1
+ − 1
<?php
73
0a74676a2f2f
Made the move to Loch Ness, and got some basic page grouping functionality working. TODO: fix some UI issues in Javascript ACL editor and change non-JS ACL editor to work with page groups too
Dan
diff
changeset
+ − 2
1
+ − 3
/*
+ − 4
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
411
+ − 5
* Version 1.1.2 (Caoineag alpha 2)
1
+ − 6
* pageprocess.php - intelligent retrieval of pages
+ − 7
* Copyright (C) 2006-2007 Dan Fuhry
+ − 8
*
+ − 9
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
+ − 10
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
+ − 11
*
+ − 12
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ − 13
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
+ − 14
*/
+ − 15
+ − 16
/**
+ − 17
* Class to handle fetching page text (possibly from a cache) and formatting it.
322
+ − 18
* As of 1.0.4, this also handles the fetching and editing of certain data for pages.
1
+ − 19
* @package Enano
+ − 20
* @subpackage UI
+ − 21
* @copyright 2007 Dan Fuhry
+ − 22
* @license GNU General Public License <http://www.gnu.org/licenses/gpl.html>
+ − 23
*/
+ − 24
+ − 25
class PageProcessor
+ − 26
{
+ − 27
+ − 28
/**
+ − 29
* Page ID and namespace of the page handled by this instance
+ − 30
* @var string
+ − 31
*/
+ − 32
+ − 33
var $page_id;
+ − 34
var $namespace;
+ − 35
+ − 36
/**
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 37
* The title of the page sent to the template parser
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 38
* @var string
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 39
*/
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 40
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 41
var $title = '';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 42
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 43
/**
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 44
* The information about the page(s) we were redirected from
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 45
* @var array
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 46
*/
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 47
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 48
var $redirect_stack = array();
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 49
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 50
/**
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 51
* The revision ID (history entry) to send. If set to 0 (the default) then the most recent revision will be sent.
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 52
* @var int
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 53
*/
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 54
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 55
var $revision_id = 0;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 56
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 57
/**
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 58
* Unsanitized page ID.
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 59
* @var string
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 60
*/
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 61
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 62
var $page_id_unclean;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 63
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 64
/**
1
+ − 65
* Tracks if the page we're loading exists in the database or not.
+ − 66
* @var bool
+ − 67
*/
+ − 68
+ − 69
var $page_exists = false;
+ − 70
+ − 71
/**
+ − 72
* Permissions!
+ − 73
* @var object
+ − 74
*/
+ − 75
+ − 76
var $perms = null;
+ − 77
+ − 78
/**
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 79
* The SHA1 hash of the user-inputted password for the page
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 80
* @var string
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 81
*/
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 82
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 83
var $password = '';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 84
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 85
/**
1
+ − 86
* Switch to track if redirects are allowed. Defaults to true.
+ − 87
* @var bool
+ − 88
*/
+ − 89
+ − 90
var $allow_redir = true;
+ − 91
+ − 92
/**
+ − 93
* If this is set to true, this will call the header and footer funcs on $template when render() is called.
+ − 94
* @var bool
+ − 95
*/
+ − 96
+ − 97
var $send_headers = false;
+ − 98
+ − 99
/**
+ − 100
* Cache the fetched text so we don't fetch it from the DB twice.
+ − 101
* @var string
+ − 102
*/
+ − 103
+ − 104
var $text_cache = '';
+ − 105
+ − 106
/**
+ − 107
* Debugging information to track errors. You can set enable to false to disable sending debug information.
+ − 108
* @var array
+ − 109
*/
+ − 110
+ − 111
var $debug = array(
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 112
'enable' => false,
1
+ − 113
'works' => false
+ − 114
);
+ − 115
+ − 116
/**
322
+ − 117
* The list of errors raised in the class.
+ − 118
* @var array
+ − 119
*/
+ − 120
+ − 121
var $_errors = array();
+ − 122
+ − 123
/**
1
+ − 124
* Constructor.
+ − 125
* @param string The page ID (urlname) of the page
+ − 126
* @param string The namespace of the page
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 127
* @param int Optional. The revision ID to send.
