1
+ − 1
<?php
+ − 2
/*
+ − 3
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
16
+ − 4
* Version 1.0 release candidate 3 (Druid)
1
+ − 5
* pageprocess.php - intelligent retrieval of pages
+ − 6
* Copyright (C) 2006-2007 Dan Fuhry
+ − 7
*
+ − 8
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 9
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 10
*
+ − 11
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 12
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 13
*/
+ − 14
+ − 15
/**
+ − 16
* Class to handle fetching page text (possibly from a cache) and formatting it.
+ − 17
* @package Enano
+ − 18
* @subpackage UI
+ − 19
* @copyright 2007 Dan Fuhry
+ − 20
* @license GNU General Public License <http://www.gnu.org/licenses/gpl.html>
+ − 21
*/
+ − 22
+ − 23
class PageProcessor
+ − 24
{
+ − 25
+ − 26
/**
+ − 27
* Page ID and namespace of the page handled by this instance
+ − 28
* @var string
+ − 29
*/
+ − 30
+ − 31
var $page_id;
+ − 32
var $namespace;
+ − 33
+ − 34
/**
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 35
* Unsanitized page ID.
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 36
* @var string
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 37
*/
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 38
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 39
var $page_id_unclean;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 40
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 41
/**
1
+ − 42
* Tracks if the page we're loading exists in the database or not.
+ − 43
* @var bool
+ − 44
*/
+ − 45
+ − 46
var $page_exists = false;
+ − 47
+ − 48
/**
+ − 49
* Permissions!
+ − 50
* @var object
+ − 51
*/
+ − 52
+ − 53
var $perms = null;
+ − 54
+ − 55
/**
+ − 56
* Switch to track if redirects are allowed. Defaults to true.
+ − 57
* @var bool
+ − 58
*/
+ − 59
+ − 60
var $allow_redir = true;
+ − 61
+ − 62
/**
+ − 63
* If this is set to true, this will call the header and footer funcs on $template when render() is called.
+ − 64
* @var bool
+ − 65
*/
+ − 66
+ − 67
var $send_headers = false;
+ − 68
+ − 69
/**
+ − 70
* Cache the fetched text so we don't fetch it from the DB twice.
+ − 71
* @var string
+ − 72
*/
+ − 73
+ − 74
var $text_cache = '';
+ − 75
+ − 76
/**
+ − 77
* Debugging information to track errors. You can set enable to false to disable sending debug information.
+ − 78
* @var array
+ − 79
*/
+ − 80
+ − 81
var $debug = array(
+ − 82
'enable' => true,
+ − 83
'works' => false
+ − 84
);
+ − 85
+ − 86
/**
+ − 87
* Constructor.
+ − 88
* @param string The page ID (urlname) of the page
+ − 89
* @param string The namespace of the page
+ − 90
*/
+ − 91
+ − 92
function __construct( $page_id, $namespace )
+ − 93
{
+ − 94
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 95
+ − 96
// See if we can get some debug info
+ − 97
if ( function_exists('debug_backtrace') && $this->debug['enable'] )
+ − 98
{
+ − 99
$this->debug['works'] = true;
+ − 100
$this->debug['backtrace'] = enano_debug_print_backtrace(true);
+ − 101
}
+ − 102
+ − 103
// First things first - check page existence and permissions
+ − 104
+ − 105
if ( !isset($paths->nslist[$namespace]) )
+ − 106
{
+ − 107
$this->send_error('The namespace "' . htmlspecialchars($namespace) . '" does not exist.');
+ − 108
}
+ − 109
+ − 110
$this->_setup( $page_id, $namespace );
+ − 111
+ − 112
}
+ − 113
+ − 114
/**
+ − 115
* The main method to send the page content. Also responsible for checking permissions.
+ − 116
*/
+ − 117
+ − 118
function send()
+ − 119
{
+ − 120
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 121
if ( !$this->perms->get_permissions('read') )
+ − 122
{
+ − 123
$this->err_access_denied();
+ − 124
return false;
+ − 125
}
+ − 126
if ( $this->namespace == 'Special' || $this->namespace == 'Admin' )
+ − 127
{
+ − 128
if ( !$this->page_exists )
+ − 129
{
+ − 130
redirect( makeUrl(getConfig('main_page')), 'Can\'t find special page', 'The special or administration page you requested does not exist. You will now be transferred to the main page.', 2 );
+ − 131
}
+ − 132
$func_name = "page_{$this->namespace}_{$this->page_id}";
+ − 133
if ( function_exists($func_name) )
+ − 134
{
+ − 135
return @call_user_func($func_name);
+ − 136
}
+ − 137
else
+ − 138
{
+ − 139
$title = 'Page backend not found';
+ − 140
$message = "The administration page you are looking for was properly registered using the page API, but the backend function
+ − 141
(<tt>$fname</tt>) was not found. If this is a plugin page, then this is almost certainly a bug with the plugin.";
+ − 142
+ − 143
if ( $this->send_headers )
+ − 144
{
+ − 145
$template->tpl_strings['PAGE_NAME'] = $title;
+ − 146
$template->header();
+ − 147
echo "<p>$message</p>";
+ − 148
$template->footer();
+ − 149
}
+ − 150
else
+ − 151
{
+ − 152
echo "<h2>$title</h2>
+ − 153
<p>$message</p>";
+ − 154
}
+ − 155
return false;
+ − 156
}
+ − 157
}
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 158
else if ( $this->namespace == 'User' )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 159
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 160
$this->_handle_userpage();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 161
}
1
+ − 162
else if ( ( $this->namespace == 'Template' || $this->namespace == 'System' ) && $this->page_exists )
+ − 163
{
+ − 164
$this->header();
+ − 165
+ − 166
$text = $this->fetch_text();
+ − 167
$text = preg_replace('/<noinclude>(.*?)<\/noinclude>/is', '\\1', $text);
+ − 168
$text = preg_replace('/<nodisplay>(.*?)<\/nodisplay>/is', '', $text);
+ − 169
+ − 170
$text = RenderMan::render( $text );
+ − 171
+ − 172
echo $text;
+ − 173
+ − 174
$this->footer();
+ − 175
+ − 176
}
+ − 177
else if ( !$this->page_exists )
+ − 178
{
+ − 179
// Perhaps this is hooked?
+ − 180
ob_start();
+ − 181
+ − 182
$code = $plugins->setHook('page_not_found');
+ − 183
foreach ( $code as $cmd )
+ − 184
{
+ − 185
eval($cmd);
+ − 186
}
+ − 187
+ − 188
$ob = ob_get_contents();
+ − 189
+ − 190
if ( empty($ob) )
+ − 191
{
+ − 192
$this->err_page_not_existent();
+ − 193
}
+ − 194
}
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 195
else // (disabled for compatibility reasons) if ( in_array($this->namespace, array('Article', 'User', 'Project', 'Help', 'File', 'Category')) && $this->page_exists )
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 196
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 197
// Send as regular page
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 198
$text = $this->fetch_text();
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 199
if ( $text == 'err_no_text_rows' )
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 200
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 201
$this->err_no_rows();
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 202
return false;
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 203
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 204
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 205
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 206
$this->render();
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 207
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 208
}
1
+ − 209
}
+ − 210
+ − 211
/**
+ − 212
* Sets internal variables.
+ − 213
* @access private
+ − 214
*/
+ − 215
+ − 216
function _setup($page_id, $namespace)
+ − 217
{
+ − 218
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 219
+ − 220
$page_id_cleaned = sanitize_page_id($page_id);
+ − 221
+ − 222
$this->page_id = $page_id_cleaned;
+ − 223
$this->namespace = $namespace;
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 224
$this->page_id_unclean = dirtify_page_id($page_id);
1
+ − 225
+ − 226
$this->perms = $session->fetch_page_acl( $page_id, $namespace );
+ − 227
+ − 228
// Exception for Admin: pages
+ − 229
if ( $this->namespace == 'Admin' )
+ − 230
{
+ − 231
$fname = "page_Admin_{$this->page_id}";
+ − 232
}
+ − 233
+ − 234
// Does the page "exist"?
4
+ − 235
if ( $paths->cpage['urlname_nons'] == $page_id && $paths->namespace == $namespace && !$paths->page_exists && ( $this->namespace != 'Admin' || ($this->namespace == 'Admin' && !function_exists($fname) ) ) )
1
+ − 236
{
+ − 237
$this->page_exists = false;
+ − 238
}
+ − 239
else if ( !isset( $paths->pages[ $paths->nslist[$namespace] . $page_id ] ) && ( $this->namespace == 'Admin' && !function_exists($fname) ) )
+ − 240
{
+ − 241
$this->page_exists = false;
+ − 242
}
+ − 243
else
+ − 244
{
+ − 245
$this->page_exists = true;
+ − 246
}
+ − 247
}
+ − 248
+ − 249
/**
+ − 250
* Renders it all in one go, and echoes it out. This assumes that the text is in the DB.
+ − 251
* @access private
+ − 252
*/
+ − 253
+ − 254
function render()
+ − 255
{
+ − 256
$text = $this->fetch_text();
+ − 257
+ − 258
$this->header();
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 259
if ( $this->send_headers )
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 260
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 261
display_page_headers();
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 262
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 263
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 264
$text = '?>' . RenderMan::render($text);
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 265
// echo('<pre>'.htmlspecialchars($text).'</pre>');
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 266
eval ( $text );
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 267
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 268
if ( $this->send_headers )
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 269
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 270
display_page_footers();
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 271
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 272
1
+ − 273
$this->footer();
+ − 274
}
+ − 275
+ − 276
/**
+ − 277
* Sends the page header, dependent on, of course, whether we're supposed to.
+ − 278
*/
+ − 279
+ − 280
function header()
+ − 281
{
+ − 282
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 283
if ( $this->send_headers )
+ − 284
$template->header();
+ − 285
}
+ − 286
+ − 287
/**
+ − 288
* Sends the page footer, dependent on, of course, whether we're supposed to.
+ − 289
*/
+ − 290
+ − 291
function footer()
+ − 292
{
+ − 293
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 294
if ( $this->send_headers )
+ − 295
$template->footer();
+ − 296
}
+ − 297
+ − 298
/**
+ − 299
* Fetches the raw, unfiltered page text.
+ − 300
* @access public
+ − 301
*/
+ − 302
+ − 303
function fetch_text()
+ − 304
{
+ − 305
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 306
+ − 307
if ( !empty($this->text_cache) )
+ − 308
{
+ − 309
return $this->text_cache;
+ − 310
}
+ − 311
+ − 312
$q = $db->sql_query('SELECT page_text, char_tag FROM '.table_prefix.'page_text WHERE page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\';');
+ − 313
if ( !$q )
+ − 314
{
+ − 315
$this->send_error('Error during SQL query.', true);
+ − 316
}
+ − 317
if ( $db->numrows() < 1 )
+ − 318
{
+ − 319
$this->page_exists = false;
+ − 320
return 'err_no_text_rows';
+ − 321
}
+ − 322
+ − 323
$row = $db->fetchrow();
+ − 324
$db->free_result();
+ − 325
+ − 326
if ( !empty($row['char_tag']) )
+ − 327
{
+ − 328
// This page text entry uses the old text-escaping format
+ − 329
$from = array(
+ − 330
"{APOS:{$row['char_tag']}}",
+ − 331
"{QUOT:{$row['char_tag']}}",
+ − 332
"{SLASH:{$row['char_tag']}}"
+ − 333
);
+ − 334
$to = array("'", '"', '\\');
+ − 335
$row['page_text'] = str_replace($from, $to, $row['page_text']);
+ − 336
}
+ − 337
+ − 338
$this->text_cache = $row['page_text'];
+ − 339
+ − 340
return $row['page_text'];
+ − 341
+ − 342
}
+ − 343
+ − 344
/**
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 345
* Handles the extra overhead required for user pages.
