix.'logs WHERE page_id=\'' . $paths->pages[$page]['urlname_nons'] . '\' AND namespace=\'' . $pid[1] . '\' AND log_type=\'page\' AND action=\'edit\' AND time_id=' . $db->escape($hist_id) . '');
1
+ − 254
if($db->numrows() < 1)
+ − 255
{
+ − 256
$db->_die('There were no rows in the text table that matched the page text query.');
+ − 257
}
+ − 258
$r = $db->fetchrow();
+ − 259
$db->free_result();
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 260
$message = '<div class="info-box" style="margin-left: 0; margin-top: 5px;"><b>Notice:</b><br />The page you are viewing was archived on ' . $r['date_string'] . '.<br /><a href="'.makeUrl($page).'" onclick="ajaxReset(); return false;">View current version</a> | <a href="'.makeUrl($page, 'do=rollback&id=' . $hist_id) . '" onclick="ajaxRollback(\'' . $hist_id . '\')">Restore this version</a></div><br />'.RenderMan::render($r['page_text']);
1
+ − 261
+ − 262
if( !$paths->pages[$page]['special'] )
+ − 263
{
+ − 264
if($send_headers)
+ − 265
{
+ − 266
$template->header();
+ − 267
}
+ − 268
display_page_headers();
+ − 269
}
+ − 270
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 271
eval('?>' . $message);
1
+ − 272
+ − 273
if( !$paths->pages[$page]['special'] )
+ − 274
{
+ − 275
display_page_footers();
+ − 276
if($send_headers)
+ − 277
{
+ − 278
$template->footer();
+ − 279
}
+ − 280
}
+ − 281
+ − 282
} else {
+ − 283
if(!$paths->pages[$page]['special'])
+ − 284
{
+ − 285
$message = RenderMan::getPage($paths->pages[$page]['urlname_nons'], $pid[1]);
+ − 286
}
+ − 287
else
+ − 288
{
+ − 289
$message = RenderMan::getPage($paths->pages[$page]['urlname_nons'], $pid[1], 0, false, false, false, false);
+ − 290
}
+ − 291
// This line is used to debug wikiformatted code
+ − 292
// die('<pre>'.htmlspecialchars($message).'</pre>');
+ − 293
+ − 294
if( !$paths->pages[$page]['special'] )
+ − 295
{
+ − 296
if($send_headers)
+ − 297
{
+ − 298
$template->header();
+ − 299
}
+ − 300
display_page_headers();
+ − 301
}
+ − 302
+ − 303
// This is it, this is what all of Enano has been working up to...
+ − 304
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 305
eval('?>' . $message);
1
+ − 306
+ − 307
if( !$paths->pages[$page]['special'] )
+ − 308
{
+ − 309
display_page_footers();
+ − 310
if($send_headers)
+ − 311
{
+ − 312
$template->footer();
+ − 313
}
+ − 314
}
+ − 315
}
+ − 316
}
+ − 317
$ret = ob_get_contents();
+ − 318
ob_end_clean();
+ − 319
return $ret;
+ − 320
}
+ − 321
+ − 322
/**
+ − 323
* Writes page data to the database, after verifying permissions and running the XSS filter
+ − 324
* @param $page_id the page ID
+ − 325
* @param $namespace the namespace
+ − 326
* @param $message the text to save
+ − 327
* @return string
+ − 328
*/
+ − 329
+ − 330
function savepage($page_id, $namespace, $message, $summary = 'No edit summary given', $minor = false)
+ − 331
{
+ − 332
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 333
$uid = sha1(microtime());
+ − 334
$pname = $paths->nslist[$namespace] . $page_id;
+ − 335
+ − 336
if(!$session->get_permissions('edit_page'))
+ − 337
return 'Access to edit pages is denied.';
+ − 338
+ − 339
if(!isset($paths->pages[$pname]))
+ − 340
{
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 341
$create = PageUtils::createPage($page_id, $namespace);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 342
if ( $create != 'good' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 343
return 'The page did not exist, and I was not able to create it. The reported error was: ' . $create;
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 344
$paths->page_exists = true;
1
+ − 345
}
+ − 346
209
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 347
// Check page protection
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 348
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 349
$is_protected = false;
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 350
$page_data =& $paths->pages[$pname];
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 351
// Is the protection semi?
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 352
if ( $page_data['protected'] == 2 )
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 353
{
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 354
$is_protected = true;
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 355
// Page is semi-protected. Has the user been here for at least 4 days?
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 356
// 345600 seconds = 4 days
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 357
if ( $session->user_logged_in && ( $session->reg_time + 345600 ) <= time() )
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 358
$is_protected = false;
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 359
}
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 360
// Is the protection full?
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 361
else if ( $page_data['protected'] == 1 )
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 362
{
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 363
$is_protected = true;
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 364
}
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 365
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 366
// If it's protected and we DON'T have even_when_protected rights, bail out
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 367
if ( $is_protected && !$session->get_permissions('even_when_protected') )
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 368
{
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 369
return 'You don\'t have the necessary permissions to edit this page.';
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 370
}
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 371
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 372
// We're skipping the wiki mode check here because by default edit_page pemissions are AUTH_WIKIMODE.
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 373
// The exception here is the user's own userpage, which is overridden at the time of account creation.
661beb9b0fa3
Rewrote some security code in PageUtils::savepage to accommodate the ACL system better; there was an issue with non-admin users saving pages on which they have edit rights but wiki mode is turned off
Dan
diff
changeset
+ − 374
// At that point it's set to AUTH_ALLOW, but obviously only for the user's own userpage.
1
+ − 375
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 376
// Strip potentially harmful tags and PHP from the message, dependent upon permissions settings
1
+ − 377
$message = RenderMan::preprocess_text($message, false, false);
+ − 378
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 379
$msg = $db->escape($message);
1
+ − 380
259
112debff64bd
SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
diff
changeset
+ − 381
$minor = $minor ? ENANO_SQL_BOOLEAN_TRUE : ENANO_SQL_BOOLEAN_FALSE;
261
+ − 382
$q='INSERT INTO ' . table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $paths->page_id . '\', \'' . $paths->namespace . '\', ' . ENANO_SQL_MULTISTRING_PRFIX . '\'' . $msg . '\', \'' . $uid . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($summary)) . '\', ' . $minor . ');';
1
+ − 383
if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
+ − 384
259
112debff64bd
SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
diff
changeset
+ − 385
$q = 'UPDATE ' . table_prefix.'page_text SET page_text=' . ENANO_SQL_MULTISTRING_PRFIX . '\'' . $msg . '\',char_tag=\'' . $uid . '\' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';';
1
+ − 386
$e = $db->sql_query($q);
+ − 387
if(!$e) $db->_die('Enano was unable to save the page contents. Your changes have been lost <tt>:\'(</tt>.');
+ − 388
+ − 389
$paths->rebuild_page_index($page_id, $namespace);
+ − 390
+ − 391
return 'good';
+ − 392
}
+ − 393
+ − 394
/**
+ − 395
* Creates a page, both in memory and in the database.
+ − 396
* @param string $page_id
+ − 397
* @param string $namespace
+ − 398
* @return bool true on success, false on failure
+ − 399
*/
+ − 400
+ − 401
function createPage($page_id, $namespace, $name = false, $visible = 1)
+ − 402
{
+ − 403
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 404
if(in_array($namespace, Array('Special', 'Admin')))
+ − 405
{
+ − 406
// echo '<b>Notice:</b> PageUtils::createPage: You can\'t create a special page in the database<br />';
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 407
return 'You can\'t create a special page in the database';
1
+ − 408
}
+ − 409
+ − 410
if(!isset($paths->nslist[$namespace]))
+ − 411
{
+ − 412
// echo '<b>Notice:</b> PageUtils::createPage: Couldn\'t look up the namespace<br />';
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 413
return 'Couldn\'t look up the namespace';
1
+ − 414
}
+ − 415
+ − 416
$pname = $paths->nslist[$namespace] . $page_id;
+ − 417
if(isset($paths->pages[$pname]))
+ − 418
{
+ − 419
// echo '<b>Notice:</b> PageUtils::createPage: Page already exists<br />';
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 420
return 'Page already exists';
1
+ − 421
}
+ − 422
+ − 423
if(!$session->get_permissions('create_page'))
+ − 424
{
+ − 425
// echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create pages<br />';
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 426
return 'Not authorized to create pages';
1
+ − 427
}
+ − 428
+ − 429
if($session->user_level < USER_LEVEL_ADMIN && $namespace == 'System')
+ − 430
{
+ − 431
// echo '<b>Notice:</b> PageUtils::createPage: Not authorized to create system messages<br />';
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 432
return 'Not authorized to create system messages';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 433
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 434
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 435
if ( substr($page_id, 0, 8) == 'Project:' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 436
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 437
// echo '<b>Notice:</b> PageUtils::createPage: Prefix "Project:" is reserved<br />';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 438
return 'The prefix "Project:" is reserved for a parser shortcut; if a page was created using this prefix, it would not be possible to link to it.';
1
+ − 439
}
+ − 440
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 441
$page_id = dirtify_page_id($page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 442
1
+ − 443
if ( !$name )
+ − 444
$name = str_replace('_', ' ', $page_id);
+ − 445
$regex = '#^([A-z0-9 _\-\.\/\!\@\(\)]*)$#is';
259
112debff64bd
SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
diff
changeset
+ − 446
if(!preg_match($regex, $name))
1
+ − 447
{
+ − 448
//echo '<b>Notice:</b> PageUtils::createPage: Name contains invalid characters<br />';
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 449
return 'Name contains invalid characters';
1
+ − 450
}
+ − 451
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 452
$page_id = sanitize_page_id( $page_id );
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 453
1
+ − 454
$prot = ( $namespace == 'System' ) ? 1 : 0;
+ − 455
112
+ − 456
$ips = array(
+ − 457
'ip' => array(),
+ − 458
'u' => array()
+ − 459
);
+ − 460
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 461
$page_data = Array(
1
+ − 462
'name'=>$name,
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 463
'urlname'=>$page_id,
1
+ − 464
'namespace'=>$namespace,
112
+ − 465
'special'=>0,'visible'=>1,'comments_on'=>0,'protected'=>$prot,'delvotes'=>0,'delvote_ips'=>serialize($ips),'wiki_mode'=>2,
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 466
);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 467
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 468
// die('PageUtils::createpage: Creating page with this data:<pre>' . print_r($page_data, true) . '</pre>');
1
+ − 469
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 470
$paths->add_page($page_data);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 471
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 472
$qa = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace,visible,protected,delvote_ips) VALUES(\'' . $db->escape($name) . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\', '. ( $visible ? '1' : '0' ) .', ' . $prot . ', \'' . $db->escape(serialize($ips)) . '\');');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 473
$qb = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace) VALUES(\'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 474
$qc = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'create\', \'' . $session->username . '\', \'' . $db->escape($page_id) . '\', \'' . $namespace . '\');');
1
+ − 475
+ − 476
if($qa && $qb && $qc)
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 477
return 'good';
1
+ − 478
else
+ − 479
{
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 480
return $db->get_error();
1
+ − 481
}
+ − 482
}
+ − 483
+ − 484
/**
+ − 485
* Sets the protection level on a page.
+ − 486
* @param $page_id string the page ID
+ − 487
* @param $namespace string the namespace
+ − 488
* @param $level int level of protection - 0 is off, 1 is full, 2 is semi
+ − 489
* @param $reason string why the page is being (un)protected
+ − 490
* @return string - "good" on success, in all other cases, an error string (on query failure, calls $db->_die() )
+ − 491
*/
+ − 492
function protect($page_id, $namespace, $level, $reason)
+ − 493
{
+ − 494
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 495
+ − 496
$pname = $paths->nslist[$namespace] . $page_id;
+ − 497
$wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
+ − 498
$prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
+ − 499
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 500
if ( !$session->get_permissions('protect') )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 501
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 502
return('Insufficient access rights');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 503
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 504
if ( !$wiki )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 505
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 506
return('Page protection only has an effect when Wiki Mode is enabled.');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 507
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 508
if ( !preg_match('#^([0-9]+){1}$#', (string)$level) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 509
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 510
return('Invalid $level parameter.');
1
+ − 511
}
+ − 512
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 513
switch($level)
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 514
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 515
case 0:
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 516
$q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'unprot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 517
break;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 518
case 1:
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 519
$q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'prot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 520
break;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 521
case 2:
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 522
$q = 'INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,author,page_id,namespace,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'semiprot\', \'' . $session->username . '\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\');';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 523
break;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 524
default:
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 525
return 'PageUtils::protect(): Invalid value for $level';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 526
break;
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 527
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 528
if(!$db->sql_query($q)) $db->_die('The log entry for the page protection could not be inserted.');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 529
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 530
$q = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=' . $level . ' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 531
if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 532
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 533
$db->_die('The pages table was not updated.');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 534
}
1
+ − 535
+ − 536
return('good');
+ − 537
}
+ − 538
+ − 539
/**
+ − 540
* Generates an HTML table with history information in it.
+ − 541
* @param $page_id the page ID
+ − 542
* @param $namespace the namespace
+ − 543
* @return string
+ − 544
*/
+ − 545
+ − 546
function histlist($page_id, $namespace)
+ − 547
{
+ − 548
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 549
+ − 550
if(!$session->get_permissions('history_view'))
+ − 551
return 'Access denied';
+ − 552
+ − 553
ob_start();
+ − 554
+ − 555
$pname = $paths->nslist[$namespace] . $page_id;
+ − 556
$wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
+ − 557
$prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
+ − 558
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 559
$q = 'SELECT time_id,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' ORDER BY time_id DESC;';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 560
if(!$db->sql_query($q)) $db->_die('The history data for the page "' . $paths->cpage['name'] . '" could not be selected.');
1
+ − 561
echo 'History of edits and actions<h3>Edits:</h3>';
+ − 562
$numrows = $db->numrows();
+ − 563
if($numrows < 1) echo 'No history entries in this category.';
+ − 564
else
+ − 565
{
+ − 566
+ − 567
echo '<form action="'.makeUrlNS($namespace, $page_id, 'do=diff').'" onsubmit="ajaxHistDiff(); return false;" method="get">
+ − 568
<input type="submit" value="Compare selected revisions" />
115
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 569
' . ( urlSeparator == '&' ? '<input type="hidden" name="title" value="' . htmlspecialchars($paths->nslist[$namespace] . $page_id) . '" />' : '' ) . '
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 570
' . ( $session->sid_super ? '<input type="hidden" name="auth" value="' . $session->sid_super . '" />' : '') . '
261f367623af
Fixed the obnoxious issue with forms using GET and index.php?title=Foo URL scheme (this works a whole lot better than MediaWiki now
Dan
diff
changeset
+ − 571
<input type="hidden" name="do" value="diff" />
1
+ − 572
<br /><span> </span>
+ − 573
<div class="tblholder">
+ − 574
<table border="0" width="100%" cellspacing="1" cellpadding="4">
+ − 575
<tr>
+ − 576
<th colspan="2">Diff</th>
+ − 577
<th>Date/time</th>
+ − 578
<th>User</th>
+ − 579
<th>Edit summary</th>
+ − 580
<th>Minor</th>
+ − 581
<th colspan="3">Actions</th>
+ − 582
</tr>'."\n"."\n";
+ − 583
$cls = 'row2';
+ − 584
$ticker = 0;
+ − 585
+ − 586
while($r = $db->fetchrow()) {
+ − 587
+ − 588
$ticker++;
+ − 589
+ − 590
if($cls == 'row2') $cls = 'row1';
+ − 591
else $cls = 'row2';
+ − 592
+ − 593
echo '<tr>'."\n";
+ − 594
+ − 595
// Diff selection
+ − 596
if($ticker == 1)
+ − 597
{
+ − 598
$s1 = '';
+ − 599
$s2 = 'checked="checked" ';
+ − 600
}
+ − 601
elseif($ticker == 2)
+ − 602
{
+ − 603
$s1 = 'checked="checked" ';
+ − 604
$s2 = '';
+ − 605
}
+ − 606
else
+ − 607
{
+ − 608
$s1 = '';
+ − 609
$s2 = '';
+ − 610
}
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 611
if($ticker > 1) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s1 . 'name="diff1" type="radio" value="' . $r['time_id'] . '" id="diff1_' . $r['time_id'] . '" class="clsDiff1Radio" onclick="selectDiff1Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 612
if($ticker < $numrows) echo '<td class="' . $cls . '" style="padding: 0;"><input ' . $s2 . 'name="diff2" type="radio" value="' . $r['time_id'] . '" id="diff2_' . $r['time_id'] . '" class="clsDiff2Radio" onclick="selectDiff2Button(this);" /></td>'."\n"; else echo '<td class="' . $cls . '"></td>';
1
+ − 613
+ − 614
// Date and time
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 615
echo '<td class="' . $cls . '">' . $r['date_string'] . '</td class="' . $cls . '">'."\n";
1
+ − 616
+ − 617
// User
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 618
if ( $session->get_permissions('mod_misc') && is_valid_ip($r['author']) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 619
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 620
$rc = ' style="cursor: pointer;" title="Click cell background for reverse DNS info" onclick="ajaxReverseDNS(this, \'' . $r['author'] . '\');"';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 621
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 622
else
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 623
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 624
$rc = '';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 625
}
228
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 626
echo '<td class="' . $cls . '"' . $rc . '><a href="'.makeUrlNS('User', sanitize_page_id($r['author'])).'" ';
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 627
if ( !isPage($paths->nslist['User'] . sanitize_page_id($r['author'])) )
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 628
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 629
echo 'class="wikilink-nonexistent"';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 630
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 631
echo '>' . $r['author'] . '</a></td class="' . $cls . '">'."\n";
1
+ − 632
+ − 633
// Edit summary
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 634
echo '<td class="' . $cls . '">' . $r['edit_summary'] . '</td>'."\n";
1
+ − 635
+ − 636
// Minor edit
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 637
echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>'."\n";
1
+ − 638
+ − 639
// Actions!
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 640
echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'oldid=' . $r['time_id']) . '" onclick="ajaxHistView(\'' . $r['time_id'] . '\'); return false;">View revision</a></td>'."\n";
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 641
echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">View user contribs</a></td>'."\n";
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 642
echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">Revert to this revision</a></td>'."\n";
1
+ − 643
+ − 644
echo '</tr>'."\n"."\n";
+ − 645
+ − 646
}
+ − 647
echo '</table>
+ − 648
</div>
+ − 649
<br />
+ − 650
<input type="hidden" name="do" value="diff" />
+ − 651
<input type="submit" value="Compare selected revisions" />
+ − 652
</form>
57
b354deeaa4c4
Vastly improved compatibility with older versions of IE, particularly 5.0, through the use of a kill switch that turns off all AJAX functions
Dan
diff
changeset
+ − 653
<script type="text/javascript">if ( !KILL_SWITCH ) { buildDiffList(); }</script>';
1
+ − 654
}
+ − 655
$db->free_result();
+ − 656
echo '<h3>Other changes:</h3>';
261
+ − 657
$q = 'SELECT time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit FROM ' . table_prefix.'logs WHERE log_type=\'page\' AND action!=\'edit\' AND page_id=\'' . $paths->page_id . '\' AND namespace=\'' . $paths->namespace . '\' ORDER BY time_id DESC;';
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 658
if(!$db->sql_query($q)) $db->_die('The history data for the page "' . $paths->cpage['name'] . '" could not be selected.');
1
+ − 659
if($db->numrows() < 1) echo 'No history entries in this category.';
+ − 660
else {
+ − 661
+ − 662
echo '<div class="tblholder"><table border="0" width="100%" cellspacing="1" cellpadding="4"><tr><th>Date/time</th><th>User</th><th>Minor</th><th>Action taken</th><th>Extra info</th><th colspan="2"></th></tr>';
+ − 663
$cls = 'row2';
+ − 664
while($r = $db->fetchrow()) {
+ − 665
+ − 666
if($cls == 'row2') $cls = 'row1';
+ − 667
else $cls = 'row2';
+ − 668
+ − 669
echo '<tr>';
+ − 670
+ − 671
// Date and time
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 672
echo '<td class="' . $cls . '">' . $r['date_string'] . '</td class="' . $cls . '">';
1
+ − 673
+ − 674
// User
228
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 675
echo '<td class="' . $cls . '"><a href="'.makeUrlNS('User', sanitize_page_id($r['author'])).'" ';
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 676
if(!isPage($paths->nslist['User'] . sanitize_page_id($r['author']))) echo 'class="wikilink-nonexistent"';
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 677
echo '>' . $r['author'] . '</a></td class="' . $cls . '">';
1
+ − 678
+ − 679
+ − 680
// Minor edit
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 681
echo '<td class="' . $cls . '" style="text-align: center;">'. (( $r['minor_edit'] ) ? 'M' : '' ) .'</td>';
1
+ − 682
+ − 683
// Action taken
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 684
echo '<td class="' . $cls . '">';
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 685
// Some of these are sanitized at insert-time. Others follow the newer Enano policy of stripping HTML at runtime.
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 686
if ($r['action']=='prot') echo 'Protected page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary'];
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 687
elseif($r['action']=='unprot') echo 'Unprotected page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary'];
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 688
elseif($r['action']=='semiprot') echo 'Semi-protected page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary'];
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 689
elseif($r['action']=='rename') echo 'Renamed page</td><td class="' . $cls . '">Old title: '.htmlspecialchars($r['edit_summary']);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 690
elseif($r['action']=='create') echo 'Created page</td><td class="' . $cls . '">';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 691
elseif($r['action']=='delete') echo 'Deleted page</td><td class="' . $cls . '">Reason: ' . $r['edit_summary'];
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 692
elseif($r['action']=='reupload') echo 'Uploaded new file version</td><td class="' . $cls . '">Reason: '.htmlspecialchars($r['edit_summary']);
1
+ − 693
echo '</td>';
+ − 694
+ − 695
// Actions!
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 696
echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">View user contribs</a></td>';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 697
echo '<td class="' . $cls . '" style="text-align: center;"><a href="'.makeUrlNS($namespace, $page_id, 'do=rollback&id=' . $r['time_id']) . '" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">Revert action</a></td>';
1
+ − 698
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 699
//echo '(<a href="#" onclick="ajaxRollback(\'' . $r['time_id'] . '\'); return false;">rollback</a>) <i>' . $r['date_string'] . '</i> ' . $r['author'] . ' (<a href="'.makeUrl($paths->nslist['User'].$r['author']).'">Userpage</a>, <a href="'.makeUrl($paths->nslist['Special'].'Contributions/' . $r['author']) . '">Contrib</a>): ';
1
+ − 700
+ − 701
if($r['minor_edit']) echo '<b> - minor edit</b>';
+ − 702
echo '<br />';
+ − 703
+ − 704
echo '</tr>';
+ − 705
}
+ − 706
echo '</table></div>';
+ − 707
}
+ − 708
$db->free_result();
+ − 709
$ret = ob_get_contents();
+ − 710
ob_end_clean();
+ − 711
return $ret;
+ − 712
}
+ − 713
+ − 714
/**
+ − 715
* Rolls back a logged action
+ − 716
* @param $id the time ID, a.k.a. the primary key in the logs table
+ − 717
* @return string
+ − 718
*/
+ − 719
+ − 720
function rollback($id)
+ − 721
{
+ − 722
global $db, $session, $paths, $template, $plugins; // Common objects
157
+ − 723
if ( !$session->get_permissions('history_rollback') )
+ − 724
{
+ − 725
return('You are not authorized to perform rollbacks.');
+ − 726
}
+ − 727
if ( !preg_match('#^([0-9]+)$#', (string)$id) )
+ − 728
{
+ − 729
return('The value "id" on the query string must be an integer.');
+ − 730
}
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 731
$e = $db->sql_query('SELECT log_type,action,date_string,page_id,namespace,page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id . ';');
157
+ − 732
if ( !$e )
+ − 733
{
+ − 734
$db->_die('The rollback data could not be selected.');
+ − 735
}
1
+ − 736
$rb = $db->fetchrow();
+ − 737
$db->free_result();
157
+ − 738
+ − 739
if ( $rb['log_type'] == 'page' && $rb['action'] != 'delete' )
+ − 740
{
+ − 741
$pagekey = $paths->nslist[$rb['namespace']] . $rb['page_id'];
+ − 742
if ( !isset($paths->pages[$pagekey]) )
+ − 743
{
+ − 744
return "Page doesn't exist";
+ − 745
}
+ − 746
$pagedata =& $paths->pages[$pagekey];
+ − 747
$protected = false;
+ − 748
// Special case: is the page protected? if so, check for even_when_protected permissions
+ − 749
if($pagedata['protected'] == 2)
+ − 750
{
+ − 751
// The page is semi-protected, determine permissions
+ − 752
if($session->user_logged_in && $session->reg_time + 60*60*24*4 < time())
+ − 753
{
+ − 754
$protected = false;
+ − 755
}
+ − 756
else
+ − 757
{
+ − 758
$protected = true;
+ − 759
}
+ − 760
}
+ − 761
else
+ − 762
{
+ − 763
$protected = ( $pagedata['protected'] == 1 );
+ − 764
}
+ − 765
+ − 766
$perms = $session->fetch_page_acl($rb['page_id'], $rb['namespace']);
+ − 767
+ − 768
if ( $protected && !$perms->get_permissions('even_when_protected') )
+ − 769
{
+ − 770
return "Because this page is protected, you need moderator rights to roll back changes.";
+ − 771
}
+ − 772
}
+ − 773
else
+ − 774
{
+ − 775
$perms =& $session;
+ − 776
}
+ − 777
+ − 778
switch($rb['log_type'])
+ − 779
{
1
+ − 780
case "page":
157
+ − 781
switch($rb['action'])
+ − 782
{
1
+ − 783
case "edit":
157
+ − 784
if ( !$perms->get_permissions('edit_page') )
+ − 785
return "You don't have permission to edit pages, so rolling back edits can't be allowed either.";
1
+ − 786
$t = $db->escape($rb['page_text']);
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 787
$e = $db->sql_query('UPDATE ' . table_prefix.'page_text SET page_text=\'' . $t . '\',char_tag=\'' . $rb['char_tag'] . '\' WHERE page_id=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
157
+ − 788
if ( !$e )
+ − 789
{
+ − 790
return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
+ − 791
}
+ − 792
else
+ − 793
{
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 794
return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the state it was in on ' . $rb['date_string'] . '.';
157
+ − 795
}
1
+ − 796
break;
+ − 797
case "rename":
157
+ − 798
if ( !$perms->get_permissions('rename') )
+ − 799
return "You don't have permission to rename pages, so rolling back renames can't be allowed either.";
1
+ − 800
$t = $db->escape($rb['edit_summary']);
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 801
$e = $db->sql_query('UPDATE ' . table_prefix.'pages SET name=\'' . $t . '\' WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
157
+ − 802
if ( !$e )
+ − 803
{
+ − 804
return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ − 805
}
+ − 806
else
+ − 807
{
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 808
return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been rolled back to the name it had ("' . $rb['edit_summary'] . '") before ' . $rb['date_string'] . '.';
157
+ − 809
}
1
+ − 810
break;
+ − 811
case "prot":
157
+ − 812
if ( !$perms->get_permissions('protect') )
+ − 813
return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 814
$e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=0 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
157
+ − 815
if ( !$e )
+ − 816
return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ − 817
else
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 818
return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at ' . $rb['date_string'] . '.';
1
+ − 819
break;
+ − 820
case "semiprot":
157
+ − 821
if ( !$perms->get_permissions('protect') )
+ − 822
return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 823
$e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=0 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
157
+ − 824
if ( !$e )
+ − 825
return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ − 826
else
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 827
return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been unprotected according to the log created at ' . $rb['date_string'] . '.';
1
+ − 828
break;
+ − 829
case "unprot":
157
+ − 830
if ( !$perms->get_permissions('protect') )
+ − 831
return "You don't have permission to protect pages, so rolling back protection can't be allowed either.";
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 832
$e = $db->sql_query('UPDATE ' . table_prefix.'pages SET protected=1 WHERE urlname=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\'');
157
+ − 833
if ( !$e )
+ − 834
return "An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace();
+ − 835
else
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 836
return 'The page "' . $paths->pages[$paths->nslist[$rb['namespace']].$rb['page_id']]['name'].'" has been protected according to the log created at ' . $rb['date_string'] . '.';
1
+ − 837
break;
+ − 838
case "delete":
157
+ − 839
if ( !$perms->get_permissions('history_rollback_extra') )
+ − 840
return 'Administrative privileges are required for page undeletion.';
+ − 841
if ( isset($paths->pages[$paths->cpage['urlname']]) )
+ − 842
return 'You cannot raise a dead page that is alive.';
1
+ − 843
$name = str_replace('_', ' ', $rb['page_id']);
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 844
$e = $db->sql_query('INSERT INTO ' . table_prefix.'pages(name,urlname,namespace) VALUES( \'' . $name . '\', \'' . $rb['page_id'] . '\',\'' . $rb['namespace'] . '\' )');if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 845
$e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'logs WHERE page_id=\'' . $rb['page_id'] . '\' AND namespace=\'' . $rb['namespace'] . '\' AND log_type=\'page\' AND action=\'edit\' ORDER BY time_id DESC;'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
1
+ − 846
$r = $db->fetchrow();
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 847
$e = $db->sql_query('INSERT INTO ' . table_prefix.'page_text(page_id,namespace,page_text,char_tag) VALUES(\'' . $rb['page_id'] . '\',\'' . $rb['namespace'] . '\',\'' . $db->escape($r['page_text']) . '\',\'' . $r['char_tag'] . '\')'); if(!$e) return("An error occurred during the rollback operation.\nMySQL said: ".mysql_error()."\n\nSQL backtrace:\n".$db->sql_backtrace());
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 848
return 'The page "' . $name . '" has been undeleted according to the log created at ' . $rb['date_string'] . '.';
1
+ − 849
break;
+ − 850
case "reupload":
198
d5dff8148dfe
Renaming config.php and .htaccess to *.new to allow tarbombing an Enano installation with no adverse effects; first attempt, may not work right.
Dan
diff
changeset
+ − 851
if ( !$session->get_permissions('history_rollback_extra') )
157
+ − 852
{
+ − 853
return 'Administrative privileges are required for file rollbacks.';
+ − 854
}
1
+ − 855
$newtime = time();
+ − 856
$newdate = date('d M Y h:i a');
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 857
if(!$db->sql_query('UPDATE ' . table_prefix.'logs SET time_id=' . $newtime . ',date_string=\'' . $newdate . '\' WHERE time_id=' . $id))
157
+ − 858
return 'Error during query: '.mysql_error();
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 859
if(!$db->sql_query('UPDATE ' . table_prefix.'files SET time_id=' . $newtime . ' WHERE time_id=' . $id))
157
+ − 860
return 'Error during query: '.mysql_error();
+ − 861
return 'The file has been rolled back to the version uploaded on '.date('d M Y h:i a', (int)$id).'.';
1
+ − 862
break;
+ − 863
default:
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 864
return('Rollback of the action "' . $rb['action'] . '" is not yet supported.');
1
+ − 865
break;
+ − 866
}
+ − 867
break;
+ − 868
case "security":
+ − 869
case "login":
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 870
return('A ' . $rb['log_type'] . '-related log entry cannot be rolled back.');
1
+ − 871
break;
+ − 872
default:
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 873
return('Unknown log entry type: "' . $rb['log_type'] . '"');
1
+ − 874
}
+ − 875
}
+ − 876
+ − 877
/**
+ − 878
* Posts a comment.
+ − 879
* @param $page_id the page ID
+ − 880
* @param $namespace the namespace
+ − 881
* @param $name the name of the person posting, defaults to current username/IP
+ − 882
* @param $subject the subject line of the comment
+ − 883
* @param $text the comment text
+ − 884
* @return string javascript code
+ − 885
*/
+ − 886
+ − 887
function addcomment($page_id, $namespace, $name, $subject, $text, $captcha_code = false, $captcha_id = false)
+ − 888
{
+ − 889
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 890
$_ob = '';
+ − 891
if(!$session->get_permissions('post_comments'))
+ − 892
return 'Access denied';
+ − 893
if(getConfig('comments_need_login') == '2' && !$session->user_logged_in) _die('Access denied to post comments: you need to be logged in first.');
+ − 894
if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
+ − 895
{
+ − 896
if(!$captcha_code || !$captcha_id) _die('BUG: PageUtils::addcomment: no CAPTCHA data passed to method');
+ − 897
$result = $session->get_captcha($captcha_id);
+ − 898
if($captcha_code != $result) _die('The confirmation code you entered was incorrect.');
+ − 899
}
+ − 900
$text = RenderMan::preprocess_text($text);
+ − 901
$name = $session->user_logged_in ? RenderMan::preprocess_text($session->username) : RenderMan::preprocess_text($name);
+ − 902
$subj = RenderMan::preprocess_text($subject);
+ − 903
if(getConfig('approve_comments')=='1') $appr = '0'; else $appr = '1';
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 904
$q = 'INSERT INTO ' . table_prefix.'comments(page_id,namespace,subject,comment_data,name,user_id,approved,time) VALUES(\'' . $page_id . '\',\'' . $namespace . '\',\'' . $subj . '\',\'' . $text . '\',\'' . $name . '\',' . $session->user_id . ',' . $appr . ','.time().')';
1
+ − 905
$e = $db->sql_query($q);
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 906
if(!$e) die('alert(unescape(\''.rawurlencode('Error inserting comment data: '.mysql_error().'\n\nQuery:\n' . $q) . '\'))');
1
+ − 907
else $_ob .= '<div class="info-box">Your comment has been posted.</div>';
+ − 908
return PageUtils::comments($page_id, $namespace, false, Array(), $_ob);
+ − 909
}
+ − 910
+ − 911
/**
+ − 912
* Generates partly-compiled HTML/Javascript code to be eval'ed by the user's browser to display comments
+ − 913
* @param $page_id the page ID
+ − 914
* @param $namespace the namespace
+ − 915
* @param $action administrative action to perform, default is false
+ − 916
* @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 917
* @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 918
* @return array
+ − 919
* @access private
+ − 920
*/
+ − 921
+ − 922
function comments_raw($page_id, $namespace, $action = false, $flags = Array(), $_ob = '')
+ − 923
{
+ − 924
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 925
+ − 926
$pname = $paths->nslist[$namespace] . $page_id;
+ − 927
+ − 928
ob_start();
+ − 929
+ − 930
if($action && $session->get_permissions('mod_comments')) // Nip hacking attempts in the bud
+ − 931
{
+ − 932
switch($action) {
+ − 933
case "delete":
+ − 934
if(isset($flags['id']))
+ − 935
{
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 936
$q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id='.intval($flags['id']).' LIMIT 1;';
1
+ − 937
} else {
+ − 938
$n = $db->escape($flags['name']);
+ − 939
$s = $db->escape($flags['subj']);
+ − 940
$t = $db->escape($flags['text']);
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 941
$q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;';
1
+ − 942
}
+ − 943
$e=$db->sql_query($q);
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 944
if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 945
break;
+ − 946
case "approve":
+ − 947
if(isset($flags['id']))
+ − 948
{
+ − 949
$where = 'comment_id='.intval($flags['id']);
+ − 950
} else {
+ − 951
$n = $db->escape($flags['name']);
+ − 952
$s = $db->escape($flags['subj']);
+ − 953
$t = $db->escape($flags['text']);
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 954
$where = 'name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\'';
1
+ − 955
}
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 956
$q = 'SELECT approved FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ' LIMIT 1;';
1
+ − 957
$e = $db->sql_query($q);
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 958
if(!$e) die('alert(unesape(\''.rawurlencode('Error selecting approval status: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 959
$r = $db->fetchrow();
+ − 960
$db->free_result();
+ − 961
$a = ( $r['approved'] ) ? '0' : '1';
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 962
$q = 'UPDATE ' . table_prefix.'comments SET approved=' . $a . ' WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND ' . $where . ';';
1
+ − 963
$e=$db->sql_query($q);
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 964
if(!$e) die('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 965
if($a=='1') $v = 'Unapprove';
+ − 966
else $v = 'Approve';
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 967
echo 'document.getElementById("mdgApproveLink'.intval($_GET['id']).'").innerHTML="' . $v . '";';
1
+ − 968
break;
+ − 969
}
+ − 970
}
+ − 971
+ − 972
if(!defined('ENANO_TEMPLATE_LOADED'))
+ − 973
{
+ − 974
$template->load_theme($session->theme, $session->style);
+ − 975
}
+ − 976
+ − 977
$tpl = $template->makeParser('comment.tpl');
+ − 978
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 979
$e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=0;');
1
+ − 980
if(!$e) $db->_die('The comment text data could not be selected.');
+ − 981
$num_unapp = $db->numrows();
+ − 982
$db->free_result();
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 983
$e = $db->sql_query('SELECT * FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND approved=1;');
1
+ − 984
if(!$e) $db->_die('The comment text data could not be selected.');
+ − 985
$num_app = $db->numrows();
+ − 986
$db->free_result();
+ − 987
$lq = $db->sql_query('SELECT c.comment_id,c.subject,c.name,c.comment_data,c.approved,c.time,c.user_id,u.user_level,u.signature
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 988
FROM ' . table_prefix.'comments AS c
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 989
LEFT JOIN ' . table_prefix.'users AS u
1
+ − 990
ON c.user_id=u.user_id
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 991
WHERE page_id=\'' . $page_id . '\'
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 992
AND namespace=\'' . $namespace . '\' ORDER BY c.time ASC;');
1
+ − 993
if(!$lq) _die('The comment text data could not be selected. '.mysql_error());
+ − 994
$_ob .= '<h3>Article Comments</h3>';
+ − 995
$n = ( $session->get_permissions('mod_comments')) ? $db->numrows() : $num_app;
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 996
if($n==1) $s = 'is ' . $n . ' comment'; else $s = 'are ' . $n . ' comments';
1
+ − 997
if($n < 1)
+ − 998
{
+ − 999
$_ob .= '<p>There are currently no comments on this '.strtolower($namespace).'';
+ − 1000
if($namespace != 'Article') $_ob .= ' page';
+ − 1001
$_ob .= '.</p>';
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1002
} else $_ob .= '<p>There ' . $s . ' on this article.';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1003
if($session->get_permissions('mod_comments') && $num_unapp > 0) $_ob .= ' <span style="color: #D84308">' . $num_unapp . ' of those are unapproved.</span>';
1
+ − 1004
elseif(!$session->get_permissions('mod_comments') && $num_unapp > 0) { $u = ($num_unapp == 1) ? "is $num_unapp comment" : "are $num_unapp comments"; $_ob .= ' However, there ' . $u . ' awating approval.'; }
78
4df25dfdde63
Modified Text_Wiki parser to fully support UTF-8 strings; several other UTF-8 fixes, international characters seem to work reasonably well now
Dan
diff
changeset
+ − 1005
$_ob .= '</p>';
1
+ − 1006
$list = 'list = { ';
+ − 1007
// _die(htmlspecialchars($ttext));
+ − 1008
$i = -1;
+ − 1009
while($row = $db->fetchrow($lq))
+ − 1010
{
+ − 1011
$i++;
+ − 1012
$strings = Array();
+ − 1013
$bool = Array();
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1014
if ( $session->get_permissions('mod_comments') || $row['approved'] )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1015
{
1
+ − 1016
$list .= $i . ' : { \'comment\' : unescape(\''.rawurlencode($row['comment_data']).'\'), \'name\' : unescape(\''.rawurlencode($row['name']).'\'), \'subject\' : unescape(\''.rawurlencode($row['subject']).'\'), }, ';
+ − 1017
+ − 1018
// Comment ID (used in the Javascript apps)
+ − 1019
$strings['ID'] = (string)$i;
+ − 1020
+ − 1021
// Determine the name, and whether to link to the user page or not
+ − 1022
$name = '';
228
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 1023
if($row['user_id'] > 0) $name .= '<a href="'.makeUrlNS('User', sanitize_page_id(' ', '_', $row['name'])).'">';
1
+ − 1024
$name .= $row['name'];
+ − 1025
if($row['user_id'] > 0) $name .= '</a>';
+ − 1026
$strings['NAME'] = $name; unset($name);
+ − 1027
+ − 1028
// Subject
+ − 1029
$s = $row['subject'];
+ − 1030
if(!$row['approved']) $s .= ' <span style="color: #D84308">(Unapproved)</span>';
+ − 1031
$strings['SUBJECT'] = $s;
+ − 1032
+ − 1033
// Date and time
+ − 1034
$strings['DATETIME'] = date('F d, Y h:i a', $row['time']);
+ − 1035
+ − 1036
// User level
+ − 1037
switch($row['user_level'])
+ − 1038
{
+ − 1039
default:
+ − 1040
case USER_LEVEL_GUEST:
+ − 1041
$l = 'Guest';
+ − 1042
break;
+ − 1043
case USER_LEVEL_MEMBER:
+ − 1044
$l = 'Member';
+ − 1045
break;
+ − 1046
case USER_LEVEL_MOD:
+ − 1047
$l = 'Moderator';
+ − 1048
break;
+ − 1049
case USER_LEVEL_ADMIN:
+ − 1050
$l = 'Administrator';
+ − 1051
break;
+ − 1052
}
+ − 1053
$strings['USER_LEVEL'] = $l; unset($l);
+ − 1054
+ − 1055
// The actual comment data
+ − 1056
$strings['DATA'] = RenderMan::render($row['comment_data']);
+ − 1057
+ − 1058
if($session->get_permissions('edit_comments'))
+ − 1059
{
+ − 1060
// Edit link
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1061
$strings['EDIT_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=editcomment&id=' . $row['comment_id']) . '" id="editbtn_' . $i . '">edit</a>';
1
+ − 1062
+ − 1063
// Delete link
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1064
$strings['DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=deletecomment&id=' . $row['comment_id']) . '">delete</a>';
1
+ − 1065
}
+ − 1066
else
+ − 1067
{
+ − 1068
// Edit link
+ − 1069
$strings['EDIT_LINK'] = '';
+ − 1070
+ − 1071
// Delete link
+ − 1072
$strings['DELETE_LINK'] = '';
+ − 1073
}
+ − 1074
+ − 1075
// Send PM link
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1076
$strings['SEND_PM_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/Compose/To/' . $row['name']) . '">Send private message</a><br />' : '';
1
+ − 1077
+ − 1078
// Add Buddy link
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1079
$strings['ADD_BUDDY_LINK'] = ( $session->user_logged_in && $row['user_id'] > 0 ) ? '<a href="'.makeUrlNS('Special', 'PrivateMessages/FriendList/Add/' . $row['name']) . '">Add to buddy list</a>' : '';
1
+ − 1080
+ − 1081
// Mod links
+ − 1082
$applink = '';
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1083
$applink .= '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=approve&id=' . $row['comment_id']) . '" id="mdgApproveLink' . $i . '">';
1
+ − 1084
if($row['approved']) $applink .= 'Unapprove';
+ − 1085
else $applink .= 'Approve';
+ − 1086
$applink .= '</a>';
+ − 1087
$strings['MOD_APPROVE_LINK'] = $applink; unset($applink);