1
+ − 128
*/
+ − 129
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 130
function __construct( $page_id, $namespace, $revision_id = 0 )
1
+ − 131
{
+ − 132
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 133
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 134
profiler_log("PageProcessor [{$namespace}:{$page_id}]: Started constructor");
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 135
1
+ − 136
// See if we can get some debug info
+ − 137
if ( function_exists('debug_backtrace') && $this->debug['enable'] )
+ − 138
{
+ − 139
$this->debug['works'] = true;
+ − 140
$this->debug['backtrace'] = enano_debug_print_backtrace(true);
+ − 141
}
+ − 142
+ − 143
// First things first - check page existence and permissions
+ − 144
+ − 145
if ( !isset($paths->nslist[$namespace]) )
+ − 146
{
+ − 147
$this->send_error('The namespace "' . htmlspecialchars($namespace) . '" does not exist.');
+ − 148
}
+ − 149
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 150
if ( !is_int($revision_id) )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 151
$revision_id = 0;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 152
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 153
profiler_log("PageProcessor [{$namespace}:{$page_id}]: Ran initial checks");
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 154
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 155
$this->_setup( $page_id, $namespace, $revision_id );
1
+ − 156
}
+ − 157
+ − 158
/**
61
+ − 159
* The main method to send the page content. Also responsible for checking permissions and calling the statistics counter.
+ − 160
* @param bool If true, the stat counter is called. Defaults to false.
1
+ − 161
*/
+ − 162
61
+ − 163
function send( $do_stats = false )
1
+ − 164
{
+ − 165
global $db, $session, $paths, $template, $plugins; // Common objects
314
+ − 166
global $lang;
+ − 167
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 168
profiler_log("PageProcessor [{$this->namespace}:{$this->page_id}]: Started send process");
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 169
1
+ − 170
if ( !$this->perms->get_permissions('read') )
+ − 171
{
+ − 172
$this->err_access_denied();
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 173
profiler_log("PageProcessor [{$this->namespace}:{$this->page_id}]: Finished send process");
1
+ − 174
return false;
+ − 175
}
24
+ − 176
$pathskey = $paths->nslist[ $this->namespace ] . $this->page_id;
+ − 177
$strict_no_headers = false;
329
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 178
if ( $this->namespace == 'Admin' && strstr($this->page_id, '/') )
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 179
{
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 180
$this->page_id = substr($this->page_id, 0, strpos($this->page_id, '/'));
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 181
$funcname = "page_{$this->namespace}_{$this->page_id}";
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 182
if ( function_exists($funcname) )
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 183
{
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 184
$this->page_exists = true;
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 185
}
0437a7cf1acc
Added update-checking function (still a little rough around the edges); added support into admin user CP for changing avatars
Dan
diff
changeset
+ − 186
}
24
+ − 187
if ( isset($paths->pages[$pathskey]) )
+ − 188
{
+ − 189
if ( $paths->pages[$pathskey]['special'] == 1 )
+ − 190
{
+ − 191
$this->send_headers = false;
+ − 192
$strict_no_headers = true;
+ − 193
}
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 194
if ( isset($paths->pages[$pathskey]['password']) )
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 195
{
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 196
if ( $paths->pages[$pathskey]['password'] != '' && $paths->pages[$pathskey]['password'] != sha1('') )
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 197
{
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 198
$password =& $paths->pages[$pathskey]['password'];
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 199
if ( $this->password != $password )
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 200
{
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 201
$this->err_wrong_password();
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 202
profiler_log("PageProcessor [{$this->namespace}:{$this->page_id}]: Finished send process");
286
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 203
return false;
b2f985e4cef3
Fixed a number of issues with SQL query readability and some undefined index-ish errors; consequently the SQL report feature was added
Dan
diff
changeset
+ − 204
}
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 205
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 206
}
24
+ − 207
}
61
+ − 208
if ( $this->page_exists && $this->namespace != 'Special' && $this->namespace != 'Admin' && $do_stats )
+ − 209
{
+ − 210
doStats($this->page_id, $this->namespace);
+ − 211
}
1
+ − 212
if ( $this->namespace == 'Special' || $this->namespace == 'Admin' )
+ − 213
{
+ − 214
if ( !$this->page_exists )
+ − 215
{
391
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
diff
changeset
+ − 216
$func_name = "page_{$this->namespace}_{$this->page_id}";
85f91037cd4f
Localization is FINISHED, DAMN IT HELLAH YEAH! OVER WITH! Man, it feels to get that off my chest. Release is in under 48 hours, folks. And we're ready for it.