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 346
* @access private
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 347
*/
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 348
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 349
function _handle_userpage()
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 350
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 351
global $db, $session, $paths, $template, $plugins; // Common objects
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 352
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 353
if ( $this->page_id == $paths->cpage['urlname_nons'] && $this->namespace == $paths->namespace )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 354
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 355
$page_name = ( isset($paths->cpage['name']) ) ? $paths->cpage['name'] : $this->page_id;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 356
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 357
else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 358
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 359
$page_name = ( isset($paths->pages[$this->page_id]) ) ? $paths->pages[$this->page_id]['name'] : $this->page_id;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 360
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 361
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 362
if ( $page_name == str_replace('_', ' ', $this->page_id) || $page_name == $paths->nslist['User'] . str_replace('_', ' ', $this->page_id) )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 363
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 364
$target_username = strtr($page_name,
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 365
Array(
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 366
'_' => ' ',
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 367
'<' => '<',
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 368
'>' => '>'
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 369
));
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 370
$target_username = preg_replace('/^' . preg_quote($paths->nslist['User']) . '/', '', $target_username);
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 371
$page_name = "$target_username's user page";
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 372
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 373
else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 374
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 375
// User has a custom title for their userpage
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 376
$page_name = $paths->pages[ $paths->nslist[$this->namespace] . $this->page_id ]['name'];
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 377
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 378
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 379
$template->tpl_strings['PAGE_NAME'] = htmlspecialchars($page_name);
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 380
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 381
$this->header();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 382
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 383
if ( $send_headers )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 384
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 385
display_page_headers();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 386
}
16
+ − 387
+ − 388
/*
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 389
// Start left sidebar: basic user info, latest comments
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 390
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 391
echo '<table border="0" cellspacing="4" cellpadding="0" style="width: 100%;">';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 392
echo '<tr><td style="width: 150px;">';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 393
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 394
echo '<div class="tblholder">
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 395
<table border="0" cellspacing="1" cellpadding="4">';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 396
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 397
// Main part of sidebar
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 398
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 399
echo ' </table>
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 400
</div>';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 401
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 402
echo '</td><td>';
16
+ − 403
*/
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 404
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 405
// User's own content
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 406
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 407
$send_headers = $this->send_headers;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 408
$this->send_headers = false;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 409
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 410
if ( $this->page_exists )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 411
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 412
$this->render();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 413
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 414
else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 415
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 416
$this->err_page_not_existent();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 417
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 418
16
+ − 419
/*
+ − 420
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 421
// Right sidebar
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 422
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 423
echo '</td><td style="width: 150px;">';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 424
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 425
echo '<div class="tblholder">
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 426
<table border="0" cellspacing="1" cellpadding="4">';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 427
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 428
// Main part of sidebar
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 429
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 430
echo ' </table>
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 431
</div>';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 432
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 433
echo '</tr></table>';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 434
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 435
if ( $send_headers )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 436
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 437
display_page_footers();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 438
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 439
16
+ − 440
*/
+ − 441
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 442
$this->send_headers = $send_headers;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 443
unset($send_headers);
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 444
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 445
$this->footer();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 446
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 447
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 448
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 449
/**
1
+ − 450
* Send the error message to the user that the access to this page is denied.
+ − 451
* @access private
+ − 452
*/
+ − 453
+ − 454
function err_access_denied()
+ − 455
{
+ − 456
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 457
+ − 458
$ob = '';
+ − 459
$template->tpl_strings['PAGE_NAME'] = 'Access denied';
+ − 460
+ − 461
if ( $this->send_headers )
+ − 462
{
+ − 463
$ob .= $template->getHeader();
+ − 464
}
+ − 465
+ − 466
$ob .= '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>';
+ − 467
+ − 468
if ( $this->send_headers )
+ − 469
{
+ − 470
$ob .= $template->getFooter();
+ − 471
}
+ − 472
echo $ob;
+ − 473
}
+ − 474
+ − 475
/**
+ − 476
* Send the error message to the user complaining that there weren't any rows.