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1088
$strings['MOD_DELETE_LINK'] = '<a href="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=admin&action=delete&id=' . $row['comment_id']) . '">Delete</a>';
1
+ − 1089
+ − 1090
// Signature
+ − 1091
$strings['SIGNATURE'] = '';
+ − 1092
if($row['signature'] != '') $strings['SIGNATURE'] = RenderMan::render($row['signature']);
+ − 1093
+ − 1094
$bool['auth_mod'] = ($session->get_permissions('mod_comments')) ? true : false;
+ − 1095
$bool['can_edit'] = ( ( $session->user_logged_in && $row['name'] == $session->username && $session->get_permissions('edit_comments') ) || $session->get_permissions('mod_comments') ) ? true : false;
+ − 1096
$bool['signature'] = ( $strings['SIGNATURE'] == '' ) ? false : true;
+ − 1097
+ − 1098
// Done processing and compiling, now let's cook it into HTML
+ − 1099
$tpl->assign_vars($strings);
+ − 1100
$tpl->assign_bool($bool);
+ − 1101
$_ob .= $tpl->run();
+ − 1102
}
+ − 1103
}
+ − 1104
if(getConfig('comments_need_login') != '2' || $session->user_logged_in)
+ − 1105
{
+ − 1106
if(!$session->get_permissions('post_comments'))
+ − 1107
{
+ − 1108
$_ob .= '<h3>Got something to say?</h3><p>Access to post comments on this page is denied.</p>';
+ − 1109
}
+ − 1110
else
+ − 1111
{
+ − 1112
$_ob .= '<h3>Got something to say?</h3>If you have comments or suggestions on this article, you can shout it out here.';
+ − 1113
if(getConfig('approve_comments')=='1') $_ob .= ' Before your comment will be visible to the public, a moderator will have to approve it.';
+ − 1114
if(getConfig('comments_need_login') == '1' && !$session->user_logged_in) $_ob .= ' Because you are not logged in, you will need to enter a visual confirmation before your comment will be posted.';
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1115
$sn = $session->user_logged_in ? $session->username . '<input name="name" id="mdgScreenName" type="hidden" value="' . $session->username . '" />' : '<input name="name" id="mdgScreenName" type="text" size="35" />';
1
+ − 1116
$_ob .= ' <a href="#" id="mdgCommentFormLink" style="display: none;" onclick="document.getElementById(\'mdgCommentForm\').style.display=\'block\';this.style.display=\'none\';return false;">Leave a comment...</a>
+ − 1117
<div id="mdgCommentForm">
+ − 1118
<h3>Comment form</h3>
+ − 1119
<form action="'.makeUrlNS($namespace, $page_id, 'do=comments&sub=postcomment').'" method="post" style="margin-left: 1em">
+ − 1120
<table border="0">
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1121
<tr><td>Your name or screen name:</td><td>' . $sn . '</td></tr>
1
+ − 1122
<tr><td>Comment subject:</td><td><input name="subj" id="mdgSubject" type="text" size="35" /></td></tr>';
+ − 1123
if(getConfig('comments_need_login') == '1' && !$session->user_logged_in)
+ − 1124
{
+ − 1125
$session->kill_captcha();
+ − 1126
$captcha = $session->make_captcha();
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1127
$_ob .= '<tr><td>Visual confirmation:<br /><small>Please enter the code you see on the right.</small></td><td><img src="'.makeUrlNS('Special', 'Captcha/' . $captcha) . '" alt="Visual confirmation" style="cursor: pointer;" onclick="this.src = \''.makeUrlNS("Special", "Captcha/".$captcha).'/\'+Math.floor(Math.random() * 100000);" /><input name="captcha_id" id="mdgCaptchaID" type="hidden" value="' . $captcha . '" /><br />Code: <input name="captcha_input" id="mdgCaptchaInput" type="text" size="10" /><br /><small><script type="text/javascript">document.write("If you can\'t read the code, click on the image to generate a new one.");</script><noscript>If you can\'t read the code, please refresh this page to generate a new one.</noscript></small></td></tr>';
1
+ − 1128
}
+ − 1129
$_ob .= '
+ − 1130
<tr><td valign="top">Comment text:<br />(most HTML will be stripped)</td><td><textarea name="text" id="mdgCommentArea" rows="10" cols="40"></textarea></td></tr>
+ − 1131
<tr><td colspan="2" style="text-align: center;"><input type="submit" value="Submit Comment" /></td></tr>
+ − 1132
</table>
+ − 1133
</form>
+ − 1134
</div>';
+ − 1135
}
+ − 1136
} else {
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1137
$_ob .= '<h3>Got something to say?</h3><p>You need to be logged in to post comments. <a href="'.makeUrlNS('Special', 'Login/' . $pname . '%2523comments').'">Log in</a></p>';
1
+ − 1138
}
+ − 1139
$list .= '};';
+ − 1140
echo 'document.getElementById(\'ajaxEditContainer\').innerHTML = unescape(\''. rawurlencode($_ob) .'\');
+ − 1141
' . $list;
+ − 1142
echo 'Fat.fade_all(); document.getElementById(\'mdgCommentForm\').style.display = \'none\'; document.getElementById(\'mdgCommentFormLink\').style.display="inline";';
+ − 1143
+ − 1144
$ret = ob_get_contents();
+ − 1145
ob_end_clean();
+ − 1146
return Array($ret, $_ob);
+ − 1147
+ − 1148
}
+ − 1149
+ − 1150
/**
+ − 1151
* Generates ready-to-execute Javascript code to be eval'ed by the user's browser to display comments
+ − 1152
* @param $page_id the page ID
+ − 1153
* @param $namespace the namespace
+ − 1154
* @param $action administrative action to perform, default is false
+ − 1155
* @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 1156
* @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 1157
* @return string
+ − 1158
*/
+ − 1159
+ − 1160
function comments($page_id, $namespace, $action = false, $id = -1, $_ob = '')
+ − 1161
{
+ − 1162
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1163
$r = PageUtils::comments_raw($page_id, $namespace, $action, $id, $_ob);
+ − 1164
return $r[0];
+ − 1165
}
+ − 1166
+ − 1167
/**
+ − 1168
* Generates HTML code for comments - used in browser compatibility mode
+ − 1169
* @param $page_id the page ID
+ − 1170
* @param $namespace the namespace
+ − 1171
* @param $action administrative action to perform, default is false
+ − 1172
* @param $flags additional info for $action, shouldn't be used except when deleting/approving comments, etc.
+ − 1173
* @param $_ob text to prepend to output, used by PageUtils::addcomment
+ − 1174
* @return string
+ − 1175
*/
+ − 1176
+ − 1177
function comments_html($page_id, $namespace, $action = false, $id = -1, $_ob = '')
+ − 1178
{
+ − 1179
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1180
$r = PageUtils::comments_raw($page_id, $namespace, $action, $id, $_ob);
+ − 1181
return $r[1];
+ − 1182
}
+ − 1183
+ − 1184
/**
+ − 1185
* Updates comment data.
+ − 1186
* @param $page_id the page ID
+ − 1187
* @param $namespace the namespace
+ − 1188
* @param $subject new subject
+ − 1189
* @param $text new text
+ − 1190
* @param $old_subject the old subject, unprocessed and identical to the value in the DB
+ − 1191
* @param $old_text the old text, unprocessed and identical to the value in the DB
+ − 1192
* @param $id the javascript list ID, used internally by the client-side app
+ − 1193
* @return string
+ − 1194
*/
+ − 1195
+ − 1196
function savecomment($page_id, $namespace, $subject, $text, $old_subject, $old_text, $id = -1)
+ − 1197
{
+ − 1198
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1199
if(!$session->get_permissions('edit_comments'))
+ − 1200
return 'result="BAD";error="Access denied"';
+ − 1201
// Avoid SQL injection
+ − 1202
$old_text = $db->escape($old_text);
+ − 1203
$old_subject = $db->escape($old_subject);
+ − 1204
// Safety check - username/login
+ − 1205
if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
+ − 1206
{
+ − 1207
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1208
$q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 1209
$s = $db->sql_query($q);
+ − 1210
if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1211
$r = $db->fetchrow($s);
+ − 1212
$db->free_result();
+ − 1213
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1214
}
+ − 1215
$s = RenderMan::preprocess_text($subject);
+ − 1216
$t = RenderMan::preprocess_text($text);
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1217
$sql = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_data=\'' . $old_text . '\' AND subject=\'' . $old_subject . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 1218
$result = $db->sql_query($sql);
+ − 1219
if($result)
+ − 1220
{
+ − 1221
return 'result="GOOD";
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1222
list[' . $id . '][\'subject\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $s))))).'\');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1223
list[' . $id . '][\'comment\'] = unescape(\''.str_replace('%5Cn', '%0A', rawurlencode(str_replace('{{EnAnO:Newline}}', '\\n', stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t))))).'\'); id = ' . $id . ';
1
+ − 1224
s = unescape(\''.rawurlencode($s).'\');
+ − 1225
t = unescape(\''.str_replace('%5Cn', '<br \\/>', rawurlencode(RenderMan::render(str_replace('{{EnAnO:Newline}}', "\n", stripslashes(str_replace('\\n', '{{EnAnO:Newline}}', $t)))))).'\');';
+ − 1226
}
+ − 1227
else
+ − 1228
{
+ − 1229
return 'result="BAD"; error=unescape("'.rawurlencode('Enano encountered a problem whilst saving the comment.
+ − 1230
Performed SQL:
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1231
' . $sql . '
1
+ − 1232
+ − 1233
Error returned by MySQL: '.mysql_error()).'");';
+ − 1234
}
+ − 1235
}
+ − 1236
+ − 1237
/**
+ − 1238
* Updates comment data using the comment_id column instead of the old, messy way
+ − 1239
* @param $page_id the page ID
+ − 1240
* @param $namespace the namespace
+ − 1241
* @param $subject new subject
+ − 1242
* @param $text new text
+ − 1243
* @param $id the comment ID (primary key in enano_comments table)
+ − 1244
* @return string
+ − 1245
*/
+ − 1246
+ − 1247
function savecomment_neater($page_id, $namespace, $subject, $text, $id)
+ − 1248
{
+ − 1249
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1250
if(!is_int($id)) die('PageUtils::savecomment: $id is not an integer, aborting for safety');
+ − 1251
if(!$session->get_permissions('edit_comments'))
+ − 1252
return 'Access denied';
+ − 1253
// Safety check - username/login
+ − 1254
if(!$session->get_permissions('mod_comments')) // allow mods to edit comments
+ − 1255
{
+ − 1256
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1257
$q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 1258
$s = $db->sql_query($q);
+ − 1259
if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1260
$r = $db->fetchrow($s);
+ − 1261
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1262
$db->free_result();
+ − 1263
}
+ − 1264
$s = RenderMan::preprocess_text($subject);
+ − 1265
$t = RenderMan::preprocess_text($text);
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1266
$sql = 'UPDATE ' . table_prefix.'comments SET subject=\'' . $s . '\',comment_data=\'' . $t . '\' WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 1267
$result = $db->sql_query($sql);
+ − 1268
if($result)
+ − 1269
return 'good';
+ − 1270
else return 'Enano encountered a problem whilst saving the comment.
+ − 1271
Performed SQL:
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1272
' . $sql . '
1
+ − 1273
+ − 1274
Error returned by MySQL: '.mysql_error();
+ − 1275
}
+ − 1276
+ − 1277
/**
+ − 1278
* Deletes a comment.
+ − 1279
* @param $page_id the page ID
+ − 1280
* @param $namespace the namespace
+ − 1281
* @param $name the name the user posted under
+ − 1282
* @param $subj the subject of the comment to be deleted
+ − 1283
* @param $text the text of the comment to be deleted
+ − 1284
* @param $id the javascript list ID, used internally by the client-side app
+ − 1285
* @return string
+ − 1286
*/
+ − 1287
+ − 1288
function deletecomment($page_id, $namespace, $name, $subj, $text, $id)
+ − 1289
{
+ − 1290
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1291
+ − 1292
if(!$session->get_permissions('edit_comments'))
+ − 1293
return 'alert("Access to delete/edit comments is denied");';
+ − 1294
+ − 1295
if(!preg_match('#^([0-9]+)$#', (string)$id)) die('$_GET[id] is improperly formed.');
+ − 1296
$n = $db->escape($name);
+ − 1297
$s = $db->escape($subj);
+ − 1298
$t = $db->escape($text);
+ − 1299
+ − 1300
// Safety check - username/login
+ − 1301
if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
+ − 1302
{
+ − 1303
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1304
$q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_data=\'' . $t . '\' AND subject=\'' . $s . '\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 1305
$s = $db->sql_query($q);
+ − 1306
if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1307
$r = $db->fetchrow($s);
+ − 1308
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1309
$db->free_result();
+ − 1310
}
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1311
$q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND name=\'' . $n . '\' AND subject=\'' . $s . '\' AND comment_data=\'' . $t . '\' LIMIT 1;';
1
+ − 1312
$e=$db->sql_query($q);
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1313
if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 1314
return('good');
+ − 1315
}
+ − 1316
+ − 1317
/**
+ − 1318
* Deletes a comment in a cleaner fashion.
+ − 1319
* @param $page_id the page ID
+ − 1320
* @param $namespace the namespace
+ − 1321
* @param $id the comment ID (primary key)
+ − 1322
* @return string
+ − 1323
*/
+ − 1324
+ − 1325
function deletecomment_neater($page_id, $namespace, $id)
+ − 1326
{
+ − 1327
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1328
+ − 1329
if(!preg_match('#^([0-9]+)$#', (string)$id)) die('$_GET[id] is improperly formed.');
+ − 1330
+ − 1331
if(!$session->get_permissions('edit_comments'))
+ − 1332
return 'alert("Access to delete/edit comments is denied");';
+ − 1333
+ − 1334
// Safety check - username/login
+ − 1335
if(!$session->get_permissions('mod_comments')) // allows mods to delete comments
+ − 1336
{
+ − 1337
if(!$session->user_logged_in) _die('AJAX comment save safety check failed because you are not logged in. Sometimes this can happen because you are using a browser that does not send cookies as part of AJAX requests.<br /><br />Please log in and try again.');
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1338
$q = 'SELECT c.name FROM ' . table_prefix.'comments c, ' . table_prefix.'users u WHERE comment_id=' . $id . ' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND u.user_id=c.user_id;';
1
+ − 1339
$s = $db->sql_query($q);
+ − 1340
if(!$s) _die('SQL error during safety check: '.mysql_error().'<br /><br />Attempted SQL:<br /><pre>'.htmlspecialchars($q).'</pre>');
+ − 1341
$r = $db->fetchrow($s);
+ − 1342
if($db->numrows() < 1 || $r['name'] != $session->username) _die('Safety check failed, probably due to a hacking attempt.');
+ − 1343
$db->free_result();
+ − 1344
}
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1345
$q = 'DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\' AND comment_id=' . $id . ' LIMIT 1;';
1
+ − 1346
$e=$db->sql_query($q);
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1347
if(!$e) return('alert(unesape(\''.rawurlencode('Error during query: '.mysql_error().'\n\nQuery:\n' . $q) . '\'));');
1
+ − 1348
return('good');
+ − 1349
}
+ − 1350
+ − 1351
/**
+ − 1352
* Renames a page.
+ − 1353
* @param $page_id the page ID
+ − 1354
* @param $namespace the namespace
+ − 1355
* @param $name the new name for the page
+ − 1356
* @return string error string or success message
+ − 1357
*/
+ − 1358
+ − 1359
function rename($page_id, $namespace, $name)
+ − 1360
{
+ − 1361
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1362
+ − 1363
$pname = $paths->nslist[$namespace] . $page_id;
+ − 1364
+ − 1365
$prot = ( ( $paths->pages[$pname]['protected'] == 2 && $session->user_logged_in && $session->reg_time + 60*60*24*4 < time() ) || $paths->pages[$pname]['protected'] == 1) ? true : false;
+ − 1366
$wiki = ( ( $paths->pages[$pname]['wiki_mode'] == 2 && getConfig('wiki_mode') == '1') || $paths->pages[$pname]['wiki_mode'] == 1) ? true : false;
+ − 1367
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1368
if( empty($name))
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1369
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1370
die('Name is too short');
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1371
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1372
if( ( $session->get_permissions('rename') && ( ( $prot && $session->get_permissions('even_when_protected') ) || !$prot ) ) && ( $paths->namespace != 'Special' && $paths->namespace != 'Admin' ))
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1373
{
261
+ − 1374
$e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'rename\', \'' . $db->escape($paths->page_id) . '\', \'' . $paths->namespace . '\', \'' . $db->escape($session->username) . '\', \'' . $db->escape($paths->cpage['name']) . '\')');
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1375
if ( !$e )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1376
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1377
$db->_die('The page title could not be updated.');
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1378
}
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1379
$e = $db->sql_query('UPDATE ' . table_prefix.'pages SET name=\'' . $db->escape($name) . '\' WHERE urlname=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';');
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1380
if ( !$e )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1381
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1382
$db->_die('The page title could not be updated.');
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1383
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1384
else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1385
{
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1386
return('The page "' . $paths->pages[$pname]['name'] . '" has been renamed to "' . $name . '". You are encouraged to leave a comment explaining your action.' . "\n\n" . 'You will see the change take effect the next time you reload this page.');
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1387
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1388
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1389
else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1390
{
1
+ − 1391
return('Access is denied.');
+ − 1392
}
+ − 1393
}
+ − 1394
+ − 1395
/**
+ − 1396
* Flushes (clears) the action logs for a given page
+ − 1397
* @param $page_id the page ID
+ − 1398
* @param $namespace the namespace
+ − 1399
* @return string error/success string
+ − 1400
*/
+ − 1401
+ − 1402
function flushlogs($page_id, $namespace)
+ − 1403
{
+ − 1404
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1405
if(!$session->get_permissions('clear_logs')) die('Administrative privileges are required to flush logs, you loser.');
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1406
$e = $db->sql_query('DELETE FROM ' . table_prefix.'logs WHERE page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\';');
1
+ − 1407
if(!$e) $db->_die('The log entries could not be deleted.');
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1408
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1409
// If the page exists, make a backup of it in case it gets spammed/vandalized
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1410
// If not, the admin's probably deleting a trash page
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1411
if ( isset($paths->pages[ $paths->nslist[$namespace] . $page_id ]) )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1412
{
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1413
$e = $db->sql_query('SELECT page_text,char_tag FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1414
if(!$e) $db->_die('The current page text could not be selected; as a result, creating the backup of the page failed. Please make a backup copy of the page by clicking Edit this page and then clicking Save Changes.');
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1415
$row = $db->fetchrow();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1416
$db->free_result();
259
112debff64bd
SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
diff
changeset
+ − 1417
$minor_edit = ( ENANO_DBLAYER == 'MYSQL' ) ? 'false' : '0';
112debff64bd
SURPRISE! Preliminary PostgreSQL support added. The required schema file is not present in this commit and will be included at a later date. No installer support is implemented. Also in this commit: several fixes including <!-- SYSMSG ... --> was broken in template compiler; set fixed width on included images to prevent the thumbnail box from getting huge; added a much more friendly interface to AJAX responses that are invalid JSON
Dan
diff
changeset
+ − 1418
$q='INSERT INTO ' . table_prefix.'logs(log_type,action,time_id,date_string,page_id,namespace,page_text,char_tag,author,edit_summary,minor_edit) VALUES(\'page\', \'edit\', '.time().', \''.date('d M Y h:i a').'\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $db->escape($row['page_text']) . '\', \'' . $row['char_tag'] . '\', \'' . $session->username . '\', \''."Automatic backup created when logs were purged".'\', '.$minor_edit.');';
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1419
if(!$db->sql_query($q)) $db->_die('The history (log) entry could not be inserted into the logs table.');
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1420
}
1
+ − 1421
return('The logs for this page have been cleared. A backup of this page has been added to the logs table so that this page can be restored in case of vandalism or spam later.');
+ − 1422
}
+ − 1423
+ − 1424
/**
+ − 1425
* Deletes a page.
28
+ − 1426
* @param string $page_id the condemned page ID
+ − 1427
* @param string $namespace the condemned namespace
+ − 1428
* @param string The reason for deleting the page in question
1
+ − 1429
* @return string
+ − 1430
*/
+ − 1431
28
+ − 1432
function deletepage($page_id, $namespace, $reason)
1
+ − 1433
{
+ − 1434
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1435
$perms = $session->fetch_page_acl($page_id, $namespace);
28
+ − 1436
$x = trim($reason);
+ − 1437
if ( empty($x) )
+ − 1438
{
+ − 1439
return 'Invalid reason for deletion passed';
+ − 1440
}
+ − 1441
if(!$perms->get_permissions('delete_page')) return('Administrative privileges are required to delete pages, you loser.');
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1442
$e = $db->sql_query('INSERT INTO ' . table_prefix.'logs(time_id,date_string,log_type,action,page_id,namespace,author,edit_summary) VALUES('.time().', \''.date('d M Y h:i a').'\', \'page\', \'delete\', \'' . $page_id . '\', \'' . $namespace . '\', \'' . $session->username . '\', \'' . $db->escape(htmlspecialchars($reason)) . '\')');
1
+ − 1443
if(!$e) $db->_die('The page log entry could not be inserted.');
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1444
$e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1445
if(!$e) $db->_die('The page categorization entries could not be deleted.');
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1446
$e = $db->sql_query('DELETE FROM ' . table_prefix.'comments WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1447
if(!$e) $db->_die('The page comments could not be deleted.');
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1448
$e = $db->sql_query('DELETE FROM ' . table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1449
if(!$e) $db->_die('The page text entry could not be deleted.');
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1450
$e = $db->sql_query('DELETE FROM ' . table_prefix.'pages WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'');
1
+ − 1451
if(!$e) $db->_die('The page entry could not be deleted.');
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1452
$e = $db->sql_query('DELETE FROM ' . table_prefix.'files WHERE page_id=\'' . $page_id . '\'');
1
+ − 1453
if(!$e) $db->_die('The file entry could not be deleted.');
+ − 1454
return('This page has been deleted. Note that there is still a log of edits and actions in the database, and anyone with admin rights can raise this page from the dead unless the log is cleared. If the deleted file is an image, there may still be cached thumbnails of it in the cache/ directory, which is inaccessible to users.');
+ − 1455
}
+ − 1456
+ − 1457
/**
+ − 1458
* Increments the deletion votes for a page by 1, and adds the current username/IP to the list of users that have voted for the page to prevent dual-voting
+ − 1459
* @param $page_id the page ID
+ − 1460
* @param $namespace the namespace
+ − 1461
* @return string
+ − 1462
*/
+ − 1463
+ − 1464
function delvote($page_id, $namespace)
+ − 1465
{
+ − 1466
global $db, $session, $paths, $template, $plugins; // Common objects
112
+ − 1467
if ( !$session->get_permissions('vote_delete') )
+ − 1468
{
1
+ − 1469
return 'Access denied';
112
+ − 1470
}
+ − 1471
+ − 1472
if ( $namespace == 'Admin' || $namespace == 'Special' || $namespace == 'System' )
+ − 1473
{
+ − 1474
return 'Special pages and system messages can\'t be voted for deletion.';
+ − 1475
}
+ − 1476
+ − 1477
$pname = $paths->nslist[$namespace] . sanitize_page_id($page_id);
+ − 1478
+ − 1479
if ( !isset($paths->pages[$pname]) )
+ − 1480
{
+ − 1481
return 'The page does not exist.';
+ − 1482
}
+ − 1483
+ − 1484
$cv =& $paths->pages[$pname]['delvotes'];
+ − 1485
$ips = $paths->pages[$pname]['delvote_ips'];
+ − 1486
+ − 1487
if ( empty($ips) )
+ − 1488
{
+ − 1489
$ips = array(
+ − 1490
'ip' => array(),
+ − 1491
'u' => array()
+ − 1492
);
+ − 1493
}
+ − 1494
else
+ − 1495
{
+ − 1496
$ips = @unserialize($ips);
+ − 1497
if ( !$ips )
+ − 1498
{
+ − 1499
$ips = array(
+ − 1500
'ip' => array(),
+ − 1501
'u' => array()
+ − 1502
);
+ − 1503
}
+ − 1504
}
+ − 1505
+ − 1506
if ( in_array($session->username, $ips['u']) || in_array($_SERVER['REMOTE_ADDR'], $ips['ip']) )
+ − 1507
{
+ − 1508
return 'It appears that you have already voted to have this page deleted.';
+ − 1509
}
+ − 1510
+ − 1511
$ips['u'][] = $session->username;
+ − 1512
$ips['ip'][] = $_SERVER['REMOTE_ADDR'];
+ − 1513
$ips = $db->escape( serialize($ips) );
+ − 1514
1
+ − 1515
$cv++;
112
+ − 1516
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1517
$q = 'UPDATE ' . table_prefix.'pages SET delvotes=' . $cv . ',delvote_ips=\'' . $ips . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 1518
$w = $db->sql_query($q);
112
+ − 1519
+ − 1520
return 'Your vote to have this page deleted has been cast.'."\nYou are encouraged to leave a comment explaining the reason for your vote.";
1
+ − 1521
}
+ − 1522
+ − 1523
/**
+ − 1524
* Resets the number of votes against a page to 0.
+ − 1525
* @param $page_id the page ID
+ − 1526
* @param $namespace the namespace
+ − 1527
* @return string
+ − 1528
*/
+ − 1529
+ − 1530
function resetdelvotes($page_id, $namespace)
+ − 1531
{
+ − 1532
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1533
if(!$session->get_permissions('vote_reset')) die('You need moderator rights in order to do this, stinkin\' hacker.');
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1534
$q = 'UPDATE ' . table_prefix.'pages SET delvotes=0,delvote_ips=\'' . $db->escape(serialize(array('ip'=>array(),'u'=>array()))) . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\'';
1
+ − 1535
$e = $db->sql_query($q);
+ − 1536
if(!$e) $db->_die('The number of delete votes was not reset.');
+ − 1537
else return('The number of votes for having this page deleted has been reset to zero.');
+ − 1538
}
+ − 1539
+ − 1540
/**
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1541
* Gets a list of styles for a given theme name. As of Banshee, this returns JSON.
