0
+ − 1
<?php
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 2
0
+ − 3
/*
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
142
ca9118d9c0f2
Rebrand as 1.0.2 (Coblynau); internal links are now parsed by RenderMan::parse_internal_links()
Dan
diff
changeset
+ − 5
* Version 1.0.2 (Coblynau)
0
+ − 6
* Copyright (C) 2006-2007 Dan Fuhry
+ − 7
*
+ − 8
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 9
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 10
*
+ − 11
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 12
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 13
*/
+ − 14
252
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 15
define('ENANO_INTERFACE_AJAX', '');
a007145a0ff6
Deprecated debugConsole and removed all calls to it. Added a lot of comments to common.php. Added support for "anonymous pages" that are created when the Enano API is loaded from an external script. Fixed missing border-bottom on Type 2 sidebar blocks in Oxygen.
Dan
diff
changeset
+ − 16
144
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 17
// fillusername should be done without the help of the rest of Enano - all we need is the DBAL
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 18
if ( isset($_GET['_mode']) && $_GET['_mode'] == 'fillusername' )
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 19
{
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 20
// setup and load a very basic, specialized instance of the Enano API
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 21
function dc_here($m) { return false; }
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 22
function dc_dump($a, $g) { return false; }
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 23
function dc_watch($n) { return false; }
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 24
function dc_start_timer($u) { return false; }
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 25
function dc_stop_timer($m) { return false; }
232
2b60c89dc27f
Fixed a few major bugs with the upgrade script and the config file not getting loaded properly due to IN_ENANO_INSTALL
Dan
diff
changeset
+ − 26
function microtime_float()
2b60c89dc27f
Fixed a few major bugs with the upgrade script and the config file not getting loaded properly due to IN_ENANO_INSTALL
Dan
diff
changeset
+ − 27
{
2b60c89dc27f
Fixed a few major bugs with the upgrade script and the config file not getting loaded properly due to IN_ENANO_INSTALL
Dan
diff
changeset
+ − 28
list($usec, $sec) = explode(" ", microtime());
2b60c89dc27f
Fixed a few major bugs with the upgrade script and the config file not getting loaded properly due to IN_ENANO_INSTALL
Dan
diff
changeset
+ − 29
return ((float)$usec + (float)$sec);
2b60c89dc27f
Fixed a few major bugs with the upgrade script and the config file not getting loaded properly due to IN_ENANO_INSTALL
Dan
diff
changeset
+ − 30
}
144
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 31
// Determine directory (special case for development servers)
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 32
if ( strpos(__FILE__, '/repo/') && file_exists('.enanodev') )
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 33
{
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 34
$filename = str_replace('/repo/', '/', __FILE__);
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 35
}
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 36
else
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 37
{
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 38
$filename = __FILE__;
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 39
}
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 40
define('ENANO_ROOT', dirname($filename));
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 41
require(ENANO_ROOT.'/includes/functions.php');
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 42
require(ENANO_ROOT.'/includes/dbal.php');
174
+ − 43
require(ENANO_ROOT.'/includes/json.php');
144
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 44
$db = new mysql();
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 45
$db->connect();
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 46
174
+ − 47
// result is sent using JSON
+ − 48
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 49
$return = Array(
+ − 50
'mode' => 'success',
+ − 51
'users_real' => Array()
+ − 52
);
+ − 53
+ − 54
// should be connected to the DB now
144
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 55
$name = (isset($_GET['name'])) ? $db->escape($_GET['name']) : false;
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 56
if ( !$name )
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 57
{
174
+ − 58
$return = array(
+ − 59
'mode' => 'error',
+ − 60
'error' => 'Invalid URI'
+ − 61
);
+ − 62
die( $json->encode($return) );
144
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 63
}
174
+ − 64
$allowanon = ( isset($_GET['allowanon']) && $_GET['allowanon'] == '1' ) ? '' : ' AND user_id > 1';
+ − 65
$q = $db->sql_query('SELECT username FROM '.table_prefix.'users WHERE lcase(username) LIKE lcase(\'%'.$name.'%\')' . $allowanon . ' ORDER BY username ASC;');
144
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 66
if ( !$q )
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 67
