1
+ − 1
/*
+ − 2
* AJAX applets
+ − 3
*/
+ − 4
+ − 5
function ajaxGet(uri, f) {
+ − 6
if (window.XMLHttpRequest) {
+ − 7
ajax = new XMLHttpRequest();
+ − 8
} else {
+ − 9
if (window.ActiveXObject) {
+ − 10
ajax = new ActiveXObject("Microsoft.XMLHTTP");
+ − 11
} else {
+ − 12
alert('Enano client-side runtime error: No AJAX support, unable to continue');
+ − 13
return;
+ − 14
}
+ − 15
}
+ − 16
ajax.onreadystatechange = f;
+ − 17
ajax.open('GET', uri, true);
+ − 18
ajax.setRequestHeader( "If-Modified-Since", "Sat, 1 Jan 2000 00:00:00 GMT" );
+ − 19
ajax.send(null);
+ − 20
}
+ − 21
+ − 22
function ajaxPost(uri, parms, f) {
+ − 23
if (window.XMLHttpRequest) {
+ − 24
ajax = new XMLHttpRequest();
+ − 25
} else {
+ − 26
if (window.ActiveXObject) {
+ − 27
ajax = new ActiveXObject("Microsoft.XMLHTTP");
+ − 28
} else {
+ − 29
alert('Enano client-side runtime error: No AJAX support, unable to continue');
+ − 30
return;
+ − 31
}
+ − 32
}
+ − 33
ajax.onreadystatechange = f;
+ − 34
ajax.open('POST', uri, true);
+ − 35
ajax.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+ − 36
ajax.setRequestHeader("Content-length", parms.length);
+ − 37
ajax.setRequestHeader("Connection", "close");
+ − 38
ajax.send(parms);
+ − 39
}
+ − 40
+ − 41
function ajaxEscape(text)
+ − 42
{
+ − 43
text = escape(text);
+ − 44
text = text.replace(/\+/g, '%2B', text);
+ − 45
return text;
+ − 46
}
+ − 47
+ − 48
// Page editor
+ − 49
+ − 50
function ajaxEditor() {
+ − 51
setAjaxLoading();
+ − 52
ajaxGet(stdAjaxPrefix+'&_mode=getsource', function() {
+ − 53
if(ajax.readyState == 4) {
+ − 54
unsetAjaxLoading();
+ − 55
if(edit_open) {
+ − 56
c=confirm('Do you really want to revert your changes?');
+ − 57
if(!c) return;
+ − 58
}
+ − 59
edit_open = true;
+ − 60
selectButtonMajor('article');
+ − 61
selectButtonMinor('edit');
+ − 62
if(in_array('ajaxEditArea', grippied_textareas))
+ − 63
{
+ − 64
// Allow the textarea grippifier to re-create the resizer control on the textarea
+ − 65
grippied_textareas.pop(in_array('ajaxEditArea', grippied_textareas));
+ − 66
}
+ − 67
disableUnload('If you do, any changes that you have made to this page will be lost.');
+ − 68
var switcher = ( readCookie('enano_editor_mode') == 'tinymce' ) ?