1
+ − 1542
* @param $id the name of the directory for the theme
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1543
* @return string JSON string with an array containing a list of themes
1
+ − 1544
*/
+ − 1545
+ − 1546
function getstyles()
+ − 1547
{
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1548
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1549
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1550
if ( !preg_match('/^([a-z0-9_-]+)$/', $_GET['id']) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1551
return $json->encode(false);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1552
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1553
$dir = './themes/' . $_GET['id'] . '/css/';
1
+ − 1554
$list = Array();
+ − 1555
// Open a known directory, and proceed to read its contents
+ − 1556
if (is_dir($dir)) {
+ − 1557
if ($dh = opendir($dir)) {
+ − 1558
while (($file = readdir($dh)) !== false) {
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1559
if ( preg_match('#^(.*?)\.css$#is', $file) && $file != '_printable.css' ) // _printable.css should be included with every theme
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1560
{ // it should be a copy of the original style, but
1
+ − 1561
// mostly black and white
+ − 1562
// Note to self: document this
+ − 1563
$list[] = substr($file, 0, strlen($file)-4);
+ − 1564
}
+ − 1565
}
+ − 1566
closedir($dh);
+ − 1567
}
+ − 1568
}
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1569
else
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1570
{
39
c83ff194977a
Changed animation on flying message boxes; bugfix for "Array" response in theme changer; added diff CSS to enano-shared; allowed spaces in username during install
Dan
diff
changeset
+ − 1571
return($json->encode(Array('mode' => 'error', 'error' => $dir.' is not a dir')));
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1572
}
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1573
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 1574
return $json->encode($list);
1
+ − 1575
}
+ − 1576
+ − 1577
/**
+ − 1578
* Assembles a Javascript app with category information
+ − 1579
* @param $page_id the page ID
+ − 1580
* @param $namespace the namespace
+ − 1581
* @return string Javascript code
+ − 1582
*/
+ − 1583
+ − 1584
function catedit($page_id, $namespace)
+ − 1585
{
+ − 1586
$d = PageUtils::catedit_raw($page_id, $namespace);
+ − 1587
return $d[0] . ' /* BEGIN CONTENT */ document.getElementById("ajaxEditContainer").innerHTML = unescape(\''.rawurlencode($d[1]).'\');';
+ − 1588
}
+ − 1589
+ − 1590
/**
+ − 1591
* Does the actual HTML/javascript generation for cat editing, but returns an array
+ − 1592
* @access private
+ − 1593
*/
+ − 1594
+ − 1595
function catedit_raw($page_id, $namespace)
+ − 1596
{
+ − 1597
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1598
ob_start();
+ − 1599
$_ob = '';
261
+ − 1600
$e = $db->sql_query('SELECT category_id FROM ' . table_prefix.'categories WHERE page_id=\'' . $paths->page_id . '\' AND namespace=\'' . $paths->namespace . '\'');
1
+ − 1601
if(!$e) jsdie('Error selecting category information for current page: '.mysql_error());
+ − 1602
$cat_current = Array();
+ − 1603
while($r = $db->fetchrow())
+ − 1604
{
+ − 1605
$cat_current[] = $r;
+ − 1606
}
+ − 1607
$db->free_result();
+ − 1608
$cat_all = Array();
+ − 1609
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1610
{
+ − 1611
if($paths->pages[$i]['namespace']=='Category') $cat_all[] = $paths->pages[$i];
+ − 1612
}
+ − 1613
+ − 1614
// Make $cat_all an associative array, like $paths->pages
+ − 1615
$sz = sizeof($cat_all);
+ − 1616
for($i=0;$i<$sz;$i++)
+ − 1617
{
+ − 1618
$cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i];
+ − 1619
}
+ − 1620
// Now, the "zipper" function - join the list of categories with the list of cats that this page is a part of
+ − 1621
$cat_info = $cat_all;
+ − 1622
for($i=0;$i<sizeof($cat_current);$i++)
+ − 1623
{
+ − 1624
$un = $cat_current[$i]['category_id'];
+ − 1625
$cat_info[$un]['member'] = true;
+ − 1626
}
+ − 1627
// Now copy the information we just set into the numerically named keys
+ − 1628
for($i=0;$i<sizeof($cat_info)/2;$i++)
+ − 1629
{
+ − 1630
$un = $cat_info[$i]['urlname_nons'];
+ − 1631
$cat_info[$i] = $cat_info[$un];
+ − 1632
}
+ − 1633
+ − 1634
echo 'catlist = new Array();'; // Initialize the client-side category list
+ − 1635
$_ob .= '<h3>Select which categories this page should be included in.</h3>
+ − 1636
<form name="mdgCatForm" action="'.makeUrlNS($namespace, $page_id, 'do=catedit').'" method="post">';
+ − 1637
if ( sizeof($cat_info) < 1 )
+ − 1638
{
+ − 1639
$_ob .= '<p>There are no categories on this site yet.</p>';
+ − 1640
}
+ − 1641
for ( $i = 0; $i < sizeof($cat_info) / 2; $i++ )
+ − 1642
{
+ − 1643
// Protection code added 1/3/07
+ − 1644
// Updated 3/4/07
+ − 1645
$is_prot = false;
+ − 1646
$perms = $session->fetch_page_acl($cat_info[$i]['urlname_nons'], 'Category');
+ − 1647
if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
+ − 1648
( $cat_info[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) )
+ − 1649
$is_prot = true;
+ − 1650
$prot = ( $is_prot ) ? ' disabled="disabled" ' : '';
+ − 1651
$prottext = ( $is_prot ) ? ' <img alt="(protected)" width="16" height="16" src="'.scriptPath.'/images/lock16.png" />' : '';
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1652
echo 'catlist[' . $i . '] = \'' . $cat_info[$i]['urlname_nons'] . '\';';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1653
$_ob .= '<span class="catCheck"><input ' . $prot . ' name="' . $cat_info[$i]['urlname_nons'] . '" id="mdgCat_' . $cat_info[$i]['urlname_nons'] . '" type="checkbox"';
1
+ − 1654
if(isset($cat_info[$i]['member'])) $_ob .= ' checked="checked"';
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1655
$_ob .= '/> <label for="mdgCat_' . $cat_info[$i]['urlname_nons'] . '">' . $cat_info[$i]['name'].$prottext.'</label></span><br />';
1
+ − 1656
}
+ − 1657
+ − 1658
$disabled = ( sizeof($cat_info) < 1 ) ? 'disabled="disabled"' : '';
+ − 1659
+ − 1660
$_ob .= '<div style="border-top: 1px solid #CCC; padding-top: 5px; margin-top: 10px;"><input name="__enanoSaveButton" ' . $disabled . ' style="font-weight: bold;" type="submit" onclick="ajaxCatSave(); return false;" value="Save changes" /> <input name="__enanoCatCancel" type="submit" onclick="ajaxReset(); return false;" value="Cancel" /></div></form>';
+ − 1661
+ − 1662
$cont = ob_get_contents();
+ − 1663
ob_end_clean();
+ − 1664
return Array($cont, $_ob);
+ − 1665
}
+ − 1666
+ − 1667
/**
+ − 1668
* Saves category information
+ − 1669
* WARNING: If $which_cats is empty, all the category information for the selected page will be nuked!
+ − 1670
* @param $page_id string the page ID
+ − 1671
* @param $namespace string the namespace
+ − 1672
* @param $which_cats array associative array of categories to put the page in
+ − 1673
* @return string "GOOD" on success, error string on failure
+ − 1674
*/
+ − 1675
+ − 1676
function catsave($page_id, $namespace, $which_cats)
+ − 1677
{
+ − 1678
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1679
if(!$session->get_permissions('edit_cat')) return('Insufficient privileges to change category information');
+ − 1680
+ − 1681
$page_perms = $session->fetch_page_acl($page_id, $namespace);
+ − 1682
$page_data =& $paths->pages[$paths->nslist[$namespace].$page_id];
+ − 1683
+ − 1684
$cat_all = Array();
+ − 1685
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 1686
{
+ − 1687
if($paths->pages[$i]['namespace']=='Category') $cat_all[] = $paths->pages[$i];
+ − 1688
}
+ − 1689
+ − 1690
// Make $cat_all an associative array, like $paths->pages
+ − 1691
$sz = sizeof($cat_all);
+ − 1692
for($i=0;$i<$sz;$i++)
+ − 1693
{
+ − 1694
$cat_all[$cat_all[$i]['urlname_nons']] = $cat_all[$i];
+ − 1695
}
+ − 1696
+ − 1697
$rowlist = Array();
+ − 1698
+ − 1699
for($i=0;$i<sizeof($cat_all)/2;$i++)
+ − 1700
{
+ − 1701
$auth = true;
+ − 1702
$perms = $session->fetch_page_acl($cat_all[$i]['urlname_nons'], 'Category');
+ − 1703
if ( !$session->get_permissions('edit_cat') || !$perms->get_permissions('edit_cat') ||
+ − 1704
( $cat_all[$i]['really_protected'] && !$perms->get_permissions('even_when_protected') ) ||
+ − 1705
( !$page_perms->get_permissions('even_when_protected') && $page_data['protected'] == '1' ) )
+ − 1706
$auth = false;
+ − 1707
if(!$auth)
+ − 1708
{
+ − 1709
// Find out if the page is currently in the category
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1710
$q = $db->sql_query('SELECT * FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
+ − 1711
if(!$q)
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1712
return 'MySQL error: ' . $db->get_error();
1
+ − 1713
if($db->numrows() > 0)
+ − 1714
{
+ − 1715
$auth = true;
+ − 1716
$which_cats[$cat_all[$i]['urlname_nons']] = true; // Force the category to stay in its current state
+ − 1717
}
+ − 1718
$db->free_result();
+ − 1719
}
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1720
if(isset($which_cats[$cat_all[$i]['urlname_nons']]) && $which_cats[$cat_all[$i]['urlname_nons']] == true /* for clarity ;-) */ && $auth ) $rowlist[] = '(\'' . $page_id . '\', \'' . $namespace . '\', \'' . $cat_all[$i]['urlname_nons'] . '\')';
1
+ − 1721
}
+ − 1722
if(sizeof($rowlist) > 0)
+ − 1723
{
+ − 1724
$val = implode(',', $rowlist);
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1725
$q = 'INSERT INTO ' . table_prefix.'categories(page_id,namespace,category_id) VALUES' . $val . ';';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1726
$e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
+ − 1727
if(!$e) $db->_die('The old category data could not be deleted.');
+ − 1728
$e = $db->sql_query($q);
+ − 1729
if(!$e) $db->_die('The new category data could not be inserted.');
+ − 1730
return('GOOD');
+ − 1731
}
+ − 1732
else
+ − 1733
{
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1734
$e = $db->sql_query('DELETE FROM ' . table_prefix.'categories WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
1
+ − 1735
if(!$e) $db->_die('The old category data could not be deleted.');
+ − 1736
return('GOOD');
+ − 1737
}
+ − 1738
}
+ − 1739
+ − 1740
/**
+ − 1741
* Sets the wiki mode level for a page.
+ − 1742
* @param $page_id string the page ID
+ − 1743
* @param $namespace string the namespace
+ − 1744
* @param $level int 0 for off, 1 for on, 2 for use global setting
+ − 1745
* @return string "GOOD" on success, error string on failure
+ − 1746
*/
+ − 1747
+ − 1748
function setwikimode($page_id, $namespace, $level)
+ − 1749
{
+ − 1750
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1751
if(!$session->get_permissions('set_wiki_mode')) return('Insufficient access rights');
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1752
if ( !isset($level) || ( isset($level) && !preg_match('#^([0-2]){1}$#', (string)$level) ) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1753
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1754
return('Invalid mode string');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1755
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1756
$q = $db->sql_query('UPDATE ' . table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1757
if ( !$q )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1758
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1759
return('Error during update query: '.mysql_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1760
}
1
+ − 1761
return('GOOD');
+ − 1762
}
+ − 1763
+ − 1764
/**
+ − 1765
* Sets the access password for a page.
+ − 1766
* @param $page_id string the page ID
+ − 1767
* @param $namespace string the namespace
+ − 1768
* @param $pass string the SHA1 hash of the password - if the password doesn't match the regex ^([0-9a-f]*){40,40}$ it will be sha1'ed
+ − 1769
* @return string
+ − 1770
*/
+ − 1771
+ − 1772
function setpass($page_id, $namespace, $pass)
+ − 1773
{
+ − 1774
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1775
// Determine permissions
+ − 1776
if($paths->pages[$paths->nslist[$namespace].$page_id]['password'] != '')
+ − 1777
$a = $session->get_permissions('password_reset');
+ − 1778
else
+ − 1779
$a = $session->get_permissions('password_set');
+ − 1780
if(!$a)
+ − 1781
return 'Access is denied';
+ − 1782
if(!isset($pass)) return('Password was not set on URL');
+ − 1783
$p = $pass;
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1784
if ( !preg_match('#([0-9a-f]){40,40}#', $p) )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1785
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1786
$p = sha1($p);
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1787
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1788
if ( $p == 'da39a3ee5e6b4b0d3255bfef95601890afd80709' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1789
// sha1('') = da39a3ee5e6b4b0d3255bfef95601890afd80709
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1790
$p = '';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1791
$e = $db->sql_query('UPDATE ' . table_prefix.'pages SET password=\'' . $p . '\' WHERE urlname=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1792
if ( !$e )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1793
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1794
die('PageUtils::setpass(): Error during update query: '.mysql_error()."\n\nSQL Backtrace:\n".$db->sql_backtrace());
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1795
}
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1796
// Is the new password blank?
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1797
if ( $p == '' )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1798
{
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1799
return('The password for this page has been disabled.');
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1800
}
1
+ − 1801
else return('The password for this page has been set.');
+ − 1802
}
+ − 1803
+ − 1804
/**
+ − 1805
* Generates some preview HTML
+ − 1806
* @param $text string the wikitext to use
+ − 1807
* @return string
+ − 1808
*/
+ − 1809
+ − 1810
function genPreview($text)
+ − 1811
{
102
+ − 1812
$ret = '<div class="info-box"><b>Reminder:</b> This is only a preview - your changes to this page have not yet been saved.</div><div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: 250px; overflow: auto; margin: 1em 0 1em 1em;">';
+ − 1813
$text = RenderMan::render(RenderMan::preprocess_text($text, false, false));
+ − 1814
ob_start();
+ − 1815
eval('?>' . $text);
+ − 1816
$text = ob_get_contents();
+ − 1817
ob_end_clean();
+ − 1818
$ret .= $text;
+ − 1819
$ret .= '</div>';
+ − 1820
return $ret;
1
+ − 1821
}
+ − 1822
+ − 1823
/**
+ − 1824
* Makes a scrollable box
+ − 1825
* @param string $text the inner HTML
+ − 1826
* @param int $height Optional - the maximum height. Defaults to 250.
+ − 1827
* @return string
+ − 1828
*/
+ − 1829
+ − 1830
function scrollBox($text, $height = 250)
+ − 1831
{
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1832
return '<div style="background-color: #F8F8F8; padding: 10px; border: 1px dashed #406080; max-height: '.(string)intval($height).'px; overflow: auto; margin: 1em 0 1em 1em;">' . $text . '</div>';
1
+ − 1833
}
+ − 1834
+ − 1835
/**
+ − 1836
* Generates a diff summary between two page revisions.