{
174
+ − 68
$return = array(
+ − 69
'mode' => 'error',
+ − 70
'error' => 'MySQL error selecting username data: '.addslashes(mysql_error())
+ − 71
);
+ − 72
die( $json->encode($return) );
144
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 73
}
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 74
$i = 0;
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 75
while($r = $db->fetchrow())
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 76
{
174
+ − 77
$return['users_real'][] = $r['username'];
144
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 78
$i++;
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 79
}
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 80
$db->free_result();
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 81
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 82
// all done! :-)
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 83
$db->close();
174
+ − 84
+ − 85
echo $json->encode( $return );
+ − 86
144
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 87
exit;
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 88
}
380e55865f86
Improved response time for username autofill; fix JS login box in Safari (bug surfaced only after 1.0.1)
Dan
diff
changeset
+ − 89
0
+ − 90
require('includes/common.php');
+ − 91
+ − 92
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 93
if(!isset($_GET['_mode'])) die('This script cannot be accessed directly.');
+ − 94
+ − 95
$_ob = '';
+ − 96
+ − 97
switch($_GET['_mode']) {
+ − 98
case "checkusername":
+ − 99
echo PageUtils::checkusername($_GET['name']);
+ − 100
break;
+ − 101
case "getsource":
+ − 102
$p = ( isset($_GET['pagepass']) ) ? $_GET['pagepass'] : false;
+ − 103
echo PageUtils::getsource($paths->page, $p);
+ − 104
break;
+ − 105
case "getpage":
+ − 106
// echo PageUtils::getpage($paths->page, false, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 107
$revision_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 108
$page = new PageProcessor( $paths->cpage['urlname_nons'], $paths->namespace, $revision_id );
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 109
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 110
$pagepass = ( isset($_REQUEST['pagepass']) ) ? $_REQUEST['pagepass'] : '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 111
$page->password = $pagepass;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 112
0
+ − 113
$page->send();
+ − 114
break;
+ − 115
case "savepage":
+ − 116
$summ = ( isset($_POST['summary']) ) ? $_POST['summary'] : '';
+ − 117
$minor = isset($_POST['minor']);
+ − 118
$e = PageUtils::savepage($paths->cpage['urlname_nons'], $paths->namespace, $_POST['text'], $summ, $minor);
+ − 119
if($e=='good')
+ − 120
{
+ − 121
$page = new PageProcessor($paths->cpage['urlname_nons'], $paths->namespace);
+ − 122
$page->send();
+ − 123
}
+ − 124
else
+ − 125
{
182
bf0fdec102e9
SECURITY: Fixed possible SQL injection in PageUtils page protection; general cleanup of PageUtils; blocked using Project: prefix for page URL strings
Dan
diff
changeset
+ − 126
echo '<p>Error saving the page: '.$e.'</p>';
0
+ − 127
}
+ − 128
break;
+ − 129
case "protect":
+ − 130
echo PageUtils::protect($paths->cpage['urlname_nons'], $paths->namespace, (int)$_POST['level'], $_POST['reason']);
+ − 131
break;
+ − 132
case "histlist":
+ − 133
echo PageUtils::histlist($paths->cpage['urlname_nons'], $paths->namespace);
+ − 134
break;
+ − 135
case "rollback":
+ − 136
echo PageUtils::rollback( (int)$_GET['id'] );
+ − 137
break;
+ − 138
case "comments":
+ − 139
$comments = new Comments($paths->cpage['urlname_nons'], $paths->namespace);
+ − 140
if ( isset($_POST['data']) )
+ − 141
{
+ − 142
$comments->process_json($_POST['data']);
+ − 143
}
+ − 144
else
+ − 145
{
+ − 146
die('{ "mode" : "error", "error" : "No input" }');
+ − 147
}
+ − 148
break;
+ − 149
case "rename":
+ − 150
echo PageUtils::rename($paths->cpage['urlname_nons'], $paths->namespace, $_POST['newtitle']);
+ − 151
break;
+ − 152
case "flushlogs":
+ − 153
echo PageUtils::flushlogs($paths->cpage['urlname_nons'], $paths->namespace);
+ − 154
break;
+ − 155
case "deletepage":
28
+ − 156
$reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
+ − 157
if ( empty($reason) )
+ − 158
die('Please enter a reason for deleting this page.');
+ − 159
echo PageUtils::deletepage($paths->cpage['urlname_nons'], $paths->namespace, $reason);
0
+ − 160
break;
+ − 161
case "delvote":
+ − 162
echo PageUtils::delvote($paths->cpage['urlname_nons'], $paths->namespace);
+ − 163
break;
+ − 164
case "resetdelvotes":
+ − 165
echo PageUtils::resetdelvotes($paths->cpage['urlname_nons'], $paths->namespace);
+ − 166
break;
+ − 167
case "getstyles":
+ − 168
echo PageUtils::getstyles($_GET['id']);
+ − 169
break;
+ − 170
case "catedit":
+ − 171
echo PageUtils::catedit($paths->cpage['urlname_nons'], $paths->namespace);
+ − 172
break;
+ − 173
case "catsave":
+ − 174
echo PageUtils::catsave($paths->cpage['urlname_nons'], $paths->namespace, $_POST);
+ − 175
break;
+ − 176
case "setwikimode":
+ − 177
echo PageUtils::setwikimode($paths->cpage['urlname_nons'], $paths->namespace, (int)$_GET['mode']);
+ − 178
break;
+ − 179
case "setpass":
+ − 180
echo PageUtils::setpass($paths->cpage['urlname_nons'], $paths->namespace, $_POST['password']);
+ − 181
break;
+ − 182
case "fillusername":
+ − 183
break;
+ − 184
case "fillpagename":
+ − 185
$name = (isset($_GET['name'])) ? $_GET['name'] : false;
+ − 186
if(!$name) die('userlist = new Array(); namelist = new Array(); errorstring=\'Invalid URI\'');
+ − 187
$nd = RenderMan::strToPageID($name);
+ − 188
$c = 0;
+ − 189
$u = Array();
+ − 190
$n = Array();
22
+ − 191
+ − 192
$name = sanitize_page_id($name);
+ − 193
$name = str_replace('_', ' ', $name);
+ − 194
0
+ − 195
for($i=0;$i<sizeof($paths->pages)/2;$i++)
+ − 196
{
+ − 197
if( (
+ − 198
preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['name']) ||
+ − 199
preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname']) ||
+ − 200
preg_match('#'.preg_quote($name).'(.*)#i', $paths->pages[$i]['urlname_nons']) ||
+ − 201
preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['name']) ||
+ − 202
preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname']) ||
+ − 203
preg_match('#'.preg_quote(str_replace(' ', '_', $name)).'(.*)#i', $paths->pages[$i]['urlname_nons'])
+ − 204
) &&
+ − 205
( ( $nd[1] != 'Article' && $paths->pages[$i]['namespace'] == $nd[1] ) || $nd[1] == 'Article' )
+ − 206
&& $paths->pages[$i]['visible']
+ − 207
)
+ − 208
{
+ − 209
$c++;
+ − 210
$u[] = $paths->pages[$i]['name'];
+ − 211
$n[] = $paths->pages[$i]['urlname'];
+ − 212
}
+ − 213
}
+ − 214
if($c > 0)
+ − 215
{
+ − 216
echo 'userlist = new Array(); namelist = new Array(); errorstring = false; '."\n";
+ − 217
for($i=0;$i<sizeof($u);$i++) // Can't use foreach because we need the value of $i and we need to use both $u and $n
+ − 218
{
+ − 219
echo "userlist[$i] = '".addslashes($n[$i])."';\n";
81
d7fc25acd3f3
Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate
Dan
diff
changeset
+ − 220
echo "namelist[$i] = '".addslashes(htmlspecialchars($u[$i]))."';\n";
0
+ − 221
}
+ − 222
} else {
+ − 223
die('userlist = new Array(); namelist = new Array(); errorstring=\'No page matches found.\'');
+ − 224
}
+ − 225
break;
+ − 226
case "preview":
+ − 227
echo PageUtils::genPreview($_POST['text']);
+ − 228
break;
+ − 229
case "pagediff":
+ − 230
$id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
+ − 231
$id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
+ − 232
if(!$id1 || !$id2) { echo '<p>Invalid request.</p>'; $template->footer(); break; }
+ − 233
if(!preg_match('#^([0-9]+)$#', (string)$_GET['diff1']) ||
+ − 234
!preg_match('#^([0-9]+)$#', (string)$_GET['diff2'] )) { echo '<p>SQL injection attempt</p>'; $template->footer(); break; }
+ − 235
echo PageUtils::pagediff($paths->cpage['urlname_nons'], $paths->namespace, $id1, $id2);
+ − 236
break;
+ − 237
case "jsres":
+ − 238
die('// ERROR: this section is deprecated and has moved to includes/clientside/static/enano-lib-basic.js.');
+ − 239
break;
+ − 240
case "rdns":
+ − 241
if(!$session->get_permissions('mod_misc')) die('Go somewhere else for your reverse DNS info!');
+ − 242
$ip = $_GET['ip'];
+ − 243
$rdns = gethostbyaddr($ip);
109
93ef7df77847
Added a ton of new log points for administrator actions; restructured security log view and enabled pagination for security logs; string change in ajax.php for RDNS operation failure
Dan
diff
changeset
+ − 244
if($rdns == $ip) echo 'Unable to get reverse DNS information. Perhaps the DNS server is down or the PTR record no longer exists.';
0
+ − 245
else echo $rdns;
+ − 246
break;
+ − 247
case 'acljson':
+ − 248
$parms = ( isset($_POST['acl_params']) ) ? rawurldecode($_POST['acl_params']) : false;
+ − 249
echo PageUtils::acl_json($parms);
+ − 250
break;
29
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 251
case "change_theme":
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 252
if ( !isset($_POST['theme_id']) || !isset($_POST['style_id']) )
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 253
{
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 254
die('Invalid input');
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 255
}
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 256
if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme_id']) || !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style_id']) )
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 257
{
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 258
die('Invalid input');
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 259
}
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 260
if ( !file_exists(ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css') )
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 261
{
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 262
die('Can\'t find theme file: ' . ENANO_ROOT . '/themes/' . $_POST['theme_id'] . '/css/' . $_POST['style_id'] . '.css');
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 263
}
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 264
if ( !$session->user_logged_in )
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 265
{
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 266
die('You must be logged in to change your theme');
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 267
}
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 268
// Just in case something slipped through...