+ − 69
'<a href="#" onclick="setEditorText(); return false;">wikitext editor</a> | graphical editor' :
+ − 70
'wikitext editor | <a href="#" onclick="setEditorMCE(); return false;">graphical editor</a>' ;
+ − 71
document.getElementById('ajaxEditContainer').innerHTML = '\
+ − 72
<div id="mdgPreviewContainer"></div> \
+ − 73
<span id="switcher">' + switcher + '</span><br />\
+ − 74
<form name="mdgAjaxEditor" method="get" action="#" onsubmit="ajaxSavePage(); return false;">\
+ − 75
<textarea id="ajaxEditArea" rows="20" cols="60" style="display: block; margin: 1em 0 1em 1em; width: 96.5%;">'+ajax.responseText+'</textarea><br />\
+ − 76
Edit summary: <input id="ajaxEditSummary" size="40" /><br />\
+ − 77
<input id="ajaxEditMinor" name="minor" type="checkbox" /> <label for="ajaxEditMinor">This is a minor edit</label><br />\
+ − 78
<a href="#" onclick="void(ajaxSavePage()); return false;">save changes</a> | <a href="#" onclick="void(ajaxShowPreview()); return false;">preview changes</a> | <a href="#" onclick="void(ajaxEditor()); return false;">revert changes</a> | <a href="#" onclick="void(ajaxDiscard()); return false;">discard changes</a> | <a href="#" onclick="ajaxWikiEditHelp(); return false;">formatting help</a>\
+ − 79
<br />\
+ − 80
'+editNotice+'\
+ − 81
</form>';
+ − 82
// initTextareas();
+ − 83
if(readCookie('enano_editor_mode') == 'tinymce')
+ − 84
{
+ − 85
$('ajaxEditArea').switchToMCE();
+ − 86
}
+ − 87
}
+ − 88
});
+ − 89
}
+ − 90
+ − 91
function setEditorMCE()
+ − 92
{
+ − 93
$('ajaxEditArea').switchToMCE();
+ − 94
createCookie('enano_editor_mode', 'tinymce', 365);
+ − 95
$('switcher').object.innerHTML = '<a href="#" onclick="setEditorText(); return false;">wikitext editor</a> | graphical editor';
+ − 96
}
+ − 97
+ − 98
function setEditorText()
+ − 99
{
+ − 100
$('ajaxEditArea').destroyMCE();
+ − 101
createCookie('enano_editor_mode', 'text', 365);
+ − 102
$('switcher').object.innerHTML = 'wikitext editor | <a href="#" onclick="setEditorMCE(); return false;">graphical editor</a>';
+ − 103
}
+ − 104
+ − 105
function ajaxViewSource() {
+ − 106
setAjaxLoading();
+ − 107
ajaxGet(stdAjaxPrefix+'&_mode=getsource', function() {
+ − 108
if(ajax.readyState == 4) {
+ − 109
unsetAjaxLoading();
+ − 110
if(edit_open) {
+ − 111
c=confirm('Do you really want to revert your changes?');
+ − 112
if(!c) return;
+ − 113
}
+ − 114
edit_open = true;
+ − 115
selectButtonMajor('article');
+ − 116
selectButtonMinor('edit');
+ − 117
if(in_array('ajaxEditArea', grippied_textareas))
+ − 118
{
+ − 119
// Allow the textarea grippifier to re-create the resizer control on the textarea
+ − 120
grippied_textareas.pop(in_array('ajaxEditArea', grippied_textareas));
+ − 121
}
+ − 122
document.getElementById('ajaxEditContainer').innerHTML = '\
+ − 123
<form method="get" action="#" onsubmit="ajaxSavePage(); return false;">\
+ − 124
<textarea readonly="readonly" id="ajaxEditArea" rows="20" cols="60" style="display: block; margin: 1em 0 1em 1em; width: 96.5%;">'+ajax.responseText+'</textarea><br />\
+ − 125
<a href="#" onclick="void(ajaxReset()); return false;">close viewer</a>\
+ − 126
</form>';
+ − 127
initTextareas();
+ − 128
}
+ − 129
});
+ − 130
}
+ − 131
+ − 132
function ajaxShowPreview()
+ − 133
{
+ − 134
goBusy('Loading preview...');
+ − 135
var text = ajaxEscape($('ajaxEditArea').getContent());
+ − 136
if(document.mdgAjaxEditor.minor.checked) minor='&minor';
+ − 137
else minor='';
+ − 138
ajaxPost(stdAjaxPrefix+'&_mode=preview', 'summary='+document.getElementById('ajaxEditSummary').value+minor+'&text='+text, function() {
+ − 139
if(ajax.readyState == 4) {
+ − 140
unBusy();
+ − 141
edit_open = false;
+ − 142