+ − 1837
* @param $page_id the page ID
+ − 1838
* @param $namespace the namespace
+ − 1839
* @param $id1 the time ID of the first revision
+ − 1840
* @param $id2 the time ID of the second revision
+ − 1841
* @return string XHTML-formatted diff
+ − 1842
*/
+ − 1843
+ − 1844
function pagediff($page_id, $namespace, $id1, $id2)
+ − 1845
{
+ − 1846
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1847
if(!$session->get_permissions('history_view'))
+ − 1848
return 'Access denied';
+ − 1849
if(!preg_match('#^([0-9]+)$#', (string)$id1) ||
+ − 1850
!preg_match('#^([0-9]+)$#', (string)$id2 )) return 'SQL injection attempt';
+ − 1851
// OK we made it through security
+ − 1852
// Safest way to make sure we don't end up with the revisions in wrong columns is to make 2 queries
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1853
if(!$q1 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id1 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: '.mysql_error();
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1854
if(!$q2 = $db->sql_query('SELECT page_text,char_tag,author,edit_summary FROM ' . table_prefix.'logs WHERE time_id=' . $id2 . ' AND log_type=\'page\' AND action=\'edit\' AND page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\';')) return 'MySQL error: '.mysql_error();
1
+ − 1855
$row1 = $db->fetchrow($q1);
+ − 1856
$db->free_result($q1);
+ − 1857
$row2 = $db->fetchrow($q2);
+ − 1858
$db->free_result($q2);
+ − 1859
if(sizeof($row1) < 1 || sizeof($row2) < 2) return 'Couldn\'t find any rows that matched the query. The time ID probably doesn\'t exist in the logs table.';
+ − 1860
$text1 = $row1['page_text'];
+ − 1861
$text2 = $row2['page_text'];
+ − 1862
$time1 = date('F d, Y h:i a', $id1);
+ − 1863
$time2 = date('F d, Y h:i a', $id2);
+ − 1864
$_ob = "
+ − 1865
<p>Comparing revisions: {$time1} → {$time2}</p>
+ − 1866
";
+ − 1867
// Free some memory
+ − 1868
unset($row1, $row2, $q1, $q2);
+ − 1869
+ − 1870
$_ob .= RenderMan::diff($text1, $text2);
+ − 1871
return $_ob;
+ − 1872
}
+ − 1873
+ − 1874
/**
+ − 1875
* Gets ACL information about the selected page for target type X and target ID Y.
+ − 1876
* @param string $page_id The page ID
+ − 1877
* @param string $namespace The namespace
+ − 1878
* @param array $parms What to select. This is an array purely for JSON compatibility. It should be an associative array with keys target_type and target_id.
+ − 1879
* @return array
+ − 1880
*/
+ − 1881
+ − 1882
function acl_editor($parms = Array())
+ − 1883
{
+ − 1884
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1885
if(!$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN)
40
+ − 1886
{
+ − 1887
return Array(
+ − 1888
'mode' => 'error',
+ − 1889
'error' => 'You are not authorized to view or edit access control lists.'
+ − 1890
);
+ − 1891
}
1
+ − 1892
$parms['page_id'] = ( isset($parms['page_id']) ) ? $parms['page_id'] : false;
+ − 1893
$parms['namespace'] = ( isset($parms['namespace']) ) ? $parms['namespace'] : false;
+ − 1894
$page_id =& $parms['page_id'];
+ − 1895
$namespace =& $parms['namespace'];
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1896
$page_where_clause = ( empty($page_id) || empty($namespace) ) ? 'AND a.page_id IS NULL AND a.namespace IS NULL' : 'AND a.page_id=\'' . $db->escape($page_id) . '\' AND a.namespace=\'' . $db->escape($namespace) . '\'';
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1897
$page_where_clause_lite = ( empty($page_id) || empty($namespace) ) ? 'AND page_id IS NULL AND namespace IS NULL' : 'AND page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $db->escape($namespace) . '\'';
1
+ − 1898
//die(print_r($page_id,true));
+ − 1899
$template->load_theme();
+ − 1900
// $perms_obj = $session->fetch_page_acl($page_id, $namespace);
+ − 1901
$perms_obj =& $session;
+ − 1902
$return = Array();
+ − 1903
if ( !file_exists(ENANO_ROOT . '/themes/' . $session->theme . '/acledit.tpl') )
+ − 1904
{
+ − 1905
return Array(
+ − 1906
'mode' => 'error',
+ − 1907
'error' => 'It seems that (a) the file acledit.tpl is missing from these theme, and (b) the JSON response is working.',
+ − 1908
);
+ − 1909
}
+ − 1910
$return['template'] = $template->extract_vars('acledit.tpl');
+ − 1911
$return['page_id'] = $page_id;
+ − 1912
$return['namespace'] = $namespace;
+ − 1913
if(isset($parms['mode']))
+ − 1914
{
+ − 1915
switch($parms['mode'])
+ − 1916
{
+ − 1917
case 'listgroups':
+ − 1918
$return['groups'] = Array();
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1919
$q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups ORDER BY group_name ASC;');
1
+ − 1920
while($row = $db->fetchrow())
+ − 1921
{
+ − 1922
$return['groups'][] = Array(
+ − 1923
'id' => $row['group_id'],
+ − 1924
'name' => $row['group_name'],
+ − 1925
);
+ − 1926
}
+ − 1927
$db->free_result();
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1928
$return['page_groups'] = Array();
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1929
$q = $db->sql_query('SELECT pg_id,pg_name FROM ' . table_prefix.'page_groups ORDER BY pg_name ASC;');
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1930
if ( !$q )
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1931
return Array(
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1932
'mode' => 'error',
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1933
'error' => $db->get_error()
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1934
);
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1935
while ( $row = $db->fetchrow() )
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1936
{
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1937
$return['page_groups'][] = Array(
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1938
'id' => $row['pg_id'],
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1939
'name' => $row['pg_name']
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1940
);
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1941
}
1
+ − 1942
break;
+ − 1943
case 'seltarget':
+ − 1944
$return['mode'] = 'seltarget';
+ − 1945
$return['acl_types'] = $perms_obj->acl_types;
+ − 1946
$return['acl_deps'] = $perms_obj->acl_deps;
+ − 1947
$return['acl_descs'] = $perms_obj->acl_descs;
+ − 1948
$return['target_type'] = $parms['target_type'];
+ − 1949
$return['target_id'] = $parms['target_id'];
+ − 1950
switch($parms['target_type'])
+ − 1951
{
+ − 1952
case ACL_TYPE_USER:
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1953
$q = $db->sql_query('SELECT a.rules,u.user_id FROM ' . table_prefix.'users AS u
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1954
LEFT JOIN ' . table_prefix.'acl AS a
1
+ − 1955
ON a.target_id=u.user_id
+ − 1956
WHERE a.target_type='.ACL_TYPE_USER.'
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1957
AND u.username=\'' . $db->escape($parms['target_id']) . '\'
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1958
' . $page_where_clause . ';');
1
+ − 1959
if(!$q)
+ − 1960
return(Array('mode'=>'error','error'=>mysql_error()));
+ − 1961
if($db->numrows() < 1)
+ − 1962
{
+ − 1963
$return['type'] = 'new';
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 1964
$q = $db->sql_query('SELECT user_id FROM ' . table_prefix.'users WHERE username=\'' . $db->escape($parms['target_id']) . '\';');
1
+ − 1965
if(!$q)
+ − 1966
return(Array('mode'=>'error','error'=>mysql_error()));
+ − 1967
if($db->numrows() < 1)
+ − 1968
return Array('mode'=>'error','error'=>'The username you entered was not found.');
+ − 1969
$row = $db->fetchrow();
+ − 1970
$return['target_name'] = $return['target_id'];
+ − 1971
$return['target_id'] = intval($row['user_id']);
+ − 1972
$return['current_perms'] = $session->acl_types;
+ − 1973
}
+ − 1974
else
+ − 1975
{
+ − 1976
$return['type'] = 'edit';
+ − 1977
$row = $db->fetchrow();
+ − 1978
$return['target_name'] = $return['target_id'];
+ − 1979
$return['target_id'] = intval($row['user_id']);
+ − 1980
$return['current_perms'] = $session->acl_merge($perms_obj->acl_types, $session->string_to_perm($row['rules']));
+ − 1981
}
+ − 1982
$db->free_result();
+ − 1983
// Eliminate types that don't apply to this namespace
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 1984
if ( $namespace && $namespace != '__PageGroup' )
1
+ − 1985
{
+ − 1986
foreach ( $return['current_perms'] AS $i => $perm )
+ − 1987
{
+ − 1988
if ( ( $page_id != null && $namespace != null ) && ( !in_array ( $namespace, $session->acl_scope[$i] ) && !in_array('All', $session->acl_scope[$i]) ) )
+ − 1989
{
+ − 1990
// echo "// SCOPE CONTROL: eliminating: $i\n";
+ − 1991
unset($return['current_perms'][$i]);
+ − 1992
unset($return['acl_types'][$i]);
+ − 1993
unset($return['acl_descs'][$i]);
+ − 1994
unset($return['acl_deps'][$i]);
+ − 1995
}
+ − 1996
}
+ − 1997
}
+ − 1998
break;
+ − 1999
case ACL_TYPE_GROUP:
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2000
$q = $db->sql_query('SELECT a.rules,g.group_name,g.group_id FROM ' . table_prefix.'groups AS g
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2001
LEFT JOIN ' . table_prefix.'acl AS a
1
+ − 2002
ON a.target_id=g.group_id
+ − 2003
WHERE a.target_type='.ACL_TYPE_GROUP.'
+ − 2004
AND g.group_id=\''.intval($parms['target_id']).'\'
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2005
' . $page_where_clause . ';');
1
+ − 2006
if(!$q)
+ − 2007
return(Array('mode'=>'error','error'=>mysql_error()));
+ − 2008
if($db->numrows() < 1)
+ − 2009
{
+ − 2010
$return['type'] = 'new';
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2011
$q = $db->sql_query('SELECT group_id,group_name FROM ' . table_prefix.'groups WHERE group_id=\''.intval($parms['target_id']).'\';');
1
+ − 2012
if(!$q)
+ − 2013
return(Array('mode'=>'error','error'=>mysql_error()));
+ − 2014
if($db->numrows() < 1)
+ − 2015
return Array('mode'=>'error','error'=>'The group ID you submitted is not valid.');
+ − 2016
$row = $db->fetchrow();
+ − 2017
$return['target_name'] = $row['group_name'];
+ − 2018
$return['target_id'] = intval($row['group_id']);
+ − 2019
$return['current_perms'] = $session->acl_types;
+ − 2020
}
+ − 2021
else
+ − 2022
{
+ − 2023
$return['type'] = 'edit';
+ − 2024
$row = $db->fetchrow();
+ − 2025
$return['target_name'] = $row['group_name'];
+ − 2026
$return['target_id'] = intval($row['group_id']);
+ − 2027
$return['current_perms'] = $session->acl_merge($session->acl_types, $session->string_to_perm($row['rules']));
+ − 2028
}
+ − 2029
$db->free_result();
+ − 2030
// Eliminate types that don't apply to this namespace
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 2031
if ( $namespace && $namespace != '__PageGroup' )
1
+ − 2032
{
+ − 2033
foreach ( $return['current_perms'] AS $i => $perm )
+ − 2034
{
+ − 2035
if ( ( $page_id != false && $namespace != false ) && ( !in_array ( $namespace, $session->acl_scope[$i] ) && !in_array('All', $session->acl_scope[$i]) ) )
+ − 2036
{
+ − 2037
// echo "// SCOPE CONTROL: eliminating: $i\n"; //; ".print_r($namespace,true).":".print_r($page_id,true)."\n";
+ − 2038
unset($return['current_perms'][$i]);
+ − 2039
unset($return['acl_types'][$i]);
+ − 2040
unset($return['acl_descs'][$i]);
+ − 2041
unset($return['acl_deps'][$i]);
+ − 2042
}
+ − 2043
}
+ − 2044
}
+ − 2045
//return Array('mode'=>'debug','text'=>print_r($return, true));
+ − 2046
break;
+ − 2047
default:
+ − 2048
return Array('mode'=>'error','error','Invalid ACL type ID');
+ − 2049
break;
+ − 2050
}
+ − 2051
return $return;
+ − 2052
break;
+ − 2053
case 'save_new':
+ − 2054
case 'save_edit':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2055
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2056
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2057
return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2058
}
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2059
$q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2060
' . $page_where_clause_lite . ';');
1
+ − 2061
if(!$q)
+ − 2062
return Array('mode'=>'error','error'=>mysql_error());
+ − 2063
$rules = $session->perm_to_string($parms['perms']);
+ − 2064
if ( sizeof ( $rules ) < 1 )
+ − 2065
{
+ − 2066
return array(
+ − 2067
'mode' => 'error',
+ − 2068
'error' => 'Supplied rule list has a length of zero'
+ − 2069
);
+ − 2070
}
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2071
$q = ($page_id && $namespace) ? 'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, page_id, namespace, rules )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2072
VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($page_id) . '\', \'' . $db->escape($namespace) . '\', \'' . $db->escape($rules) . '\' )' :
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2073
'INSERT INTO ' . table_prefix.'acl ( target_type, target_id, rules )
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2074
VALUES( '.intval($parms['target_type']).', '.intval($parms['target_id']).', \'' . $db->escape($rules) . '\' )';
1
+ − 2075
if(!$db->sql_query($q)) return Array('mode'=>'error','error'=>mysql_error());
+ − 2076
return Array(
+ − 2077
'mode' => 'success',
+ − 2078
'target_type' => $parms['target_type'],
+ − 2079
'target_id' => $parms['target_id'],
+ − 2080
'target_name' => $parms['target_name'],
+ − 2081
'page_id' => $page_id,
+ − 2082
'namespace' => $namespace,
+ − 2083
);
+ − 2084
break;
+ − 2085
case 'delete':
19
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2086
if ( defined('ENANO_DEMO_MODE') )
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2087
{
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2088
return Array('mode'=>'error','error'=>'Editing access control lists is disabled in the administration demo.');
5d003b6c9e89
Added demo mode functionality to various parts of Enano (unlocked only with a plugin) and fixed groups table
Dan
diff
changeset
+ − 2089
}
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2090
$q = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE target_type='.intval($parms['target_type']).' AND target_id='.intval($parms['target_id']).'