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 269
$theme_id = $db->escape($_POST['theme_id']);
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 270
$style_id = $db->escape($_POST['style_id']);
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 271
$e = $db->sql_query('UPDATE ' . table_prefix . "users SET theme='$theme_id', style='$style_id' WHERE user_id=$session->user_id;");
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 272
if ( !$e )
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 273
die( $db->get_error() );
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 274
die('GOOD');
e5484a9e0818
Rewrote change theme dialog; a few minor stability fixes here and there; fixed IE + St Patty background image
Dan
diff
changeset
+ − 275
break;
76
+ − 276
case 'get_tags':
+ − 277
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
+ − 278
+ − 279
$ret = array('tags' => array(), 'user_level' => $session->user_level, 'can_add' => $session->get_permissions('tag_create'));
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 280
$q = $db->sql_query('SELECT t.tag_id, t.tag_name, pg.pg_target IS NOT NULL AS used_in_acl, t.user FROM '.table_prefix.'tags AS t
76
+ − 281
LEFT JOIN '.table_prefix.'page_groups AS pg
+ − 282
ON ( ( pg.pg_type = ' . PAGE_GRP_TAGGED . ' AND pg.pg_target=t.tag_name ) OR ( pg.pg_type IS NULL AND pg.pg_target IS NULL ) )
+ − 283
WHERE t.page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND t.namespace=\'' . $db->escape($paths->namespace) . '\';');
+ − 284
if ( !$q )
+ − 285
$db->_die();
+ − 286
+ − 287
while ( $row = $db->fetchrow() )
+ − 288
{
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 289
$can_del = true;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 290
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 291
$perm = ( $row['user'] != $session->user_id ) ?
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 292
'tag_delete_other' :
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 293
'tag_delete_own';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 294
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 295
if ( $row['user'] == 1 && !$session->user_logged_in )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 296
// anonymous user trying to delete tag (hardcode blacklisted)
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 297
$can_del = false;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 298
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 299
if ( !$session->get_permissions($perm) )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 300
$can_del = false;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 301
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 302
if ( $row['used_in_acl'] == 1 && !$session->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 303
$can_del = false;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 304
76
+ − 305
$ret['tags'][] = array(
+ − 306
'id' => $row['tag_id'],
+ − 307
'name' => $row['tag_name'],
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 308
'can_del' => $can_del,
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 309
'acl' => ( $row['used_in_acl'] == 1 )
76
+ − 310
);
+ − 311
}
+ − 312
+ − 313
echo $json->encode($ret);
+ − 314
+ − 315
break;
80
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 316
case 'addtag':
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 317
$json = new Services_JSON(SERVICES_JSON_LOOSE_TYPE);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 318
$resp = array(
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 319
'success' => false,
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 320
'error' => 'No error',
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 321
'can_del' => ( $session->get_permissions('tag_delete_own') && $session->user_logged_in ),
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 322
'in_acl' => false
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 323
);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 324
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 325
// first of course, are we allowed to tag pages?