document.getElementById('mdgPreviewContainer').innerHTML = ajax.responseText;
+ − 143
}
+ − 144
});
+ − 145
}
+ − 146
+ − 147
function ajaxSavePage() {
+ − 148
goBusy('Saving page...');
+ − 149
var text = ajaxEscape($('ajaxEditArea').getContent());
+ − 150
if(document.mdgAjaxEditor.minor.checked) minor='&minor';
+ − 151
else minor='';
+ − 152
ajaxPost(stdAjaxPrefix+'&_mode=savepage', 'summary='+document.getElementById('ajaxEditSummary').value+minor+'&text='+text, function() {
+ − 153
if(ajax.readyState == 4) {
+ − 154
unBusy();
+ − 155
edit_open = false;
+ − 156
document.getElementById('ajaxEditContainer').innerHTML = ajax.responseText;
+ − 157
enableUnload();
+ − 158
unselectAllButtonsMinor();
+ − 159
}
+ − 160
});
+ − 161
}
+ − 162
+ − 163
function ajaxDiscard() {
+ − 164
c = confirm('Do you really want to discard your changes?');
+ − 165
if(!c) return;
+ − 166
ajaxReset();
+ − 167
}
+ − 168
+ − 169
function ajaxReset() {
+ − 170
enableUnload();
+ − 171
setAjaxLoading();
+ − 172
ajaxGet(stdAjaxPrefix+'&_mode=getpage&noheaders', function() {
+ − 173
if(ajax.readyState == 4) {
+ − 174
unsetAjaxLoading();
+ − 175
edit_open = false;
+ − 176
document.getElementById('ajaxEditContainer').innerHTML = ajax.responseText;
+ − 177
selectButtonMajor('article');
+ − 178
unselectAllButtonsMinor();
+ − 179
}
+ − 180
});
+ − 181
}
+ − 182
+ − 183
// Miscellaneous AJAX applets
+ − 184
+ − 185
function ajaxProtect(l) {
+ − 186
if(shift) {
+ − 187
r = 'NO_REASON';
+ − 188
} else {
+ − 189
r = prompt('Reason for (un)protecting:');
+ − 190
if(!r || r=='') return;
+ − 191
}
+ − 192
setAjaxLoading();
+ − 193
document.getElementById('protbtn_0').style.textDecoration = 'none';
+ − 194
document.getElementById('protbtn_1').style.textDecoration = 'none';
+ − 195
document.getElementById('protbtn_2').style.textDecoration = 'none';
+ − 196
document.getElementById('protbtn_'+l).style.textDecoration = 'underline';
+ − 197
ajaxPost(stdAjaxPrefix+'&_mode=protect', 'reason='+escape(r)+'&level='+l, function() {
+ − 198
if(ajax.readyState == 4) {
+ − 199
unsetAjaxLoading();
+ − 200
if(ajax.responseText != 'good')
+ − 201
alert(ajax.responseText);
+ − 202
}
+ − 203
});
+ − 204
}
+ − 205
+ − 206
function ajaxRename() {
+ − 207
r = prompt('What title should this page be renamed to?\nNote: This does not and will never change the URL of this page, that must be done from the admin panel.');
+ − 208
if(!r || r=='') return;
+ − 209
setAjaxLoading();
+ − 210
ajaxPost(stdAjaxPrefix+'&_mode=rename', 'newtitle='+escape(r), function() {
+ − 211
if(ajax.readyState == 4) {
+ − 212
unsetAjaxLoading();
+ − 213
alert(ajax.responseText);
+ − 214
}
+ − 215
});
+ − 216
}
+ − 217
+ − 218
function ajaxMakePage() {
+ − 219
setAjaxLoading();
+ − 220
ajaxPost(ENANO_SPECIAL_CREATEPAGE, ENANO_CREATEPAGE_PARAMS, function() {
+ − 221
if(ajax.readyState == 4) {
+ − 222
unsetAjaxLoading();
+ − 223
window.location.reload();
+ − 224
}
+ − 225
});
+ − 226
}
+ − 227
+ − 228
function ajaxDeletePage() {
+ − 229
c = confirm('You are about to DESTROY this page. Do you REALLY want to do this?');
+ − 230
if(!c) return;
+ − 231
c = confirm('You\'re ABSOLUTELY sure???');
+ − 232
if(!c) return;
+ − 233
setAjaxLoading();
+ − 234
ajaxGet(stdAjaxPrefix+'&_mode=deletepage', function() {
+ − 235
if(ajax.readyState == 4) {
+ − 236
unsetAjaxLoading();
+ − 237
alert(ajax.responseText);
+ − 238
window.location.reload();
+ − 239
}
+ − 240
});
+ − 241
}
+ − 242
+ − 243
function ajaxDelVote() {
+ − 244
c = confirm('Are you sure that you want to vote that this page be deleted?');
+ − 245
if(!c) return;
+ − 246
setAjaxLoading();
+ − 247
ajaxGet(stdAjaxPrefix+'&_mode=delvote', function() {
+ − 248
if(ajax.readyState == 4) {
+ − 249
unsetAjaxLoading();
