0
+ − 1
<?php
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 2
166
+ − 3
/*
0
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
1081
745200a9cc2a
Fixed some upgrade bugs; added support for choosing one's own date/time formats; rebrand as 1.1.7
Dan
diff
changeset
+ − 5
* Copyright (C) 2006-2009 Dan Fuhry
0
+ − 6
*
+ − 7
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 8
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 9
*
+ − 10
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 11
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 12
*
246
+ − 13
* @package Enano
+ − 14
* @subpackage Frontend
0
+ − 15
*/
246
+ − 16
1082
+ − 17
define('ENANO_INTERFACE_INDEX', '');
+ − 18
+ − 19
// start up Enano
+ − 20
require('includes/common.php');
+ − 21
+ − 22
// decide on HTML compacting
+ − 23
$aggressive_optimize_html = !defined('ENANO_DEBUG') && !isset($_GET['nocompress']);
+ − 24
+ − 25
// Set up gzip encoding before any output is sent
+ − 26
global $do_gzip;
+ − 27
// FIXME: make this configurable
+ − 28
$do_gzip = !defined('ENANO_DEBUG');
+ − 29
+ − 30
error_reporting(E_ALL);
+ − 31
+ − 32
if($aggressive_optimize_html || $do_gzip)
+ − 33
{
+ − 34
ob_start();
+ − 35
}
+ − 36
+ − 37
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 38
$page_timestamp = time();
+ − 39
+ − 40
if ( !isset($_GET['do']) )
+ − 41
{
+ − 42
$_GET['do'] = 'view';
+ − 43
}
+ − 44
switch($_GET['do'])
+ − 45
{
+ − 46
default:
+ − 47
$code = $plugins->setHook('page_action');
0
+ − 48
ob_start();
1082
+ − 49
foreach ( $code as $cmd )
+ − 50
{
+ − 51
eval($cmd);
+ − 52
}
+ − 53
if ( $contents = ob_get_contents() )
+ − 54
{
+ − 55
ob_end_clean();
+ − 56
echo $contents;
+ − 57
}
+ − 58
else
+ − 59
{
+ − 60
die_friendly('Invalid action', '<p>The action "'.htmlspecialchars($_GET['do']).'" is not defined. Return to <a href="'.makeUrl($paths->page).'">viewing this page\'s text</a>.</p>');
+ − 61
}
+ − 62
break;
+ − 63
case 'view':
+ − 64
// echo PageUtils::getpage($paths->page, true, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false ));
+ − 65
$rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
+ − 66
$page = new PageProcessor( $paths->page_id, $paths->namespace, $rev_id );
+ − 67
// Feed this PageProcessor to the template processor. This prevents $template from starting another
+ − 68
// PageProcessor when we already have one going.
+ − 69
$template->set_page($page);
+ − 70
$page->send_headers = true;
+ − 71
$page->allow_redir = ( !isset($_GET['redirect']) || (isset($_GET['redirect']) && $_GET['redirect'] !== 'no') );
+ − 72
$pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : '';
+ − 73
$page->password = $pagepass;
+ − 74
$page->send(true);
+ − 75
$page_timestamp = $page->revision_time;
+ − 76
break;
+ − 77
case 'comments':
+ − 78
$output->header();
+ − 79
require_once(ENANO_ROOT.'/includes/pageutils.php');
+ − 80
$sub = ( isset ($_GET['sub']) ) ? $_GET['sub'] : false;
+ − 81
switch($sub)
+ − 82
{
+ − 83
case 'admin':
+ − 84
default:
+ − 85
$act = ( isset ($_GET['action']) ) ? $_GET['action'] : false;
+ − 86
$id = ( isset ($_GET['id']) ) ? intval($_GET['id']) : -1;
+ − 87
echo PageUtils::comments_html($paths->page_id, $paths->namespace, $act, Array('id'=>$id));
285
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 88
break;
1082
+ − 89
case 'postcomment':
+ − 90
if(empty($_POST['name']) ||
+ − 91
empty($_POST['subj']) ||
+ − 92
empty($_POST['text'])
+ − 93
) { echo 'Invalid request'; break; }
+ − 94
$cid = ( isset($_POST['captcha_id']) ) ? $_POST['captcha_id'] : false;
+ − 95
$cin = ( isset($_POST['captcha_input']) ) ? $_POST['captcha_input'] : false;
+ − 96
+ − 97
require_once('includes/comment.php');
+ − 98
$comments = new Comments($paths->page_id, $paths->namespace);
+ − 99
+ − 100
$submission = array(
+ − 101
'mode' => 'submit',
+ − 102
'captcha_id' => $cid,
+ − 103
'captcha_code' => $cin,
+ − 104
'name' => $_POST['name'],
+ − 105
'subj' => $_POST['subj'],
+ − 106
'text' => $_POST['text'],
+ − 107
);
+ − 108
+ − 109
$result = $comments->process_json($submission);
+ − 110
if ( $result['mode'] == 'error' )
337
+ − 111
{
1082
+ − 112
echo '<div class="error-box">' . htmlspecialchars($result['error']) . '</div>';
468
+ − 113
}
+ − 114
else
+ − 115
{
1082
+ − 116
echo '<div class="info-box">' . $lang->get('comment_msg_comment_posted') . '</div>';
468
+ − 117
}
1082
+ − 118
+ − 119
echo PageUtils::comments_html($paths->page_id, $paths->namespace);
+ − 120
break;
+ − 121
case 'editcomment':
+ − 122
if(!isset($_GET['id']) || ( isset($_GET['id']) && !preg_match('#^([0-9]+)$#', $_GET['id']) )) { echo '<p>Invalid comment ID</p>'; break; }
+ − 123
$q = $db->sql_query('SELECT subject,comment_data,comment_id FROM '.table_prefix.'comments WHERE comment_id='.$_GET['id']);
+ − 124
if(!$q) $db->_die('The comment data could not be selected.');
+ − 125
$row = $db->fetchrow();
408
7ecbe721217c
Modified editor and rename functions to go through the API when rolling back. This causes rollbacks to be logged.