Dan
diff
changeset
+ − 217
die_semicritical($lang->get('page_msg_admin_404_title'), $lang->get('page_msg_admin_404_body', array('func_name' => $func_name)));
1
+ − 218
}
+ − 219
$func_name = "page_{$this->namespace}_{$this->page_id}";
+ − 220
if ( function_exists($func_name) )
+ − 221
{
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 222
profiler_log("PageProcessor [{$this->namespace}:{$this->page_id}]: Calling special/admin page");
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 223
$result = @call_user_func($func_name);
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 224
profiler_log("PageProcessor [{$this->namespace}:{$this->page_id}]: Finished send process");
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 225
return $result;
1
+ − 226
}
+ − 227
else
+ − 228
{
314
+ − 229
$title = $lang->get('page_err_custompage_function_missing_title');
+ − 230
$message = $lang->get('page_err_custompage_function_missing_body', array( 'function_name' => $fname ));
1
+ − 231
+ − 232
if ( $this->send_headers )
+ − 233
{
+ − 234
$template->tpl_strings['PAGE_NAME'] = $title;
+ − 235
$template->header();
+ − 236
echo "<p>$message</p>";
+ − 237
$template->footer();
+ − 238
}
+ − 239
else
+ − 240
{
+ − 241
echo "<h2>$title</h2>
+ − 242
<p>$message</p>";
+ − 243
}
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 244
profiler_log("PageProcessor [{$this->namespace}:{$this->page_id}]: Finished send process");
1
+ − 245
return false;
+ − 246
}
+ − 247
}
91
+ − 248
else if ( $this->namespace == 'User' && strpos($this->page_id, '/') === false )
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 249
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 250
$this->_handle_userpage();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 251
}
1
+ − 252
else if ( ( $this->namespace == 'Template' || $this->namespace == 'System' ) && $this->page_exists )
+ − 253
{
+ − 254
$this->header();
+ − 255
+ − 256
$text = $this->fetch_text();
+ − 257
$text = preg_replace('/<noinclude>(.*?)<\/noinclude>/is', '\\1', $text);
+ − 258
$text = preg_replace('/<nodisplay>(.*?)<\/nodisplay>/is', '', $text);
+ − 259
+ − 260
$text = RenderMan::render( $text );
+ − 261
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 262
eval( '?>' . $text );
1
+ − 263
+ − 264
$this->footer();
312
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 265
}
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 266
else if ( $this->namespace == 'Anonymous' )
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 267
{
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 268
$uri = scriptPath . '/' . $this->page_id;
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 269
if ( !$this->send_headers )
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 270
{
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 271
$sep = ( strstr($uri, '?') ) ? '&' : '?';
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 272
$uri .= "{$sep}noheaders";
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 273
}
6c7060d36a23
Improved physical pages: they support comments and have their own dedicated namespace now. Still some consistency fixes to make.
Dan
diff
changeset
+ − 274
redirect( $uri, '', '', 0 );
1
+ − 275
}
+ − 276
else if ( !$this->page_exists )
+ − 277
{
+ − 278
// Perhaps this is hooked?
+ − 279
ob_start();
+ − 280
+ − 281
$code = $plugins->setHook('page_not_found');
+ − 282
foreach ( $code as $cmd )
+ − 283
{
+ − 284
eval($cmd);
+ − 285
}
+ − 286
+ − 287
$ob = ob_get_contents();
+ − 288
+ − 289
if ( empty($ob) )
+ − 290
{
+ − 291
$this->err_page_not_existent();
+ − 292
}
61
+ − 293
else
+ − 294
{
+ − 295
// Something sent content, so we'll assume the page exist...ed at least according to the plugin
+ − 296
if ( $this->namespace != 'Special' && $this->namespace != 'Admin' && $do_stats )
+ − 297
{
+ − 298
doStats($this->page_id, $this->namespace);
+ − 299
}
+ − 300
}
1
+ − 301
}
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 302
else // (disabled for compatibility reasons) if ( in_array($this->namespace, array('Article', 'User', 'Project', 'Help', 'File', 'Category')) && $this->page_exists )
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 303
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 304
// Send as regular page
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 305
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 306
// die($this->page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 307
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 308
$text = $this->fetch_text();
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 309
if ( $text == 'err_no_text_rows' )
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 310
{
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 311
$this->err_no_rows();
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 312
profiler_log("PageProcessor [{$this->namespace}:{$this->page_id}]: Finished send process");
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 313
return false;
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 314
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 315
else
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 316
{
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 317
$redirect = ( isset($_GET['redirect']) ) ? $_GET['redirect'] : 'YES YOU IDIOT';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 318
if ( preg_match('/^#redirect \[\[([^\]]+)\]\]/i', $text, $match) && $redirect != 'no' )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 319
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 320
// Redirect page!