+ − 250
alert(ajax.responseText);
+ − 251
}
+ − 252
});
+ − 253
}
+ − 254
+ − 255
function ajaxResetDelVotes() {
+ − 256
c = confirm('This will reset the number of votes against this page to zero. Do you really want to do this?');
+ − 257
if(!c) return;
+ − 258
setAjaxLoading();
+ − 259
ajaxGet(stdAjaxPrefix+'&_mode=resetdelvotes', function() {
+ − 260
if(ajax.readyState == 4) {
+ − 261
unsetAjaxLoading();
+ − 262
alert(ajax.responseText);
+ − 263
item = document.getElementById('mdgDeleteVoteNoticeBox');
+ − 264
if(item)
+ − 265
{
+ − 266
opacity('mdgDeleteVoteNoticeBox', 100, 0, 1000);
+ − 267
setTimeout("document.getElementById('mdgDeleteVoteNoticeBox').style.display = 'none';", 1000);
+ − 268
}
+ − 269
}
+ − 270
});
+ − 271
}
+ − 272
+ − 273
function ajaxSetWikiMode(val) {
+ − 274
setAjaxLoading();
+ − 275
document.getElementById('wikibtn_0').style.textDecoration = 'none';
+ − 276
document.getElementById('wikibtn_1').style.textDecoration = 'none';
+ − 277
document.getElementById('wikibtn_2').style.textDecoration = 'none';
+ − 278
document.getElementById('wikibtn_'+val).style.textDecoration = 'underline';
+ − 279
ajaxGet(stdAjaxPrefix+'&_mode=setwikimode&mode='+val, function() {
+ − 280
if(ajax.readyState == 4) {
+ − 281
unsetAjaxLoading();
+ − 282
if(ajax.responseText!='GOOD')
+ − 283
{
+ − 284
alert(ajax.responseText);
+ − 285
}
+ − 286
}
+ − 287
});
+ − 288
}
+ − 289
+ − 290
// Editing/saving category information
+ − 291
// This was not easy to write, I hope enjoy it, and dang I swear I'm gonna
+ − 292
// find someone to work on just the Javascript part of Enano...
+ − 293
+ − 294
function ajaxCatEdit() {
+ − 295
setAjaxLoading();
+ − 296
ajaxGet(stdAjaxPrefix+'&_mode=catedit', function() {
+ − 297
if(ajax.readyState == 4) {
+ − 298
unsetAjaxLoading();
+ − 299
edit_open = false;
+ − 300
eval(ajax.responseText);
+ − 301
}
+ − 302
});
+ − 303
}
+ − 304
+ − 305
function ajaxCatSave()
+ − 306
{
+ − 307
if(!catlist)
+ − 308
{
+ − 309
alert('Var catlist has no properties');
+ − 310
return;
+ − 311
}
+ − 312
query='';
+ − 313
for(i=0;i<catlist.length;i++)
+ − 314
{
+ − 315
l = 'if(document.forms.mdgCatForm.mdgCat_'+catlist[i]+'.checked) s = true; else s = false;';
+ − 316
eval(l);
+ − 317
if(s) query = query + '&' + catlist[i] + '=true';
+ − 318
}
+ − 319
setAjaxLoading();
+ − 320
query = query.substring(1, query.length);
+ − 321
ajaxPost(stdAjaxPrefix+'&_mode=catsave', query, function() {
+ − 322
if(ajax.readyState == 4) {
+ − 323
unsetAjaxLoading();
+ − 324
edit_open = false;
+ − 325
if(ajax.responseText != 'GOOD') alert(ajax.responseText);
+ − 326
ajaxReset();
+ − 327
}
+ − 328
});
+ − 329
}
+ − 330
+ − 331
// History stuff
+ − 332
+ − 333
function ajaxHistory() {
+ − 334
setAjaxLoading();
+ − 335
ajaxGet(stdAjaxPrefix+'&_mode=histlist', function() {
+ − 336
if(ajax.readyState == 4) {
+ − 337
unsetAjaxLoading();
+ − 338
edit_open = false;
+ − 339
selectButtonMajor('article');
+ − 340
selectButtonMinor('history');
+ − 341
document.getElementById('ajaxEditContainer').innerHTML = ajax.responseText;
+ − 342
buildDiffList();
+ − 343
}
+ − 344
});
+ − 345
}
+ − 346
+ − 347
function ajaxHistView(oldid, tit) {
+ − 348
if(!tit) tit=title;
+ − 349
setAjaxLoading();
+ − 350
ajaxGet(append_sid(scriptPath+'/ajax.php?title='+tit+'&_mode=getpage&oldid='+oldid), function() {
+ − 351
if(ajax.readyState == 4) {
+ − 352
unsetAjaxLoading();
+ − 353
edit_open = false;
+ − 354
document.getElementById('ajaxEditContainer').innerHTML = ajax.responseText;
+ − 355
}
+ − 356
});
+ − 357
}
+ − 358
+ − 359
function ajaxRollback(id) {
+ − 360
setAjaxLoading();
+ − 361
ajaxGet(stdAjaxPrefix+'&_mode=rollback&id='+id, function() {
+ − 362
if(ajax.readyState == 4) {
+ − 363
unsetAjaxLoading();
+ − 364
alert(ajax.responseText);
+ − 365
}
+ − 366
});
+ − 367
}
+ − 368
+ − 369
function ajaxClearLogs() {
+ − 370
c = confirm('You are about to DESTROY all log entries for this page. As opposed to (example) deleting this page, this action is completely IRREVERSIBLE and should not be used except in dire circumstances. Do you REALLY want to do this?');
+ − 371
if(!c) return;
+ − 372
c = confirm('You\'re ABSOLUTELY sure???');
+ − 373
if(!c) return;
+ − 374
setAjaxLoading();
+ − 375
ajaxGet(stdAjaxPrefix+'&_mode=flushlogs', function() {
+ − 376
if(ajax.readyState == 4) {
+ − 377
unsetAjaxLoading();
+ − 378
alert(ajax.responseText);
+ − 379
window.location.reload();
+ − 380
}
+ − 381
});
+ − 382
}
+ − 383
+ − 384
var timelist;
+ − 385
+ − 386
function buildDiffList()
+ − 387
{
+ − 388
arrDiff1Buttons = getElementsByClassName(document, 'input', 'clsDiff1Radio');
+ − 389
arrDiff2Buttons = getElementsByClassName(document, 'input', 'clsDiff2Radio');
+ − 390
var len = arrDiff1Buttons.length;
+ − 391
if ( len < 1 )
+ − 392
return false;
+ − 393
timelist = new Array();
+ − 394
for ( var i = 0; i < len; i++ )
+ − 395
{
+ − 396
timelist.push( arrDiff2Buttons[i].id.substr(6) );
+ − 397
}
+ − 398
timelist.push( arrDiff1Buttons[len-1].id.substr(6) );
+ − 399
delete(timelist.toJSONString);
+ − 400
for ( var i = 1; i < timelist.length-1; i++ )
+ − 401
{
+ − 402
if ( i >= timelist.length ) break;
+ − 403
arrDiff2Buttons[i].style.display = 'none';
+ − 404
}
+ − 405
}
+ − 406
+ − 407
function selectDiff1Button(obj)
+ − 408
{
+ − 409
var this_time = obj.id.substr(6);
+ − 410
var index = parseInt(in_array(this_time, timelist));
+ − 411
for ( var i = 0; i < timelist.length - 1; i++ )
+ − 412
{
+ − 413
if ( i < timelist.length - 1 )
+ − 414
{
+ − 415
var state = ( i < index ) ? 'inline' : 'none';
+ − 416
var id = 'diff2_' + timelist[i];
+ − 417
document.getElementById(id).style.display = state;
+ − 418
+ − 419
// alert("Debug:\nIndex: "+index+"\nState: "+state+"\ni: "+i);
+ − 420
}
+ − 421
}
+ − 422
}
+ − 423
+ − 424
function selectDiff2Button(obj)
+ − 425
{
+ − 426
var this_time = obj.id.substr(6);
+ − 427
var index = parseInt(in_array(this_time, timelist));
+ − 428
for ( var i = 1; i < timelist.length; i++ )
+ − 429
{
+ − 430
if ( i < timelist.length - 1 )
+ − 431
{
+ − 432
var state = ( i > index ) ? 'inline' : 'none';
+ − 433
var id = 'diff1_' + timelist[i];
+ − 434
document.getElementById(id).style.display = state;
+ − 435
+ − 436
// alert("Debug:\nIndex: "+index+"\nState: "+state+"\ni: "+i);
+ − 437
}
+ − 438
}
+ − 439
}
+ − 440
+ − 441
function ajaxHistDiff()
+ − 442
{
+ − 443
var id1=false;
+ − 444
var id2=false;
+ − 445
for ( i = 0; i < arrDiff1Buttons.length; i++ )
+ − 446
{
+ − 447
k = i + '';
+ − 448
kpp = i + 1;
+ − 449
kpp = kpp + '';
+ − 450
if(arrDiff1Buttons[k].checked) id1 = arrDiff1Buttons[k].id.substr(6);
+ − 451
if(arrDiff2Buttons[k].checked) id2 = arrDiff2Buttons[k].id.substr(6);
+ − 452
}
+ − 453
if(!id1 || !id2) { alert('BUG: Couldn\'t get checked radiobutton state'); return; }
+ − 454
setAjaxLoading();
+ − 455
ajaxGet(stdAjaxPrefix+'&_mode=pagediff&diff1='+id1+'&diff2='+id2, function()
+ − 456
{
+ − 457
if(ajax.readyState==4)
+ − 458
{
+ − 459
unsetAjaxLoading();
+ − 460
document.getElementById('ajaxEditContainer').innerHTML = ajax.responseText;
+ − 461
}
+ − 462
});
+ − 463
}
+ − 464
+ − 465
// Change the user's preferred style/theme
+ − 466
+ − 467
function ajaxChangeStyle()
+ − 468
{
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 469
var inner_html = '';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 470
inner_html += '';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 471