Dan
diff
changeset
+ − 126
$db->free_result();
1082
+ − 127
$row['subject'] = str_replace('\'', ''', $row['subject']);
+ − 128
echo '<form action="'.makeUrl($paths->page, 'do=comments&sub=savecomment').'" method="post">';
+ − 129
echo "<br /><div class='tblholder'><table border='0' width='100%' cellspacing='1' cellpadding='4'>
+ − 130
<tr><td class='row1'>" . $lang->get('comment_postform_field_subject') . "</td><td class='row1'><input type='text' name='subj' value='{$row['subject']}' /></td></tr>
+ − 131
<tr><td class='row2'>" . $lang->get('comment_postform_field_comment') . "</td><td class='row2'><textarea rows='10' cols='40' style='width: 98%;' name='text'>{$row['comment_data']}</textarea></td></tr>
+ − 132
<tr><td class='row1' colspan='2' class='row1' style='text-align: center;'><input type='hidden' name='id' value='{$row['comment_id']}' /><input type='submit' value='" . $lang->get('etc_save_changes') . "' /></td></tr>
+ − 133
</table></div>";
+ − 134
echo '</form>';
+ − 135
break;
+ − 136
case 'savecomment':
+ − 137
if(empty($_POST['subj']) || empty($_POST['text'])) { echo '<p>Invalid request</p>'; break; }
+ − 138
$r = PageUtils::savecomment_neater($paths->page_id, $paths->namespace, $_POST['subj'], $_POST['text'], (int)$_POST['id']);
+ − 139
if($r != 'good') { echo "<pre>$r</pre>"; break; }
+ − 140
echo PageUtils::comments_html($paths->page_id, $paths->namespace);
+ − 141
break;
+ − 142
case 'deletecomment':
+ − 143
if(!empty($_GET['id']))
+ − 144
{
+ − 145
PageUtils::deletecomment_neater($paths->page_id, $paths->namespace, (int)$_GET['id']);
+ − 146
}
+ − 147
echo PageUtils::comments_html($paths->page_id, $paths->namespace);
+ − 148
break;
+ − 149
}
+ − 150
$output->footer();
+ − 151
break;
+ − 152
case 'edit':
+ − 153
if(isset($_POST['_cancel']))
+ − 154
{
+ − 155
redirect(makeUrl($paths->page), '', '', 0);
+ − 156
break;
+ − 157
}
+ − 158
require_once(ENANO_ROOT.'/includes/pageutils.php');
+ − 159
if(isset($_POST['_save']))
+ − 160
{
+ − 161
$captcha_valid = true;
337
+ − 162
if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
+ − 163
{
1082
+ − 164
$captcha_valid = false;
+ − 165
if ( isset($_POST['captcha_id']) && isset($_POST['captcha_code']) )
+ − 166
{
+ − 167
$hash_correct = strtolower($session->get_captcha($_POST['captcha_id']));
+ − 168
$hash_input = strtolower($_POST['captcha_code']);
+ − 169
if ( $hash_input === $hash_correct )
+ − 170
$captcha_valid = true;
+ − 171
}
337
+ − 172
}
1082
+ − 173
if ( $captcha_valid )
160
+ − 174
{
1082
+ − 175
$e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['page_text'], $_POST['edit_summary'], isset($_POST['minor']));
+ − 176
if ( $e == 'good' )
+ − 177
{
+ − 178
redirect(makeUrl($paths->page), $lang->get('editor_msg_save_success_title'), $lang->get('editor_msg_save_success_body'), 3);
+ − 179
}
160
+ − 180
}
1082
+ − 181
}
+ − 182
$template->header();
+ − 183
if ( isset($captcha_valid) )
+ − 184
{
+ − 185
echo '<div class="usermessage">' . $lang->get('editor_err_captcha_wrong') . '</div>';
+ − 186
}
+ − 187
if(isset($_POST['_preview']))
+ − 188
{
+ − 189
$text = $_POST['page_text'];
+ − 190
$edsumm = $_POST['edit_summary'];
+ − 191
echo PageUtils::genPreview($_POST['page_text']);
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
diff
changeset
+ − 192
$text = htmlspecialchars($text);
1082
+ − 193
$revid = 0;
+ − 194
}
+ − 195
else
+ − 196
{
+ − 197
$revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0;
+ − 198
$page = new PageProcessor($paths->page_id, $paths->namespace, $revid);
+ − 199
$text = $page->fetch_source();
+ − 200
$edsumm = '';
+ − 201
// $text = RenderMan::getPage($paths->cpage['urlname_nons'], $paths->namespace, 0, false, false, false, false);
+ − 202
}
+ − 203
if ( $revid > 0 )
+ − 204
{
+ − 205
$time = $page->revision_time;
+ − 206
// Retrieve information about this revision and the current one
+ − 207
$q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1
+ − 208
LEFT JOIN ' . table_prefix . 'logs AS l2
+ − 209
ON ( l2.log_id = ' . $revid . '
+ − 210
AND l2.log_type = \'page\'
+ − 211
AND l2.action = \'edit\'
+ − 212
AND l2.page_id = \'' . $db->escape($paths->page_id) . '\'
+ − 213
AND l2.namespace = \'' . $db->escape($paths->namespace) . '\'
+ − 214
AND l1.is_draft != 1
+ − 215
)
+ − 216
WHERE l1.log_type = \'page\'
+ − 217
AND l1.action = \'edit\'
+ − 218
AND l1.page_id = \'' . $db->escape($paths->page_id) . '\'
+ − 219
AND l1.namespace = \'' . $db->escape($paths->namespace) . '\'
+ − 220
AND l1.time_id > ' . $time . '
+ − 221
AND l1.is_draft != 1
+ − 222
ORDER BY l1.time_id DESC;');
+ − 223
if ( !$q )
+ − 224
$db->die_json();
481
+ − 225
1082
+ − 226
if ( $db->numrows() > 0 )
481
+ − 227
{
1082
+ − 228
echo '<div class="usermessage">' . $lang->get('editor_msg_editing_old_revision') . '</div>';
+ − 229
+ − 230
$rev_count = $db->numrows() - 2;
+ − 231
$row = $db->fetchrow();
+ − 232
$undo_info = array(
+ − 233
'old_author' => $row['oldrev_author'],
+ − 234
'current_author' => $row['currentrev_author'],
+ − 235
'undo_count' => max($rev_count, 1),
+ − 236
'last_rev_id' => $revid
+ − 237
);
481
+ − 238
}
+ − 239
else
+ − 240
{
1082
+ − 241
$revid = 0;
481
+ − 242
}
1082
+ − 243
$db->free_result();
+ − 244
}
+ − 245
echo '
+ − 246
<form action="'.makeUrl($paths->page, 'do=edit').'" method="post" enctype="multipart/form-data">
+ − 247
<br />
+ − 248
<textarea name="page_text" rows="20" cols="60" style="width: 97%;">'.$text.'</textarea><br />
+ − 249
<br />
+ − 250
';
+ − 251
$edsumm = ( $revid > 0 ) ? $lang->get('editor_reversion_edit_summary', $undo_info) : $edsumm;
+ − 252
echo $lang->get('editor_lbl_edit_summary') . ' <input name="edit_summary" type="text" size="40" value="' . htmlspecialchars($edsumm) . '" /><br /><label><input type="checkbox" name="minor" /> ' . $lang->get('editor_lbl_minor_edit_field') . '</label><br />';
+ − 253
if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' )
+ − 254
{
+ − 255
echo '<br /><table border="0"><tr><td>';
+ − 256
echo '<b>' . $lang->get('editor_lbl_field_captcha') . '</b><br />'
+ − 257
. '<br />'
+ − 258
. $lang->get('editor_msg_captcha_pleaseenter') . '<br /><br />'
+ − 259
. $lang->get('editor_msg_captcha_blind');
+ − 260
echo '</td><td>';
+ − 261
$hash = $session->make_captcha();
+ − 262
echo '<img src="' . makeUrlNS('Special', "Captcha/$hash") . '" onclick="this.src+=\'/a\'" style="cursor: pointer;" /><br />';
+ − 263
echo '<input type="hidden" name="captcha_id" value="' . $hash . '" />';
+ − 264
echo $lang->get('editor_lbl_field_captcha_code') . ' <input type="text" name="captcha_code" value="" size="9" />';
+ − 265
echo '</td></tr></table>';
+ − 266
}
+ − 267
echo '<br />
+ − 268
<input type="submit" name="_save" value="' . $lang->get('editor_btn_save') . '" style="font-weight: bold;" />
+ − 269
<input type="submit" name="_preview" value="' . $lang->get('editor_btn_preview') . '" />
+ − 270
<input type="submit" name="_revert" value="' . $lang->get('editor_btn_revert') . '" />
+ − 271
<input type="submit" name="_cancel" value="' . $lang->get('editor_btn_cancel') . '" />
+ − 272
</form>
+ − 273
';
+ − 274
if ( getConfig('wiki_edit_notice', '0') == '1' )
+ − 275
{
+ − 276
$notice = getConfig('wiki_edit_notice_text');
+ − 277
echo RenderMan::render($notice);
+ − 278
}
+ − 279
$template->footer();
+ − 280
break;
+ − 281
case 'viewsource':
+ − 282
$template->header();
+ − 283
$text = RenderMan::getPage($paths->page_id, $paths->namespace, 0, false, false, false, false);
+ − 284
$text = htmlspecialchars($text);
+ − 285
echo '
+ − 286
<form action="'.makeUrl($paths->page, 'do=edit').'" method="post">
+ − 287
<br />
+ − 288
<textarea readonly="readonly" name="page_text" rows="20" cols="60" style="width: 97%;">'.$text.'</textarea>';
+ − 289
echo '<br />
+ − 290
<input type="submit" name="_cancel" value="' . $lang->get('editor_btn_closeviewer') . '" />
+ − 291
</form>
+ − 292
';
+ − 293
$template->footer();
+ − 294
break;
+ − 295
case 'history':
+ − 296
require_once(ENANO_ROOT.'/includes/pageutils.php');
+ − 297
$hist = PageUtils::histlist($paths->page_id, $paths->namespace);
+ − 298
$template->header();
+ − 299
echo $hist;
+ − 300
$template->footer();
+ − 301
break;
+ − 302
case 'rollback':
+ − 303
$id = (isset($_GET['id'])) ? $_GET['id'] : false;
+ − 304
if(!$id || !ctype_digit($id)) die_friendly('Invalid action ID', '<p>The URL parameter "id" is not an integer. Exiting to prevent nasties like SQL injection, etc.</p>');
+ − 305
+ − 306
$id = intval($id);
+ − 307
+ − 308
$page = new PageProcessor($paths->page_id, $paths->namespace);
+ − 309
$result = $page->rollback_log_entry($id);
+ − 310
+ − 311
if ( $result['success'] )
+ − 312
{
+ − 313
$result = $lang->get("page_msg_rb_success_{$result['action']}", array('dateline' => $result['dateline']));
+ − 314
}
+ − 315
else
+ − 316
{
+ − 317
$result = $lang->get("page_err_{$result['error']}", array('action' => @$result['action']));
+ − 318
}
+ − 319
+ − 320
$template->header();
+ − 321
echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a></p>';
+ − 322
$template->footer();
+ − 323
break;
+ − 324
case 'catedit':
+ − 325
require_once(ENANO_ROOT.'/includes/pageutils.php');
+ − 326
if(isset($_POST['__enanoSaveButton']))
+ − 327
{
+ − 328
unset($_POST['__enanoSaveButton']);
+ − 329
$val = PageUtils::catsave($paths->page_id, $paths->namespace, $_POST);
+ − 330
if($val == 'GOOD')
0
+ − 331
{
+ − 332
header('Location: '.makeUrl($paths->page)); echo '<html><head><title>Redirecting...</title></head><body>If you haven\'t been redirected yet, <a href="'.makeUrl($paths->page).'">click here</a>.'; break;
1082
+ − 333
} else {
+ − 334
die_friendly('Error saving category information', '<p>'.$val.'</p>');
0
+ − 335
}
1082
+ − 336
}
+ − 337
elseif(isset($_POST['__enanoCatCancel']))
+ − 338
{
+ − 339
header('Location: '.makeUrl($paths->page)); echo '<html><head><title>Redirecting...</title></head><body>If you haven\'t been redirected yet, <a href="'.makeUrl($paths->page).'">click here</a>.'; break;
+ − 340
}
+ − 341
$template->header();
+ − 342
$c = PageUtils::catedit_raw($paths->page_id, $paths->namespace);
+ − 343
echo $c[1];
+ − 344
$template->footer();
+ − 345
break;
+ − 346
case 'moreoptions':
+ − 347
$template->header();
+ − 348
echo '<div class="menu_nojs" style="width: 150px; padding: 0;"><ul style="display: block;"><li><div class="label">' . $lang->get('ajax_lbl_moreoptions_nojs') . '</div><div style="clear: both;"></div></li>'.$template->toolbar_menu.'</ul></div>';
+ − 349
$template->footer();
+ − 350
break;
+ − 351
case 'protect':
+ − 352
if ( !$session->sid_super )
+ − 353
{
+ − 354
redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=protect&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0);
+ − 355
}
+ − 356
+ − 357
if ( isset($_POST['level']) && isset($_POST['reason']) )
+ − 358
{
+ − 359
$level = intval($_POST['level']);
+ − 360
if ( !in_array($level, array(PROTECT_FULL, PROTECT_SEMI, PROTECT_NONE)) )
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 361
{
1082
+ − 362
$errors[] = 'bad level';
+ − 363
}
+ − 364
$reason = trim($_POST['reason']);
+ − 365
if ( empty($reason) )
+ − 366
{
+ − 367
$errors[] = $lang->get('onpage_protect_err_need_reason');
907
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 368
}
44851d7e9bda
Live Re-Auth is now required for deleting pages, editing ACLs, protecting pages, and clearing logs. Committing in a hurry as a storm is coming in, hope everything is in there.
Dan
diff
changeset
+ − 369
1082
+ − 370
$page = new PageProcessor($paths->page_id, $paths->namespace);
+ − 371
$result = $page->protect_page($level, $reason);
+ − 372
if ( $result['success'] )
+ − 373
{
+ − 374
redirect(makeUrl($paths->page), $lang->get('page_protect_lbl_success_title'), $lang->get('page_protect_lbl_success_body', array('page_link' => makeUrl($paths->page, false, true))), 3);
+ − 375
}
+ − 376
else
0
+ − 377
{
1082
+ − 378
$errors[] = $lang->get('page_err_' . $result['error']);
0
+ − 379
}
1082
+ − 380
}
+ − 381
$template->header();
+ − 382
?>
+ − 383
<form action="<?php echo makeUrl($paths->page, 'do=protect'); ?>" method="post">
+ − 384
<h3><?php echo $lang->get('onpage_protect_heading'); ?></h3>
+ − 385
<p><?php echo $lang->get('onpage_protect_msg_select_level'); ?></p>
+ − 386
+ − 387
<?php
+ − 388
if ( !empty($errors) )
+ − 389
{
+ − 390
echo '<ul><li>' . implode('</li><li>', $errors) . '</li></ul>';
+ − 391
}
0
+ − 392
?>
1082
+ − 393
+ − 394
<div class="protectlevel" style="line-height: 22px; margin-left: 17px;">
+ − 395
<label>
+ − 396
<input type="radio" name="level" value="<?php echo PROTECT_FULL; ?>" />
+ − 397
<?php echo gen_sprite(cdnPath . '/images/protect-icons.png', 22, 22, 0, 0); ?>
+ − 398
<?php echo $lang->get('onpage_protect_btn_full'); ?>
+ − 399
</label>
+ − 400
</div>
+ − 401
<div class="protectlevel_hint" style="font-size: smaller; margin-left: 68px;">
+ − 402
<?php echo $lang->get('onpage_protect_btn_full_hint'); ?>
+ − 403
</div>
+ − 404
+ − 405
<div class="protectlevel" style="line-height: 22px; margin-left: 17px;">
+ − 406
<label>
+ − 407
<input type="radio" name="level" value="<?php echo PROTECT_SEMI; ?>" />
+ − 408
<?php echo gen_sprite(cdnPath . '/images/protect-icons.png', 22, 22, 22, 0); ?>
+ − 409
<?php echo $lang->get('onpage_protect_btn_semi'); ?>
+ − 410
</label>
+ − 411
</div>
+ − 412
<div class="protectlevel_hint" style="font-size: smaller; margin-left: 68px;">
+ − 413
<?php echo $lang->get('onpage_protect_btn_semi_hint'); ?>
+ − 414
</div>
+ − 415
+ − 416
<div class="protectlevel" style="line-height: 22px; margin-left: 17px;">
+ − 417
<label>
+ − 418
<input type="radio" name="level" value="<?php echo PROTECT_NONE; ?>" />
+ − 419
<?php echo gen_sprite(cdnPath . '/images/protect-icons.png', 22, 22, 44, 0); ?>
+ − 420
<?php echo $lang->get('onpage_protect_btn_none'); ?>
+ − 421
</label>
+ − 422
</div>
+ − 423
<div class="protectlevel_hint" style="font-size: smaller; margin-left: 68px;">
+ − 424
<?php echo $lang->get('onpage_protect_btn_none_hint'); ?>
+ − 425
</div>
+ − 426
+ − 427
<table style="margin-left: 1em;" cellspacing="10">
+ − 428
<tr>
+ − 429
<td valign="top">
+ − 430
<?php echo $lang->get('onpage_protect_lbl_reason'); ?>
+ − 431
</td>
+ − 432
<td>
+ − 433
<input type="text" name="reason" size="40" /><br />
+ − 434
<small><?php echo $lang->get('onpage_protect_lbl_reason_hint'); ?></small>
+ − 435
</td>
+ − 436
</tr>
+ − 437
</table>
+ − 438
+ − 439
<p>
+ − 440
<input type="submit" value="<?php echo htmlspecialchars($lang->get('page_protect_btn_submit')) ?>" style="font-weight: bold;" />
+ − 441
<a class="abutton" href="<?php echo makeUrl($paths->page, false, true); ?>"><?php echo $lang->get('etc_cancel'); ?></a>
+ − 442
</p>
+ − 443
</form>
+ − 444
<?php
+ − 445
$template->footer();
+ − 446
break;
+ − 447
case 'rename':
+ − 448
require_once(ENANO_ROOT.'/includes/pageutils.php');
+ − 449
if(!empty($_POST['newname']))
+ − 450
{
+ − 451
$r = PageUtils::rename($paths->page_id, $paths->namespace, $_POST['newname']);
+ − 452
die_friendly($lang->get('page_rename_success_title'), '<p>'.nl2br($r).' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>');
+ − 453
}
+ − 454
$template->header();
+ − 455
?>
+ − 456
<form action="<?php echo makeUrl($paths->page, 'do=rename'); ?>" method="post">
+ − 457
<?php if(isset($_POST['newname'])) echo '<p style="color: red;">' . $lang->get('page_rename_err_need_name') . '</p>'; ?>
+ − 458
<p><?php echo $lang->get('page_rename_lbl'); ?></p>
+ − 459
<p><input type="text" name="newname" size="40" /></p>
+ − 460
<p><input type="submit" value="<?php echo htmlspecialchars($lang->get('page_rename_btn_submit')); ?>" style="font-weight: bold;" /></p>
+ − 461
</form>
+ − 462
<?php
+ − 463
$template->footer();
+ − 464
break;
+ − 465
case 'flushlogs':
+ − 466
if(!$session->get_permissions('clear_logs'))
+ − 467
{
+ − 468
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>');
+ − 469
}
+ − 470
if ( !$session->sid_super )
+ − 471
{
+ − 472
redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=flushlogs&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0);
+ − 473
}
+ − 474
require_once(ENANO_ROOT.'/includes/pageutils.php');
+ − 475
if(isset($_POST['_downthejohn']))
+ − 476
{
+ − 477
$template->header();
+ − 478
$result = PageUtils::flushlogs($paths->page_id, $paths->namespace);
+ − 479
echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>';
+ − 480
$template->footer();
+ − 481
break;
+ − 482
}
+ − 483
$template->header();
+ − 484
?>
+ − 485
<form action="<?php echo makeUrl($paths->page, 'do=flushlogs'); ?>" method="post">
+ − 486
<?php echo $lang->get('page_flushlogs_warning_stern'); ?>
+ − 487
<p><input type="submit" name="_downthejohn" value="<?php echo htmlspecialchars($lang->get('page_flushlogs_btn_submit')); ?>" style="color: red; font-weight: bold;" /></p>
0
+ − 488
</form>
+ − 489
<?php
1082
+ − 490
$template->footer();
+ − 491
break;
+ − 492
case 'delvote':
+ − 493
require_once(ENANO_ROOT.'/includes/pageutils.php');
+ − 494
if(isset($_POST['_ballotbox']))
+ − 495
{
+ − 496
$template->header();
+ − 497
$result = PageUtils::delvote($paths->page_id, $paths->namespace);
+ − 498
echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>';
0
+ − 499
$template->footer();
+ − 500
break;
1082
+ − 501
}
+ − 502
$template->header();
0
+ − 503
?>
1082
+ − 504
<form action="<?php echo makeUrl($paths->page, 'do=delvote'); ?>" method="post">
+ − 505
<?php
+ − 506
echo $lang->get('page_delvote_warning_stern');
+ − 507
echo '<p>';
+ − 508
switch($paths->cpage['delvotes'])
+ − 509
{
+ − 510
case 0: echo $lang->get('page_delvote_count_zero'); break;
+ − 511
case 1: echo $lang->get('page_delvote_count_one'); break;
+ − 512
default: echo $lang->get('page_delvote_count_plural', array('delvotes' => $paths->cpage['delvotes'])); break;
+ − 513
}
+ − 514
echo '</p>';
+ − 515
?>
+ − 516
<p><input type="submit" name="_ballotbox" value="<?php echo htmlspecialchars($lang->get('page_delvote_btn_submit')); ?>" /></p>
0
+ − 517
</form>
+ − 518
<?php
1082
+ − 519
$template->footer();
+ − 520
break;
+ − 521
case 'resetvotes':
+ − 522
require_once(ENANO_ROOT.'/includes/pageutils.php');
+ − 523
if(!$session->get_permissions('vote_reset'))
+ − 524
{
+ − 525
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>');
+ − 526
}
+ − 527
if(isset($_POST['_youmaylivealittlelonger']))
+ − 528
{
+ − 529
$template->header();
+ − 530
$result = PageUtils::resetdelvotes($paths->page_id, $paths->namespace);
+ − 531
echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>';
+ − 532
$template->footer();
0
+ − 533
break;
1082
+ − 534
}
+ − 535
$template->header();
+ − 536
?>
+ − 537
<form action="<?php echo makeUrl($paths->page, 'do=resetvotes'); ?>" method="post">
+ − 538
<p><?php echo $lang->get('ajax_delvote_reset_confirm'); ?></p>
+ − 539
<p><input type="submit" name="_youmaylivealittlelonger" value="<?php echo htmlspecialchars($lang->get('page_delvote_reset_btn_submit')); ?>" /></p>
+ − 540
</form>
+ − 541
<?php
+ − 542
$template->footer();
+ − 543
break;
+ − 544
case 'deletepage':
+ − 545
if(!$session->get_permissions('delete_page'))
+ − 546
{
+ − 547
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>');
+ − 548
}
+ − 549
if ( !$session->sid_super )
+ − 550
{
+ − 551
redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=deletepage&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0);
+ − 552
}
+ − 553
+ − 554
require_once(ENANO_ROOT.'/includes/pageutils.php');
+ − 555
if(isset($_POST['_adiossucker']))
+ − 556
{
+ − 557
$reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false;
+ − 558
if ( empty($reason) )
+ − 559
$error = $lang->get('ajax_delete_prompt_reason');
+ − 560
else
0
+ − 561
{
+ − 562
$template->header();
1082
+ − 563
$result = PageUtils::deletepage($paths->page_id, $paths->namespace, $reason);
220
+ − 564
echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>';
0
+ − 565
$template->footer();
+ − 566
break;
+ − 567
}
1082
+ − 568
}
+ − 569
$template->header();
+ − 570
?>
+ − 571
<form action="<?php echo makeUrl($paths->page, 'do=deletepage'); ?>" method="post">
+ − 572
<?php echo $lang->get('page_delete_warning_stern'); ?>
+ − 573
<?php if ( isset($error) ) echo "<p>$error</p>"; ?>
+ − 574
<p><?php echo $lang->get('page_delete_lbl_reason'); ?> <input type="text" name="reason" size="50" /></p>
+ − 575
<p><input type="submit" name="_adiossucker" value="<?php echo htmlspecialchars($lang->get('page_delete_btn_submit')); ?>" style="color: red; font-weight: bold;" /></p>
+ − 576
</form>
+ − 577
<?php
+ − 578
$template->footer();
+ − 579
break;
+ − 580
case 'setwikimode':
+ − 581
if(!$session->get_permissions('set_wiki_mode'))
+ − 582
{
+ − 583
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>');
+ − 584
}
+ − 585
if ( isset($_POST['finish']) )
+ − 586
{
+ − 587
$level = intval($_POST['level']);
+ − 588
if ( !in_array($level, array(0, 1, 2) ) )
0
+ − 589
{
1082
+ − 590
die_friendly('Invalid request', '<p>Level not specified</p>');
0
+ − 591
}
1082
+ − 592
$q = $db->sql_query('UPDATE '.table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $paths->namespace . '\';');
+ − 593
if ( !$q )
+ − 594
$db->_die();
+ − 595
redirect(makeUrl($paths->page), htmlspecialchars($paths->cpage['name']), $lang->get('page_wikimode_success_redirect'), 2);
+ − 596
}
+ − 597
else
+ − 598
{
0
+ − 599
$template->header();
1082
+ − 600
if(!isset($_GET['level']) || ( isset($_GET['level']) && !preg_match('#^([0-9])$#', $_GET['level']))) die_friendly('Invalid request', '<p>Level not specified</p>');
+ − 601
$level = intval($_GET['level']);
97
+ − 602
if ( !in_array($level, array(0, 1, 2) ) )
+ − 603
{
+ − 604
die_friendly('Invalid request', '<p>Level not specified</p>');
+ − 605
}
1082
+ − 606
echo '<form action="' . makeUrl($paths->page, 'do=setwikimode', true) . '" method="post">';
+ − 607
echo '<input type="hidden" name="finish" value="foo" />';
+ − 608
echo '<input type="hidden" name="level" value="' . $level . '" />';
+ − 609
$level_txt = ( $level == 0 ) ? 'page_wikimode_level_off' : ( ( $level == 1 ) ? 'page_wikimode_level_on' : 'page_wikimode_level_global' );
+ − 610
$blurb = ( $level == 0 || ( $level == 2 && getConfig('wiki_mode') != '1' ) ) ? 'page_wikimode_blurb_disable' : 'page_wikimode_blurb_enable';
+ − 611
?>
+ − 612
<h3><?php echo $lang->get('page_wikimode_heading'); ?></h3>
+ − 613
<p><?php echo $lang->get($level_txt) . ' ' . $lang->get($blurb); ?></p>
+ − 614
<p><?php echo $lang->get('page_wikimode_warning'); ?></p>
+ − 615
<p><input type="submit" value="<?php echo htmlspecialchars($lang->get('page_wikimode_btn_submit')); ?>" /></p>
+ − 616
<?php
+ − 617
echo '</form>';
+ − 618
$template->footer();
+ − 619
}
+ − 620
break;
+ − 621
case 'diff':
+ − 622
require_once(ENANO_ROOT.'/includes/pageutils.php');
+ − 623
require_once(ENANO_ROOT.'/includes/diff.php');
+ − 624
$template->header();
+ − 625
$id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false;
+ − 626
$id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false;
+ − 627
if ( !$id1 || !$id2 )
+ − 628
{
+ − 629
echo '<p>Invalid request.</p>';
+ − 630
$template->footer();
0
+ − 631
break;
1082
+ − 632
}
+ − 633
if ( !ctype_digit($_GET['diff1']) || !ctype_digit($_GET['diff1']) )
+ − 634
{
+ − 635
echo '<p>SQL injection attempt</p>';
0
+ − 636
$template->footer();
+ − 637
break;
1082
+ − 638
}
+ − 639
echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2);
+ − 640
$template->footer();
+ − 641
break;
+ − 642
case 'detag':
+ − 643
if ( $session->user_level < USER_LEVEL_ADMIN )
+ − 644
{
+ − 645
die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>');
+ − 646
}
+ − 647
if ( $paths->page_exists )
+ − 648
{
+ − 649
die_friendly($lang->get('etc_invalid_request_short'), '<p>' . $lang->get('page_detag_err_page_exists') . '</p>');
+ − 650
}
+ − 651
$q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $paths->namespace . '\';');
+ − 652
if ( !$q )
+ − 653
$db->_die('Detag query, index.php:'.__LINE__);
+ − 654
die_friendly($lang->get('page_detag_success_title'), '<p>' . $lang->get('page_detag_success_body') . '</p>');
+ − 655
break;
+ − 656
case 'aclmanager':
+ − 657
if ( !$session->sid_super )
+ − 658
{
+ − 659
redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=aclmanager&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0);
+ − 660
}
+ − 661
+ − 662
require_once(ENANO_ROOT.'/includes/pageutils.php');
+ − 663
$data = ( isset($_POST['data']) ) ? $_POST['data'] : Array('mode' => 'listgroups');
+ − 664
PageUtils::aclmanager($data);
+ − 665
break;
+ − 666
case 'sql_report':
+ − 667
$rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 );
+ − 668
$page = new PageProcessor( $paths->page_id, $paths->namespace, $rev_id );
+ − 669
$page->send_headers = true;
+ − 670
$pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : '';
+ − 671
$page->password = $pagepass;
+ − 672
$page->send(true);
+ − 673
ob_end_clean();
+ − 674
ob_start();
+ − 675
$db->sql_report();
+ − 676
break;
+ − 677
}
+ − 678
+ − 679
// Generate an ETag
+ − 680
/*
+ − 681
// format: first 10 digits of SHA1 of page name, user id in hex, user and auth levels, page timestamp in hex
+ − 682
$etag = substr(sha1($paths->namespace . ':' . $paths->page_id), 0, 10) . '-' .
+ − 683
"u{$session->user_id}l{$session->user_level}a{$session->auth_level}-" .
+ − 684
dechex($page_timestamp);
+ − 685
+ − 686
if ( isset($_SERVER['HTTP_IF_NONE_MATCH']) )
+ − 687
{
+ − 688
if ( "\"$etag\"" == $_SERVER['HTTP_IF_NONE_MATCH'] )
+ − 689
{
+ − 690
header('HTTP/1.1 304 Not Modified');
+ − 691
exit();
0
+ − 692
}
1082
+ − 693
}
867
+ − 694
1082
+ − 695
header("ETag: \"$etag\"");
+ − 696
*/
+ − 697
+ − 698
$db->close();
+ − 699
gzip_output();
+ − 700
+ − 701
@ob_end_flush();
542
5841df0ab575
Added ETag support and increased caching settings to try and speed the system up. Result of a YSlow audit.
Dan
diff
changeset
+ − 702
0
+ − 703
?>