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 326
if ( !$session->get_permissions('tag_create') )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 327
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 328
$resp['error'] = 'You are not permitted to tag pages.';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 329
die($json->encode($resp));
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 330
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 331
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 332
// sanitize the tag name
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 333
$tag = sanitize_tag($_POST['tag']);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 334
$tag = $db->escape($tag);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 335
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 336
if ( strlen($tag) < 2 )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 337
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 338
$resp['error'] = 'Tags must consist of at least 2 alphanumeric characters.';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 339
die($json->encode($resp));
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 340
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 341
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 342
// check if tag is already on page
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 343
$q = $db->sql_query('SELECT 1 FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->cpage['urlname_nons']) . '\' AND namespace=\'' . $db->escape($paths->namespace) . '\' AND tag_name=\'' . $tag . '\';');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 344
if ( !$q )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 345
$db->_die();
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 346
if ( $db->numrows() > 0 )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 347
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 348
$resp['error'] = 'This page already has this tag.';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 349
die($json->encode($resp));
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 350
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 351
$db->free_result();
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 352
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 353
// tricky: make sure this tag isn't being used in some page group, and thus adding it could affect page access
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 354
$can_edit_acl = ( $session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN );
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 355
$q = $db->sql_query('SELECT 1 FROM '.table_prefix.'page_groups WHERE pg_type=' . PAGE_GRP_TAGGED . ' AND pg_target=\'' . $tag . '\';');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 356
if ( !$q )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 357
$db->_die();
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 358
if ( $db->numrows() > 0 && !$can_edit_acl )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 359
{
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 360
$resp['error'] = 'This tag is used in an ACL page group, and thus can\'t be added to a page by people without administrator privileges.';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 361
die($json->encode($resp));
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 362
}
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 363
$resp['in_acl'] = ( $db->numrows() > 0 );
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 364
$db->free_result();
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 365
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 366
// we're good
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 367
$q = $db->sql_query('INSERT INTO '.table_prefix.'tags(tag_name,page_id,namespace,user) VALUES(\'' . $tag . '\', \'' . $db->escape($paths->cpage['urlname_nons']) . '\', \'' . $db->escape($paths->namespace) . '\', ' . $session->user_id . ');');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 368
if ( !$q )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 369
$db->_die();
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 370
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 371
$resp['success'] = true;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 372
$resp['tag'] = $tag;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 373
$resp['tag_id'] = $db->insert_id();
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 374
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 375
echo $json->encode($resp);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 376
break;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 377
case 'deltag':
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 378
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 379
$tag_id = intval($_POST['tag_id']);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 380
if ( empty($tag_id) )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 381
die('Invalid tag ID');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 382
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 383
$q = $db->sql_query('SELECT t.tag_id, t.user, t.page_id, t.namespace, pg.pg_target IS NOT NULL AS used_in_acl FROM '.table_prefix.'tags AS t
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 384
LEFT JOIN '.table_prefix.'page_groups AS pg
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 385
ON ( pg.pg_id IS NULL OR ( pg.pg_target = t.tag_name AND pg.pg_type = ' . PAGE_GRP_TAGGED . ' ) )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 386
WHERE t.tag_id=' . $tag_id . ';');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 387
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 388
if ( !$q )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 389
$db->_die();
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 390
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 391
if ( $db->numrows() < 1 )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 392
die('Could not find a tag with that ID');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 393
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 394
$row = $db->fetchrow();
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 395
$db->free_result();
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 396
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 397
if ( $row['page_id'] == $paths->cpage['urlname_nons'] && $row['namespace'] == $paths->namespace )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 398
$perms =& $session;
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 399
else
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 400
$perms = $session->fetch_page_acl($row['page_id'], $row['namespace']);
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 401
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 402
$perm = ( $row['user'] != $session->user_id ) ?
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 403
'tag_delete_other' :
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 404
'tag_delete_own';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 405
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 406
if ( $row['user'] == 1 && !$session->user_logged_in )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 407
// anonymous user trying to delete tag (hardcode blacklisted)
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 408
die('You are not authorized to delete this tag.');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 409
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 410
if ( !$perms->get_permissions($perm) )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 411
die('You are not authorized to delete this tag.');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 412
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 413
if ( $row['used_in_acl'] == 1 && !$perms->get_permissions('edit_acl') && $session->user_level < USER_LEVEL_ADMIN )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 414
die('You are not authorized to delete this tag.');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 415
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 416
// We're good
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 417
$q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE tag_id = ' . $tag_id . ';');
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 418
if ( !$q )
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 419
$db->_die();
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 420
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 421
echo 'success';
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 422
cb7dde69c301
Improved and enabled HTML optimization algorithm; enabled gzip compression; added but did not test at all the tag cloud class in includes/tagcloud.php, this is still very preliminary and not ready for any type of production use
Dan
diff
changeset
+ − 423
break;
118
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 424
case 'ping':
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 425
echo 'pong';
0c5efda996bf
Added keep-alive function to admin panel (had been planned for some time) and a new hook, template_var_init_end
Dan
diff
changeset
+ − 426
break;
0
+ − 427
default:
+ − 428
die('Hacking attempt');
+ − 429
break;
+ − 430
}
+ − 431
+ − 432
?>