# HG changeset patch # User Dan # Date 1232320302 18000 # Node ID c9a95a6c551f299745b95808aafa64859cd2bdb2 # Parent 6f030150b1717ad2065a780e4723ad436ac5c623# Parent 21973500191c6b595fb1592cdc1428935d35f92c Re-merged 1.0.6 tag diff -r 21973500191c -r c9a95a6c551f includes/clientside/css/enano-shared.css --- a/includes/clientside/css/enano-shared.css Sat Jan 17 12:08:28 2009 -0500 +++ b/includes/clientside/css/enano-shared.css Sun Jan 18 18:11:42 2009 -0500 @@ -190,62 +190,6 @@ div.search-lobar { background-color: #E5EFFF; margin: 0; padding: 5px; } /* - * Search box - */ - -input.js-search-box { - font-size: 13px; - margin: 0; - padding: 1px !important; - background-image: url(../../../images/search-box-normal.gif); - height: 15px; - background-repeat: repeat-x; - border-width: 1px; - border-style: solid; - border-color: #6c6c6c; - color: #C0C0C0; -} - -input.js-search-box:focus { - background-image: url(../../../images/search-box-hilite.gif); - color: #666; -} - -div.js-search-submit { - display: block; - position: absolute; - width: 24px; - height: 19px; - font-size: 1px; - line-height: 19px; - clip: rect(0px, 24px, 19px, 0px); - overflow: hidden; - margin: 0; - padding: 0; - background: transparent url(../../../images/search-btn-normal.png) no-repeat !important; - background-repeat: no-repeat; - cursor: pointer; -} - -div.js-search-submit:hover { - background-image: url(../../../images/search-btn-hilite.png); -} - -input[type ^="text"].username, input[type ^="password"].password { - padding: 2px 2px 2px 27px; - width: 96px; - height: 15px; - border: 0px none #000; - font-size: 11px; -} -input[type ^="text"].username { - background-image: url(../../../images/login-username.png); -} -input[type ^="password"].password { - background-image: url(../../../images/login-password.png); -} - -/* * jBox menu system */ diff -r 21973500191c -r c9a95a6c551f includes/pageprocess.php --- a/includes/pageprocess.php Sat Jan 17 12:08:28 2009 -0500 +++ b/includes/pageprocess.php Sun Jan 18 18:11:42 2009 -0500 @@ -165,6 +165,11 @@ $this->err_access_denied(); return false; } + if ( $this->revision_id > 0 && !$this->perms->get_permissions('history_view') ) + { + $this->err_access_denied(); + return false; + } $pathskey = $paths->nslist[ $this->namespace ] . $this->page_id; $strict_no_headers = false; if ( isset($paths->pages[$pathskey]) ) diff -r 21973500191c -r c9a95a6c551f includes/pageutils.php --- a/includes/pageutils.php Sat Jan 17 12:08:28 2009 -0500 +++ b/includes/pageutils.php Sun Jan 18 18:11:42 2009 -0500 @@ -1451,6 +1451,8 @@ if(!$e) $db->_die('The page entry could not be deleted.'); $e = $db->sql_query('DELETE FROM ' . table_prefix.'files WHERE page_id=\'' . $page_id . '\''); if(!$e) $db->_die('The file entry could not be deleted.'); + $e = $db->sql_query('DELETE FROM ' . table_prefix.'acl WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $namespace . '\''); + if(!$e) $db->_die('The ACL entries associated with the page could not be deleted.'); return('This page has been deleted. Note that there is still a log of edits and actions in the database, and anyone with admin rights can raise this page from the dead unless the log is cleared. If the deleted file is an image, there may still be cached thumbnails of it in the cache/ directory, which is inaccessible to users.'); } diff -r 21973500191c -r c9a95a6c551f plugins/SpecialAdmin.php --- a/plugins/SpecialAdmin.php Sat Jan 17 12:08:28 2009 -0500 +++ b/plugins/SpecialAdmin.php Sun Jan 18 18:11:42 2009 -0500 @@ -1431,6 +1431,7 @@ 'DELETE FROM '.table_prefix.'comments WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', 'DELETE FROM '.table_prefix.'logs WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', 'DELETE FROM '.table_prefix.'page_text WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', + 'DELETE FROM '.table_prefix.'acl WHERE page_id=\'' . $db->escape($_POST['old_page_id']) . '\' AND namespace=\'' . $db->escape($_POST['old_namespace']) . '\';', ); foreach($q as $cq) { @@ -2626,11 +2627,11 @@

@@ -2643,6 +2644,10 @@

+ This block type is for textual content. This could be information, a random fact, or some other blob of fully formatted text. Links show up inline, + not as a list. +

+

Wikitext:

@@ -2652,6 +2657,13 @@

+ This block type is for links. Use wikilinks (both internal and external are supported) to build a list of links. All links will be shown block-style, + or one link per line. You can use logic in these blocks as well: +

+ 
{if user_logged_in}
+  [[Special:Preferences|User control panel]]
+{/if}
+

Template code:

@@ -2661,6 +2673,10 @@

+ This block type is for textual content. HTML you use here will not be filtered or parsed at all - it will be displayed verbatim. This gives you + slightly more control over your content but you can't use wikilinks or other wikitext in here. +

+

HTML to place inside the sidebar:

@@ -2674,18 +2690,18 @@

WARNING: If you don't know what you're doing, or if you are not fluent in PHP, stop now and choose a different block type. You will brick your Enano installation if you are not careful here. - ALWAYS remember to write secure code! The Enano team is not responsible if someone drops all your tables because of an SQL injection vulnerability in your sidebar code. You are probably better off using the template-formatted block type. + ALWAYS remember to write secure code! The Enano team is not responsible if someone drops all your tables because of an SQL injection vulnerability in your sidebar code. You are probably better off using the links and logic block type.

- It is especially important to note that this code is NOT checked for errors! If there is a syntax error in your code here, it will prevent any pages from loading AT ALL. So you need to use an external PHP editor (like jEdit) to check your syntax before you hit save. + It is especially important to note that the syntax of your code is not validated here. If there is a syntax error in your code here, it might prevent Enano from working properly. It is recommended that you use an external PHP editor (like jEdit) to check your syntax before you hit save. You have been warned.

Also, you should avoid using output buffering functions (ob_[start|end|get_contents|clean]) here, because Enano uses those to track output from this script.

- The standard <?php and ?> tags work here. Don't use an initial "<?php" or it will cause a parse error. + The standard <?php and ?> tags work here, but don't use an initial "<?php" or it will cause a parse error.

PHP code: