author | Dan |
Sat, 23 Jun 2007 18:54:16 -0400 | |
changeset 19 | 5d003b6c9e89 |
parent 16 | 64e0d3d4cf14 |
child 21 | 663fcf528726 |
permissions | -rw-r--r-- |
1 | 1 |
<?php |
2 |
/* |
|
3 |
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between |
|
16
64e0d3d4cf14
Emergency version change to 1.0rc3 to fix XSS vulnerabilities
Dan
parents:
15
diff
changeset
|
4 |
* Version 1.0 release candidate 3 (Druid) |
1 | 5 |
* pageprocess.php - intelligent retrieval of pages |
6 |
* Copyright (C) 2006-2007 Dan Fuhry |
|
7 |
* |
|
8 |
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License |
|
9 |
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. |
|
10 |
* |
|
11 |
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied |
|
12 |
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. |
|
13 |
*/ |
|
14 |
||
15 |
/** |
|
16 |
* Class to handle fetching page text (possibly from a cache) and formatting it. |
|
17 |
* @package Enano |
|
18 |
* @subpackage UI |
|
19 |
* @copyright 2007 Dan Fuhry |
|
20 |
* @license GNU General Public License <http://www.gnu.org/licenses/gpl.html> |
|
21 |
*/ |
|
22 |
||
23 |
class PageProcessor |
|
24 |
{ |
|
25 |
||
26 |
/** |
|
27 |
* Page ID and namespace of the page handled by this instance |
|
28 |
* @var string |
|
29 |
*/ |
|
30 |
||
31 |
var $page_id; |
|
32 |
var $namespace; |
|
33 |
||
34 |
/** |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
35 |
* Unsanitized page ID. |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
36 |
* @var string |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
37 |
*/ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
38 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
39 |
var $page_id_unclean; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
40 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
41 |
/** |
1 | 42 |
* Tracks if the page we're loading exists in the database or not. |
43 |
* @var bool |
|
44 |
*/ |
|
45 |
||
46 |
var $page_exists = false; |
|
47 |
||
48 |
/** |
|
49 |
* Permissions! |
|
50 |
* @var object |
|
51 |
*/ |
|
52 |
||
53 |
var $perms = null; |
|
54 |
||
55 |
/** |
|
56 |
* Switch to track if redirects are allowed. Defaults to true. |
|
57 |
* @var bool |
|
58 |
*/ |
|
59 |
||
60 |
var $allow_redir = true; |
|
61 |
||
62 |
/** |
|
63 |
* If this is set to true, this will call the header and footer funcs on $template when render() is called. |
|
64 |
* @var bool |
|
65 |
*/ |
|
66 |
||
67 |
var $send_headers = false; |
|
68 |
||
69 |
/** |
|
70 |
* Cache the fetched text so we don't fetch it from the DB twice. |
|
71 |
* @var string |
|
72 |
*/ |
|
73 |
||
74 |
var $text_cache = ''; |
|
75 |
||
76 |
/** |
|
77 |
* Debugging information to track errors. You can set enable to false to disable sending debug information. |
|
78 |
* @var array |
|
79 |
*/ |
|
80 |
||
81 |
var $debug = array( |
|
82 |
'enable' => true, |
|
83 |
'works' => false |
|
84 |
); |
|
85 |
||
86 |
/** |
|
87 |
* Constructor. |
|
88 |
* @param string The page ID (urlname) of the page |
|
89 |
* @param string The namespace of the page |
|
90 |
*/ |
|
91 |
||
92 |
function __construct( $page_id, $namespace ) |
|
93 |
{ |
|
94 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
95 |
||
96 |
// See if we can get some debug info |
|
97 |
if ( function_exists('debug_backtrace') && $this->debug['enable'] ) |
|
98 |
{ |
|
99 |
$this->debug['works'] = true; |
|
100 |
$this->debug['backtrace'] = enano_debug_print_backtrace(true); |
|
101 |
} |
|
102 |
||
103 |
// First things first - check page existence and permissions |
|
104 |
||
105 |
if ( !isset($paths->nslist[$namespace]) ) |
|
106 |
{ |
|
107 |
$this->send_error('The namespace "' . htmlspecialchars($namespace) . '" does not exist.'); |
|
108 |
} |
|
109 |
||
110 |
$this->_setup( $page_id, $namespace ); |
|
111 |
||
112 |
} |
|
113 |
||
114 |
/** |
|
115 |
* The main method to send the page content. Also responsible for checking permissions. |
|
116 |
*/ |
|
117 |
||
118 |
function send() |
|
119 |
{ |
|
120 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
121 |
if ( !$this->perms->get_permissions('read') ) |
|
122 |
{ |
|
123 |
$this->err_access_denied(); |
|
124 |
return false; |
|
125 |
} |
|
126 |
if ( $this->namespace == 'Special' || $this->namespace == 'Admin' ) |
|
127 |
{ |
|
128 |
if ( !$this->page_exists ) |
|
129 |
{ |
|
130 |
redirect( makeUrl(getConfig('main_page')), 'Can\'t find special page', 'The special or administration page you requested does not exist. You will now be transferred to the main page.', 2 ); |
|
131 |
} |
|
132 |
$func_name = "page_{$this->namespace}_{$this->page_id}"; |
|
133 |
if ( function_exists($func_name) ) |
|
134 |
{ |
|
135 |
return @call_user_func($func_name); |
|
136 |
} |
|
137 |
else |
|
138 |
{ |
|
139 |
$title = 'Page backend not found'; |
|
140 |
$message = "The administration page you are looking for was properly registered using the page API, but the backend function |
|
141 |
(<tt>$fname</tt>) was not found. If this is a plugin page, then this is almost certainly a bug with the plugin."; |
|
142 |
||
143 |
if ( $this->send_headers ) |
|
144 |
{ |
|
145 |
$template->tpl_strings['PAGE_NAME'] = $title; |
|
146 |
$template->header(); |
|
147 |
echo "<p>$message</p>"; |
|
148 |
$template->footer(); |
|
149 |
} |
|
150 |
else |
|
151 |
{ |
|
152 |
echo "<h2>$title</h2> |
|
153 |
<p>$message</p>"; |
|
154 |
} |
|
155 |
return false; |
|
156 |
} |
|
157 |
} |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
158 |
else if ( $this->namespace == 'User' ) |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
159 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
160 |
$this->_handle_userpage(); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
161 |
} |
1 | 162 |
else if ( ( $this->namespace == 'Template' || $this->namespace == 'System' ) && $this->page_exists ) |
163 |
{ |
|
164 |
$this->header(); |
|
165 |
||
166 |
$text = $this->fetch_text(); |
|
167 |
$text = preg_replace('/<noinclude>(.*?)<\/noinclude>/is', '\\1', $text); |
|
168 |
$text = preg_replace('/<nodisplay>(.*?)<\/nodisplay>/is', '', $text); |
|
169 |
||
170 |
$text = RenderMan::render( $text ); |
|
171 |
||
172 |
echo $text; |
|
173 |
||
174 |
$this->footer(); |
|
175 |
||
176 |
} |
|
177 |
else if ( !$this->page_exists ) |
|
178 |
{ |
|
179 |
// Perhaps this is hooked? |
|
180 |
ob_start(); |
|
181 |
||
182 |
$code = $plugins->setHook('page_not_found'); |
|
183 |
foreach ( $code as $cmd ) |
|
184 |
{ |
|
185 |
eval($cmd); |
|
186 |
} |
|
187 |
||
188 |
$ob = ob_get_contents(); |
|
189 |
||
190 |
if ( empty($ob) ) |
|
191 |
{ |
|
192 |
$this->err_page_not_existent(); |
|
193 |
} |
|
194 |
} |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
195 |
else // (disabled for compatibility reasons) if ( in_array($this->namespace, array('Article', 'User', 'Project', 'Help', 'File', 'Category')) && $this->page_exists ) |
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
196 |
{ |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
197 |
// Send as regular page |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
198 |
$text = $this->fetch_text(); |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
199 |
if ( $text == 'err_no_text_rows' ) |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
200 |
{ |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
201 |
$this->err_no_rows(); |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
202 |
return false; |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
203 |
} |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
204 |
else |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
205 |
{ |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
206 |
$this->render(); |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
207 |
} |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
208 |
} |
1 | 209 |
} |
210 |
||
211 |
/** |
|
212 |
* Sets internal variables. |
|
213 |
* @access private |
|
214 |
*/ |
|
215 |
||
216 |
function _setup($page_id, $namespace) |
|
217 |
{ |
|
218 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
219 |
||
220 |
$page_id_cleaned = sanitize_page_id($page_id); |
|
221 |
||
222 |
$this->page_id = $page_id_cleaned; |
|
223 |
$this->namespace = $namespace; |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
224 |
$this->page_id_unclean = dirtify_page_id($page_id); |
1 | 225 |
|
226 |
$this->perms = $session->fetch_page_acl( $page_id, $namespace ); |
|
227 |
||
228 |
// Exception for Admin: pages |
|
229 |
if ( $this->namespace == 'Admin' ) |
|
230 |
{ |
|
231 |
$fname = "page_Admin_{$this->page_id}"; |
|
232 |
} |
|
233 |
||
234 |
// Does the page "exist"? |
|
4 | 235 |
if ( $paths->cpage['urlname_nons'] == $page_id && $paths->namespace == $namespace && !$paths->page_exists && ( $this->namespace != 'Admin' || ($this->namespace == 'Admin' && !function_exists($fname) ) ) ) |
1 | 236 |
{ |
237 |
$this->page_exists = false; |
|
238 |
} |
|
239 |
else if ( !isset( $paths->pages[ $paths->nslist[$namespace] . $page_id ] ) && ( $this->namespace == 'Admin' && !function_exists($fname) ) ) |
|
240 |
{ |
|
241 |
$this->page_exists = false; |
|
242 |
} |
|
243 |
else |
|
244 |
{ |
|
245 |
$this->page_exists = true; |
|
246 |
} |
|
247 |
} |
|
248 |
||
249 |
/** |
|
250 |
* Renders it all in one go, and echoes it out. This assumes that the text is in the DB. |
|
251 |
* @access private |
|
252 |
*/ |
|
253 |
||
254 |
function render() |
|
255 |
{ |
|
256 |
$text = $this->fetch_text(); |
|
257 |
||
258 |
$this->header(); |
|
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
259 |
if ( $this->send_headers ) |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
260 |
{ |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
261 |
display_page_headers(); |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
262 |
} |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
263 |
|
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
264 |
$text = '?>' . RenderMan::render($text); |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
265 |
// echo('<pre>'.htmlspecialchars($text).'</pre>'); |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
266 |
eval ( $text ); |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
267 |
|
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
268 |
if ( $this->send_headers ) |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
269 |
{ |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
270 |
display_page_footers(); |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
271 |
} |
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
parents:
4
diff
changeset
|
272 |
|
1 | 273 |
$this->footer(); |
274 |
} |
|
275 |
||
276 |
/** |
|
277 |
* Sends the page header, dependent on, of course, whether we're supposed to. |
|
278 |
*/ |
|
279 |
||
280 |
function header() |
|
281 |
{ |
|
282 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
283 |
if ( $this->send_headers ) |
|
284 |
$template->header(); |
|
285 |
} |
|
286 |
||
287 |
/** |
|
288 |
* Sends the page footer, dependent on, of course, whether we're supposed to. |
|
289 |
*/ |
|
290 |
||
291 |
function footer() |
|
292 |
{ |
|
293 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
294 |
if ( $this->send_headers ) |
|
295 |
$template->footer(); |
|
296 |
} |
|
297 |
||
298 |
/** |
|
299 |
* Fetches the raw, unfiltered page text. |
|
300 |
* @access public |
|
301 |
*/ |
|
302 |
||
303 |
function fetch_text() |
|
304 |
{ |
|
305 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
306 |
||
307 |
if ( !empty($this->text_cache) ) |
|
308 |
{ |
|
309 |
return $this->text_cache; |
|
310 |
} |
|
311 |
||
312 |
$q = $db->sql_query('SELECT page_text, char_tag FROM '.table_prefix.'page_text WHERE page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\';'); |
|
313 |
if ( !$q ) |
|
314 |
{ |
|
315 |
$this->send_error('Error during SQL query.', true); |
|
316 |
} |
|
317 |
if ( $db->numrows() < 1 ) |
|
318 |
{ |
|
319 |
$this->page_exists = false; |
|
320 |
return 'err_no_text_rows'; |
|
321 |
} |
|
322 |
||
323 |
$row = $db->fetchrow(); |
|
324 |
$db->free_result(); |
|
325 |
||
326 |
if ( !empty($row['char_tag']) ) |
|
327 |
{ |
|
328 |
// This page text entry uses the old text-escaping format |
|
329 |
$from = array( |
|
330 |
"{APOS:{$row['char_tag']}}", |
|
331 |
"{QUOT:{$row['char_tag']}}", |
|
332 |
"{SLASH:{$row['char_tag']}}" |
|
333 |
); |
|
334 |
$to = array("'", '"', '\\'); |
|
335 |
$row['page_text'] = str_replace($from, $to, $row['page_text']); |
|
336 |
} |
|
337 |
||
338 |
$this->text_cache = $row['page_text']; |
|
339 |
||
340 |
return $row['page_text']; |
|
341 |
||
342 |
} |
|
343 |
||
344 |
/** |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
345 |
* Handles the extra overhead required for user pages. |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
346 |
* @access private |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
347 |
*/ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
348 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
349 |
function _handle_userpage() |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
350 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
351 |
global $db, $session, $paths, $template, $plugins; // Common objects |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
352 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
353 |
if ( $this->page_id == $paths->cpage['urlname_nons'] && $this->namespace == $paths->namespace ) |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
354 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
355 |
$page_name = ( isset($paths->cpage['name']) ) ? $paths->cpage['name'] : $this->page_id; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
356 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
357 |
else |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
358 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
359 |
$page_name = ( isset($paths->pages[$this->page_id]) ) ? $paths->pages[$this->page_id]['name'] : $this->page_id; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
360 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
361 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
362 |
if ( $page_name == str_replace('_', ' ', $this->page_id) || $page_name == $paths->nslist['User'] . str_replace('_', ' ', $this->page_id) ) |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
363 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
364 |
$target_username = strtr($page_name, |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
365 |
Array( |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
366 |
'_' => ' ', |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
367 |
'<' => '<', |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
368 |
'>' => '>' |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
369 |
)); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
370 |
$target_username = preg_replace('/^' . preg_quote($paths->nslist['User']) . '/', '', $target_username); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
371 |
$page_name = "$target_username's user page"; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
372 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
373 |
else |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
374 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
375 |
// User has a custom title for their userpage |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
376 |
$page_name = $paths->pages[ $paths->nslist[$this->namespace] . $this->page_id ]['name']; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
377 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
378 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
379 |
$template->tpl_strings['PAGE_NAME'] = htmlspecialchars($page_name); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
380 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
381 |
$this->header(); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
382 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
383 |
if ( $send_headers ) |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
384 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
385 |
display_page_headers(); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
386 |
} |
16
64e0d3d4cf14
Emergency version change to 1.0rc3 to fix XSS vulnerabilities
Dan
parents:
15
diff
changeset
|
387 |
|
64e0d3d4cf14
Emergency version change to 1.0rc3 to fix XSS vulnerabilities
Dan
parents:
15
diff
changeset
|
388 |
/* |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
389 |
// Start left sidebar: basic user info, latest comments |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
390 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
391 |
echo '<table border="0" cellspacing="4" cellpadding="0" style="width: 100%;">'; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
392 |
echo '<tr><td style="width: 150px;">'; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
393 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
394 |
echo '<div class="tblholder"> |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
395 |
<table border="0" cellspacing="1" cellpadding="4">'; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
396 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
397 |
// Main part of sidebar |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
398 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
399 |
echo ' </table> |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
400 |
</div>'; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
401 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
402 |
echo '</td><td>'; |
16
64e0d3d4cf14
Emergency version change to 1.0rc3 to fix XSS vulnerabilities
Dan
parents:
15
diff
changeset
|
403 |
*/ |
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
404 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
405 |
// User's own content |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
406 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
407 |
$send_headers = $this->send_headers; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
408 |
$this->send_headers = false; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
409 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
410 |
if ( $this->page_exists ) |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
411 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
412 |
$this->render(); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
413 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
414 |
else |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
415 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
416 |
$this->err_page_not_existent(); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
417 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
418 |
|
16
64e0d3d4cf14
Emergency version change to 1.0rc3 to fix XSS vulnerabilities
Dan
parents:
15
diff
changeset
|
419 |
/* |
64e0d3d4cf14
Emergency version change to 1.0rc3 to fix XSS vulnerabilities
Dan
parents:
15
diff
changeset
|
420 |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
421 |
// Right sidebar |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
422 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
423 |
echo '</td><td style="width: 150px;">'; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
424 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
425 |
echo '<div class="tblholder"> |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
426 |
<table border="0" cellspacing="1" cellpadding="4">'; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
427 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
428 |
// Main part of sidebar |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
429 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
430 |
echo ' </table> |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
431 |
</div>'; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
432 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
433 |
echo '</tr></table>'; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
434 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
435 |
if ( $send_headers ) |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
436 |
{ |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
437 |
display_page_footers(); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
438 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
439 |
|
16
64e0d3d4cf14
Emergency version change to 1.0rc3 to fix XSS vulnerabilities
Dan
parents:
15
diff
changeset
|
440 |
*/ |
64e0d3d4cf14
Emergency version change to 1.0rc3 to fix XSS vulnerabilities
Dan
parents:
15
diff
changeset
|
441 |
|
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
442 |
$this->send_headers = $send_headers; |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
443 |
unset($send_headers); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
444 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
445 |
$this->footer(); |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
446 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
447 |
} |
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
448 |
|
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
parents:
9
diff
changeset
|
449 |
/** |
1 | 450 |
* Send the error message to the user that the access to this page is denied. |
451 |
* @access private |
|
452 |
*/ |
|
453 |
||
454 |
function err_access_denied() |
|
455 |
{ |
|
456 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
457 |
||
458 |
$ob = ''; |
|
459 |
$template->tpl_strings['PAGE_NAME'] = 'Access denied'; |
|
460 |
||
461 |
if ( $this->send_headers ) |
|
462 |
{ |
|
463 |
$ob .= $template->getHeader(); |
|
464 |
} |
|
465 |
||
466 |
$ob .= '<div class="error-box"><b>Access to this page is denied.</b><br />This may be because you are not logged in or you have not met certain criteria for viewing this page.</div>'; |
|
467 |
||
468 |
if ( $this->send_headers ) |
|
469 |
{ |
|
470 |
$ob .= $template->getFooter(); |
|
471 |
} |
|
472 |
echo $ob; |
|
473 |
} |
|
474 |
||
475 |
/** |
|
476 |
* Send the error message to the user complaining that there weren't any rows. |
|
477 |
* @access private |
|
478 |
*/ |
|
479 |
||
480 |
function err_no_rows() |
|
481 |
{ |
|
482 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
483 |
||
484 |
$title = 'No text rows'; |
|
485 |
$message = 'While the page\'s existence was verified, there were no rows in the database that matched the query for the text. This may indicate a bug with the software; ask the webmaster for more information. The offending query was:<pre>' . $db->latest_query . '</pre>'; |
|
486 |
if ( $this->send_headers ) |
|
487 |
{ |
|
488 |
$template->tpl_strings['PAGE_NAME'] = $title; |
|
489 |
$template->header(); |
|
490 |
echo "<p>$message</p>"; |
|
491 |
$template->footer(); |
|
492 |
} |
|
493 |
else |
|
494 |
{ |
|
495 |
echo "<h2>$title</h2> |
|
496 |
<p>$message</p>"; |
|
497 |
} |
|
498 |
} |
|
499 |
||
500 |
/** |
|
501 |
* Tell the user the page doesn't exist, and present them with their options. |
|
502 |
* @access private |
|
503 |
*/ |
|
504 |
||
505 |
function err_page_not_existent() |
|
506 |
{ |
|
507 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
508 |
||
509 |
$this->header(); |
|
510 |
header('HTTP/1.1 404 Not Found'); |
|
511 |
echo '<h3>There is no page with this title yet.</h3> |
|
512 |
<p>You have requested a page that doesn\'t exist yet.'; |
|
513 |
if ( $session->get_permissions('create_page') ) |
|
514 |
{ |
|
515 |
echo ' You can <a href="'.makeUrlNS($this->namespace, $this->page_id, 'do=edit', true).'" onclick="ajaxEditor(); return false;">create this page</a>, or return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.'; |
|
516 |
} |
|
517 |
else |
|
518 |
{ |
|
519 |
echo ' Return to the <a href="'.makeUrl(getConfig('main_page')).'">homepage</a>.</p>'; |
|
520 |
} |
|
521 |
if ( $session->get_permissions('history_rollback') ) |
|
522 |
{ |
|
523 |
$e = $db->sql_query('SELECT * FROM ' . table_prefix . 'logs WHERE action=\'delete\' AND page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\' ORDER BY time_id DESC;'); |
|
524 |
if ( !$e ) |
|
525 |
{ |
|
526 |
$db->_die('The deletion log could not be selected.'); |
|
527 |
} |
|
528 |
if ( $db->numrows() > 0 ) |
|
529 |
{ |
|
530 |
$r = $db->fetchrow(); |
|
531 |
echo '<p>This page also appears to have some log entries in the database - it seems that it was deleted on ' . $r['date_string'] . '. You can probably <a href="'.makeUrl($paths->page, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;">roll back</a> the deletion.</p>'; |
|
532 |
} |
|
533 |
$db->free_result(); |
|
534 |
} |
|
535 |
echo '<p> |
|
536 |
HTTP Error: 404 Not Found |
|
537 |
</p>'; |
|
538 |
$this->footer(); |
|
539 |
} |
|
540 |
||
541 |
/** |
|
542 |
* PHP 4 constructor. |
|
543 |
* @see PageProcessor::__construct() |
|
544 |
*/ |
|
545 |
||
546 |
function PageProcessor( $page_id, $namespace ) |
|
547 |
{ |
|
548 |
$this->__construct($page_id, $namespace); |
|
549 |
} |
|
550 |
||
551 |
/** |
|
552 |
* Send an error message and die |
|
553 |
* @var string Error message |
|
554 |
* @var bool If true, send DBAL's debugging information as well |
|
555 |
*/ |
|
556 |
||
557 |
function send_error($message, $sql = false) |
|
558 |
{ |
|
559 |
global $db, $session, $paths, $template, $plugins; // Common objects |
|
560 |
||
561 |
$content = "<p>$message</p>"; |
|
562 |
$template->tpl_strings['PAGE_NAME'] = 'General error in page fetcher'; |
|
563 |
||
564 |
if ( $this->debug['works'] ) |
|
565 |
{ |
|
566 |
$content .= $this->debug['backtrace']; |
|
567 |
} |
|
568 |
||
569 |
header('HTTP/1.1 500 Internal Server Error'); |
|
570 |
||
571 |
$template->header(); |
|
572 |
echo $content; |
|
573 |
$template->footer(); |
|
574 |
||
575 |
$db->close(); |
|
576 |
||
577 |
exit; |
|
578 |
||
579 |
} |
|
580 |
||
581 |
} // class PageProcessor |
|
582 |
||
583 |
?> |