+ − 477
* @access private
+ − 478
*/
+ − 479
+ − 480
function err_no_rows()
+ − 481
{
+ − 482
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 483
+ − 484
$title = 'No text rows';
+ − 485
$message = 'While the page\'s existence was verified, there were no rows in the database that matched the query for the text. This may indicate a bug with the software; ask the webmaster for more information. The offending query was:<pre>' . $db->latest_query . '</pre>';
+ − 486
if ( $this->send_headers )
+ − 487
{
+ − 488
$template->tpl_strings['PAGE_NAME'] = $title;
+ − 489
$template->header();
+ − 490
echo "<p>$message</p>";
+ − 491
$template->footer();
+ − 492
}
+ − 493
else
+ − 494
{
+ − 495
echo "<h2>$title</h2>
+ − 496
<p>$message</p>";
+ − 497
}
+ − 498
}
+ − 499
+ − 500
/**
+ − 501
* Tell the user the page doesn't exist, and present them with their options.
+ − 502
* @access private
+ − 503
*/
+ − 504
+ − 505
function err_page_not_existent()
+ − 506
{
+ − 507
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 508
+ − 509
$this->header();
+ − 510
header('HTTP/1.1 404 Not Found');
+ − 511
echo '<h3>There is no page with this title yet.</h3>
+ − 512
<p>You have requested a page that doesn\'t exist yet.';
+ − 513
if ( $session->get_permissions('create_page') )
+ − 514
{
+ − 515
echo ' You can <a href="'.makeUrlNS($this->namespace, $this->page_id, 'do=edit', true).'" onclick="ajaxEditor(); return false;">create this page</a>, or return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.';
+ − 516
}
+ − 517
else
+ − 518
{
+ − 519
echo ' Return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.</p>';
+ − 520
}
+ − 521
if ( $session->get_permissions('history_rollback') )
+ − 522
{
+ − 523
$e = $db->sql_query('SELECT * FROM ' . table_prefix . 'logs WHERE action=\'delete\' AND page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\' ORDER BY time_id DESC;');
+ − 524
if ( !$e )
+ − 525
{
+ − 526
$db->_die('The deletion log could not be selected.');
+ − 527
}
+ − 528
if ( $db->numrows() > 0 )
+ − 529
{
+ − 530
$r = $db->fetchrow();
+ − 531
echo '<p>This page also appears to have some log entries in the database - it seems that it was deleted on ' . $r['date_string'] . '. You can probably <a href="'.makeUrl($paths->page, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">roll back</a> the deletion.</p>';
+ − 532
}
+ − 533
$db->free_result();
+ − 534
}
+ − 535
echo '<p>
+ − 536
HTTP Error: 404 Not Found
+ − 537
</p>';
+ − 538
$this->footer();
+ − 539
}
+ − 540
+ − 541
/**
+ − 542
* PHP 4 constructor.
+ − 543
* @see PageProcessor::__construct()
+ − 544
*/
+ − 545
+ − 546
function PageProcessor( $page_id, $namespace )
+ − 547
{
+ − 548
$this->__construct($page_id, $namespace);
+ − 549
}
+ − 550
+ − 551
/**
+ − 552
* Send an error message and die
+ − 553
* @var string Error message
+ − 554
* @var bool If true, send DBAL's debugging information as well
+ − 555
*/
+ − 556
+ − 557
function send_error($message, $sql = false)
+ − 558
{
+ − 559
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 560
+ − 561
$content = "<p>$message</p>";
+ − 562
$template->tpl_strings['PAGE_NAME'] = 'General error in page fetcher';
+ − 563
+ − 564
if ( $this->debug['works'] )
+ − 565
{
+ − 566
$content .= $this->debug['backtrace'];
+ − 567
}
+ − 568
+ − 569
header('HTTP/1.1 500 Internal Server Error');
+ − 570
+ − 571
$template->header();
+ − 572
echo $content;
+ − 573
$template->footer();
+ − 574
+ − 575
$db->close();
+ − 576
+ − 577
exit;
+ − 578
+ − 579
}
+ − 580
+ − 581
} // class PageProcessor
+ − 582
+ − 583
?>