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2091
' . $page_where_clause_lite . ';');
1
+ − 2092
if(!$q)
+ − 2093
return Array('mode'=>'error','error'=>mysql_error());
+ − 2094
return Array(
+ − 2095
'mode' => 'delete',
+ − 2096
'target_type' => $parms['target_type'],
+ − 2097
'target_id' => $parms['target_id'],
+ − 2098
'target_name' => $parms['target_name'],
+ − 2099
'page_id' => $page_id,
+ − 2100
'namespace' => $namespace,
+ − 2101
);
+ − 2102
break;
+ − 2103
default:
+ − 2104
return Array('mode'=>'error','error'=>'Hacking attempt');
+ − 2105
break;
+ − 2106
}
+ − 2107
}
+ − 2108
return $return;
+ − 2109
}
+ − 2110
+ − 2111
/**
+ − 2112
* Same as PageUtils::acl_editor(), but the parms are a JSON string instead of an array. This also returns a JSON string.
+ − 2113
* @param string $parms Same as PageUtils::acl_editor/$parms, but should be a valid JSON string.
+ − 2114
* @return string
+ − 2115
*/
+ − 2116
+ − 2117
function acl_json($parms = '{ }')
+ − 2118
{
+ − 2119
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2120
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 2121
$parms = $json->decode($parms);
+ − 2122
$ret = PageUtils::acl_editor($parms);
+ − 2123
$ret = $json->encode($ret);
+ − 2124
return $ret;
+ − 2125
}
+ − 2126
+ − 2127
/**
+ − 2128
* A non-Javascript frontend for the ACL API.
+ − 2129
* @param array The request data, if any, this should be in the format required by PageUtils::acl_editor()
+ − 2130
*/
+ − 2131
+ − 2132
function aclmanager($parms)
+ − 2133
{
+ − 2134
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 2135
ob_start();
+ − 2136
// Convenience
+ − 2137
$formstart = '<form
+ − 2138
action="' . makeUrl($paths->page, 'do=aclmanager', true) . '"
+ − 2139
method="post" enctype="multipart/form-data"
+ − 2140
onsubmit="if(!submitAuthorized) return false;"
+ − 2141
>';
+ − 2142
$formend = '</form>';
+ − 2143
$parms = PageUtils::acl_preprocess($parms);
+ − 2144
$response = PageUtils::acl_editor($parms);
+ − 2145
$response = PageUtils::acl_postprocess($response);
+ − 2146
+ − 2147
//die('<pre>' . htmlspecialchars(print_r($response, true)) . '</pre>');
+ − 2148
+ − 2149
switch($response['mode'])
+ − 2150
{
+ − 2151
case 'debug':
+ − 2152
echo '<pre>' . htmlspecialchars($response['text']) . '</pre>';
+ − 2153
break;
+ − 2154
case 'stage1':
+ − 2155
echo '<h3>Manage page access</h3>
+ − 2156
<p>Please select who should be affected by this access rule.</p>';
+ − 2157
echo $formstart;
+ − 2158
echo '<p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_GROUP . '" checked="checked" /> A usergroup</label></p>
+ − 2159
<p><select name="data[target_id_grp]">';
+ − 2160
foreach ( $response['groups'] as $group )
+ − 2161
{
+ − 2162
echo '<option value="' . $group['id'] . '">' . $group['name'] . '</option>';
+ − 2163
}
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2164
// page group selector
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2165
$groupsel = '';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2166
if ( count($response['page_groups']) > 0 )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2167
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2168
$groupsel = '<p><label><input type="radio" name="data[scope]" value="page_group" /> A group of pages</label></p>
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2169
<p><select name="data[pg_id]">';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2170
foreach ( $response['page_groups'] as $grp )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2171
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2172
$groupsel .= '<option value="' . $grp['id'] . '">' . htmlspecialchars($grp['name']) . '</option>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2173
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2174
$groupsel .= '</select></p>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2175
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2176
1
+ − 2177
echo '</select></p>
+ − 2178
<p><label><input type="radio" name="data[target_type]" value="' . ACL_TYPE_USER . '" /> A specific user</label></p>
+ − 2179
<p>' . $template->username_field('data[target_id_user]') . '</p>
+ − 2180
<p>What should this access rule control?</p>
+ − 2181
<p><label><input name="data[scope]" value="only_this" type="radio" checked="checked" /> Only this page</p>
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2182
' . $groupsel . '
1
+ − 2183
<p><label><input name="data[scope]" value="entire_site" type="radio" /> The entire site</p>
+ − 2184
<div style="margin: 0 auto 0 0; text-align: right;">
+ − 2185
<input name="data[mode]" value="seltarget" type="hidden" />
261
+ − 2186
<input type="hidden" name="data[page_id]" value="' . $paths->page_id . '" />
1
+ − 2187
<input type="hidden" name="data[namespace]" value="' . $paths->namespace . '" />
+ − 2188
<input type="submit" value="Next >" />
+ − 2189
</div>';
+ − 2190
echo $formend;
+ − 2191
break;
+ − 2192
case 'success':
+ − 2193
echo '<div class="info-box">
+ − 2194
<b>Permissions updated</b><br />
+ − 2195
The permissions for ' . $response['target_name'] . ' on this page have been updated successfully.<br />
+ − 2196
' . $formstart . '
+ − 2197
<input type="hidden" name="data[mode]" value="seltarget" />
+ − 2198
<input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2199
<input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2200
<input type="hidden" name="data[target_id_grp]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2201
<input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
+ − 2202
<input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
+ − 2203
<input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
+ − 2204
<input type="submit" value="Return to ACL editor" /> <input type="submit" name="data[act_go_stage1]" value="Return to user/scope selection" />
+ − 2205
' . $formend . '
+ − 2206
</div>';
+ − 2207
break;
+ − 2208
case 'delete':
+ − 2209
echo '<div class="info-box">
+ − 2210
<b>Rule deleted</b><br />
+ − 2211
The selected access rule has been successfully deleted.<br />
+ − 2212
' . $formstart . '
+ − 2213
<input type="hidden" name="data[mode]" value="seltarget" />
+ − 2214
<input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2215
<input type="hidden" name="data[target_id_user]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2216
<input type="hidden" name="data[target_id_grp]" value="' . ( ( intval($response['target_type']) == ACL_TYPE_USER ) ? $response['target_name'] : $response['target_id'] ) .'" />
+ − 2217
<input type="hidden" name="data[scope]" value="' . ( ( $response['page_id'] ) ? 'only_this' : 'entire_site' ) . '" />
+ − 2218
<input type="hidden" name="data[page_id]" value="' . ( ( $response['page_id'] ) ? $response['page_id'] : 'false' ) . '" />
+ − 2219
<input type="hidden" name="data[namespace]" value="' . ( ( $response['namespace'] ) ? $response['namespace'] : 'false' ) . '" />
+ − 2220
<input type="submit" value="Return to ACL editor" /> <input type="submit" name="data[act_go_stage1]" value="Return to user/scope selection" />
+ − 2221
' . $formend . '
+ − 2222
</div>';
+ − 2223
break;
+ − 2224
case 'seltarget':
+ − 2225
if ( $response['type'] == 'edit' )
+ − 2226
{
+ − 2227
echo '<h3>Editing permissions</h3>';
+ − 2228
}
+ − 2229
else
+ − 2230
{
+ − 2231
echo '<h3>Create new rule</h3>';
+ − 2232
}
+ − 2233
$type = ( $response['target_type'] == ACL_TYPE_GROUP ) ? 'group' : 'user';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2234
$scope = ( $response['page_id'] ) ? ( $response['namespace'] == '__PageGroup' ? 'this group of pages' : 'this page' ) : 'this entire site';
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 2235
echo 'This panel allows you to edit what the ' . $type . ' "' . $response['target_name'] . '" can do on <b>' . $scope . '</b>. Unless you set a permission to "Deny", these permissions may be overridden by other rules.';
1
+ − 2236
echo $formstart;
+ − 2237
$parser = $template->makeParserText( $response['template']['acl_field_begin'] );
+ − 2238
echo $parser->run();
+ − 2239
$parser = $template->makeParserText( $response['template']['acl_field_item'] );
+ − 2240
$cls = 'row2';
+ − 2241
foreach ( $response['acl_types'] as $acl_type => $value )
+ − 2242
{
+ − 2243
$vars = Array(
+ − 2244
'FIELD_DENY_CHECKED' => '',
+ − 2245
'FIELD_DISALLOW_CHECKED' => '',
+ − 2246
'FIELD_WIKIMODE_CHECKED' => '',
+ − 2247
'FIELD_ALLOW_CHECKED' => '',
+ − 2248
);
+ − 2249
$cls = ( $cls == 'row1' ) ? 'row2' : 'row1';
+ − 2250
$vars['ROW_CLASS'] = $cls;
+ − 2251
+ − 2252
switch ( $response['current_perms'][$acl_type] )
+ − 2253
{
+ − 2254
case AUTH_ALLOW:
+ − 2255
$vars['FIELD_ALLOW_CHECKED'] = 'checked="checked"';
+ − 2256
break;
+ − 2257
case AUTH_WIKIMODE:
+ − 2258
$vars['FIELD_WIKIMODE_CHECKED'] = 'checked="checked"';
+ − 2259
break;
+ − 2260
case AUTH_DISALLOW:
+ − 2261
default:
+ − 2262
$vars['FIELD_DISALLOW_CHECKED'] = 'checked="checked"';
+ − 2263
break;
+ − 2264
case AUTH_DENY:
+ − 2265
$vars['FIELD_DENY_CHECKED'] = 'checked="checked"';
+ − 2266
break;
+ − 2267
}
+ − 2268
$vars['FIELD_NAME'] = 'data[perms][' . $acl_type . ']';
+ − 2269
$vars['FIELD_DESC'] = $response['acl_descs'][$acl_type];
+ − 2270
$parser->assign_vars($vars);
+ − 2271
echo $parser->run();
+ − 2272
}
+ − 2273
$parser = $template->makeParserText( $response['template']['acl_field_end'] );
+ − 2274
echo $parser->run();
+ − 2275
echo '<div style="margin: 10px auto 0 0; text-align: right;">
+ − 2276
<input name="data[mode]" value="save_' . $response['type'] . '" type="hidden" />
+ − 2277
<input type="hidden" name="data[page_id]" value="' . (( $response['page_id'] ) ? $response['page_id'] : 'false') . '" />
+ − 2278
<input type="hidden" name="data[namespace]" value="' . (( $response['namespace'] ) ? $response['namespace'] : 'false') . '" />
+ − 2279
<input type="hidden" name="data[target_type]" value="' . $response['target_type'] . '" />
+ − 2280
<input type="hidden" name="data[target_id]" value="' . $response['target_id'] . '" />
+ − 2281
<input type="hidden" name="data[target_name]" value="' . $response['target_name'] . '" />
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2282
' . ( ( $response['type'] == 'edit' ) ? '<input type="submit" value="Save changes" /> <input type="submit" name="data[act_delete_rule]" value="Delete rule" style="color: #AA0000;" onclick="return confirm(\'Do you really want to delete this ACL rule?\');" />' : '<input type="submit" value="Create rule" />' ) . '
1
+ − 2283
</div>';
+ − 2284
echo $formend;
+ − 2285
break;
+ − 2286
case 'error':
+ − 2287
ob_end_clean();
+ − 2288
die_friendly('Error occurred', '<p>Error returned by permissions API:</p><pre>' . htmlspecialchars($response['error']) . '</pre>');
+ − 2289
break;
+ − 2290
}
+ − 2291
$ret = ob_get_contents();
+ − 2292
ob_end_clean();
+ − 2293
echo
+ − 2294
$template->getHeader() .
+ − 2295
$ret .
+ − 2296
$template->getFooter();
+ − 2297
}
+ − 2298
+ − 2299
/**
+ − 2300
* Preprocessor to turn the form-submitted data from the ACL editor into something the backend can handle
+ − 2301
* @param array The posted data
+ − 2302
* @return array
+ − 2303
* @access private
+ − 2304
*/
+ − 2305
+ − 2306
function acl_preprocess($parms)
+ − 2307
{
+ − 2308
if ( !isset($parms['mode']) )
+ − 2309
// Nothing to do
+ − 2310
return $parms;
+ − 2311
switch ( $parms['mode'] )
+ − 2312
{
+ − 2313
case 'seltarget':
+ − 2314
+ − 2315
// Who's affected?
+ − 2316
$parms['target_type'] = intval( $parms['target_type'] );
+ − 2317
$parms['target_id'] = ( $parms['target_type'] == ACL_TYPE_GROUP ) ? $parms['target_id_grp'] : $parms['target_id_user'];
+ − 2318
+ − 2319
case 'save_edit':
+ − 2320
case 'save_new':
+ − 2321
if ( isset($parms['act_delete_rule']) )
+ − 2322
{
+ − 2323
$parms['mode'] = 'delete';
+ − 2324
}
+ − 2325
+ − 2326
// Scope (just this page or entire site?)
+ − 2327
if ( $parms['scope'] == 'entire_site' || ( $parms['page_id'] == 'false' && $parms['namespace'] == 'false' ) )
+ − 2328
{
+ − 2329
$parms['page_id'] = false;
+ − 2330
$parms['namespace'] = false;
+ − 2331
}
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2332
else if ( $parms['scope'] == 'page_group' )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2333
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2334
$parms['page_id'] = $parms['pg_id'];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2335
$parms['namespace'] = '__PageGroup';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 2336
}
1
+ − 2337
+ − 2338
break;
+ − 2339
}
+ − 2340
+ − 2341
if ( isset($parms['act_go_stage1']) )
+ − 2342
{
+ − 2343
$parms = array(
+ − 2344
'mode' => 'listgroups'
+ − 2345
);
+ − 2346
}
+ − 2347
+ − 2348
return $parms;
+ − 2349
}
+ − 2350
+ − 2351
function acl_postprocess($response)
+ − 2352
{
+ − 2353
if(!isset($response['mode']))
+ − 2354
{
+ − 2355
if ( isset($response['groups']) )
+ − 2356
$response['mode'] = 'stage1';
+ − 2357
else
+ − 2358
$response = Array(
+ − 2359
'mode' => 'error',
+ − 2360
'error' => 'Invalid action passed by API backend.',
+ − 2361
);
+ − 2362
}
+ − 2363
return $response;
+ − 2364
}
+ − 2365
+ − 2366
}
+ − 2367
+ − 2368
?>