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 472
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 473
/*
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 474
function ajaxChangeStyle()
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 475
{
1
+ − 476
var win = document.getElementById("cn2");
+ − 477
win.innerHTML = ' \
+ − 478
<form action="'+ENANO_SPECIAL_CHANGESTYLE+'" onsubmit="jws.closeWin(\'root2\');" method="post" style="text-align: center"> \
+ − 479
<h3>Select a theme...</h3>\
+ − 480
<select id="mdgThemeID" name="theme" onchange="ajaxGetStyles(this.value);"> \
+ − 481
'+ENANO_THEME_LIST+' \
+ − 482
</select> \
+ − 483
<div id="styleSelector"></div>\
+ − 484
<br /><br />\
+ − 485
<input type="hidden" name="return_to" value="'+title+'" />\
+ − 486
<input id="styleSubmitter" type="submit" style="display: none; font-weight: bold" value="Change theme" /> \
+ − 487
<input type="button" value="Cancel" onclick="jws.closeWin(\'root2\');" /> \
+ − 488
</form> \
+ − 489
';
+ − 490
ajaxGetStyles(ENANO_CURRENT_THEME);
+ − 491
jws.openWin('root2', 340, 300);
+ − 492
}
+ − 493
+ − 494
function ajaxGetStyles(id) {
+ − 495
setAjaxLoading();
+ − 496
ajaxGet(stdAjaxPrefix+'&_mode=getstyles&id='+id, function() {
+ − 497
if(ajax.readyState == 4) {
+ − 498
unsetAjaxLoading();
+ − 499
eval(ajax.responseText);
+ − 500
html = '<h3>And a style...</h3><select id="mdgStyleID" name="style">';
+ − 501
for(i=0;i<list.length;i++) {
+ − 502
lname = list[i].substr(0, 1).toUpperCase() + list[i].substr(1, list[i].length);
+ − 503
html = html + '<option value="'+list[i]+'">'+lname+'</option>';
+ − 504
}
+ − 505
html = html + '</select>';
+ − 506
document.getElementById('styleSelector').innerHTML = html;
+ − 507
document.getElementById('styleSubmitter').style.display = 'inline';
+ − 508
}
+ − 509
});
+ − 510
}
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 511
*/
1
+ − 512
+ − 513
function ajaxSwapCSS() {
+ − 514
setAjaxLoading();
+ − 515
if(_css) {
+ − 516
document.getElementById('mdgCss').href = main_css;
+ − 517
_css = false;
+ − 518
} else {
+ − 519
document.getElementById('mdgCss').href = print_css;
+ − 520
_css = true;
+ − 521
}
+ − 522
unsetAjaxLoading();
+ − 523
menuOff();
+ − 524
}
+ − 525
+ − 526
function ajaxSetPassword()
+ − 527
{
+ − 528
pass = hex_sha1(document.getElementById('mdgPassSetField').value);
+ − 529
setAjaxLoading();
+ − 530
ajaxPost(stdAjaxPrefix+'&_mode=setpass', 'password='+pass, function()
+ − 531
{
+ − 532
unsetAjaxLoading();
+ − 533
if(ajax.readyState==4)
+ − 534
{
+ − 535
alert(ajax.responseText);
+ − 536
}
+ − 537
}
+ − 538
);
+ − 539
}
+ − 540
+ − 541
function ajaxWikiEditHelp()
+ − 542
{
+ − 543
jws.openWin('root3', 640, 480);
+ − 544
setAjaxLoading();
+ − 545
ajaxGet(stdAjaxPrefix+'&_mode=wikihelp', function() {
+ − 546
if(ajax.readyState==4)
+ − 547
{
+ − 548
unsetAjaxLoading();
+ − 549
document.getElementById('cn3').innerHTML = ajax.responseText;
+ − 550
}
+ − 551
});
+ − 552
}
+ − 553
+ − 554
function ajaxStartLogin()
+ − 555
{
+ − 556
ajaxPromptAdminAuth(function(k) {
+ − 557
window.location.reload();
+ − 558
}, 2);
+ − 559
}
+ − 560
+ − 561
function ajaxAdminPage()
+ − 562
{
+ − 563
if ( auth_level < USER_LEVEL_ADMIN )
+ − 564
{
+ − 565
ajaxPromptAdminAuth(function(k) {
+ − 566
ENANO_SID = k;
+ − 567
auth_level = USER_LEVEL_ADMIN;
+ − 568
var loc = String(window.location + '');
+ − 569
window.location = append_sid(loc);
+ − 570
var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'PageManager&source=ajax&page_id=' + ajaxEscape(title));
+ − 571
if ( (ENANO_SID + ' ').length > 1 )
+ − 572
window.location = loc;
+ − 573
}, 9);
+ − 574
return false;
+ − 575
}
+ − 576
var loc = makeUrlNS('Special', 'Administration', 'module=' + namespace_list['Admin'] + 'PageManager&source=ajax&page_id=' + ajaxEscape(title));
+ − 577
window.location = loc;
+ − 578
}
+ − 579
11
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 580
function ajaxDisableEmbeddedPHP()
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 581
{
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 582
if ( !confirm('Are you really sure you want to do this? Some pages might not function if this emergency-only feature is activated.') )
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 583
return false;
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 584
var $killdiv = $dynano('php_killer');
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 585
if ( !$killdiv.object )
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 586
{
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 587
alert('Can\'t get kill div object');
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 588
return false;
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 589
}
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 590
$killdiv.object.innerHTML = '<img alt="Loading..." src="' + scriptPath + '/images/loading-big.gif" /><br />Making request...';
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 591
var url = makeUrlNS('Admin', 'Home', 'src=ajax');
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 592
ajaxPost(url, 'act=kill_php', function() {
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 593
if ( ajax.readyState == 4 )
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 594
{
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 595
if ( ajax.responseText == '1' )
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 596
{
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 597
var $killdiv = $dynano('php_killer');
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 598
//$killdiv.object.innerHTML = '<img alt="Success" src="' + scriptPath + '/images/error.png" /><br />Embedded PHP in pages has been disabled.';
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 599
$killdiv.object.parentNode.removeChild($killdiv.object);
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 600
var newdiv = document.createElement('div');
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 601
// newdiv.style = $killdiv.object.style;
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 602
newdiv.className = $killdiv.object.className;
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 603
newdiv.innerHTML = '<img alt="Success" src="' + scriptPath + '/images/error.png" /><br />Embedded PHP in pages has been disabled.';
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 604
$killdiv.object.parentNode.appendChild(newdiv);
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 605
$killdiv.object.parentNode.removeChild($killdiv.object);
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 606
}
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 607
else
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 608
{
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 609
var $killdiv = $dynano('php_killer');
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 610
$killdiv.object.innerHTML = ajax.responseText;
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 611
}
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 612
}
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 613
});
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 614
}
ccad6026a168
Finalized permissions on files and directories; adding PHP shutoff button (actual shutoff not implemented)
Dan
diff
changeset
+ − 615