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 321
$page_to = sanitize_page_id($match[1]);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 322
$page_id_data = RenderMan::strToPageID($page_to);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 323
if ( count($this->redirect_stack) >= 3 )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 324
{
314
+ − 325
$this->render( (!$strict_no_headers), '<div class="usermessage"><b>' . $lang->get('page_err_redirects_exceeded') . '</b></div>' );
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 326
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 327
else
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 328
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 329
$result = $this->_handle_redirect($page_id_data[0], $page_id_data[1]);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 330
if ( $result !== true )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 331
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 332
// There was some error during the redirect process - usually an infinite redirect
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 333
$this->render( (!$strict_no_headers), '<div class="usermessage"><b>' . $result . '</b></div>' );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 334
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 335
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 336
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 337
else
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 338
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 339
$this->render( (!$strict_no_headers) );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 340
}
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 341
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 342
}
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 343
profiler_log("PageProcessor [{$this->namespace}:{$this->page_id}]: Finished send process");
1
+ − 344
}
+ − 345
+ − 346
/**
322
+ − 347
* Fetches the wikitext or HTML source for the page.
+ − 348
* @return string
+ − 349
*/
+ − 350
+ − 351
function fetch_source()
+ − 352
{
+ − 353
if ( !$this->perms->get_permissions('view_source') )
+ − 354
{
+ − 355
return false;
+ − 356
}
325
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 357
if ( !$this->page_exists )
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 358
{
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 359
return '';
e17cc42d77cf
Fixed: $paths->page_id not set when the page doesn't exist; finally fixed garbled page names for IP addresses
Dan
diff
changeset
+ − 360
}
322
+ − 361
return $this->fetch_text();
+ − 362
}
+ − 363
+ − 364
/**
+ − 365
* Updates the content of the page.
+ − 366
* @param string The new text for the page
+ − 367
* @param string A summary of edits made to the page.
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 368
* @param bool If true, the edit is marked as a minor revision
322
+ − 369
* @return bool True on success, false on failure
+ − 370
*/
+ − 371
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 372
function update_page($text, $edit_summary = false, $minor_edit = false)
322
+ − 373
{
+ − 374
global $db, $session, $paths, $template, $plugins; // Common objects
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 375
global $lang;
322
+ − 376
+ − 377
// Create the page if it doesn't exist
+ − 378
if ( !$this->page_exists )
+ − 379
{
+ − 380
if ( !$this->create_page() )
+ − 381
{
+ − 382
return false;
+ − 383
}
+ − 384
}
+ − 385
+ − 386
//
+ − 387
// Validation
+ − 388
//
+ − 389
+ − 390
$page_id = $db->escape($this->page_id);
+ − 391
$namespace = $db->escape($this->namespace);
+ − 392
+ − 393
$q = $db->sql_query('SELECT protected FROM ' . table_prefix . "pages WHERE urlname='$page_id' AND namespace='$namespace';");
+ − 394
if ( !$q )
+ − 395
$db->_die('PageProcess updating page content');
+ − 396
if ( $db->numrows() < 1 )
+ − 397
{
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 398
$this->raise_error($lang->get('editor_err_no_rows'));
322
+ − 399
return false;
+ − 400
}
+ − 401
+ − 402
// Do we have permission to edit the page?
+ − 403
if ( !$this->perms->get_permissions('edit_page') )
+ − 404
{
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 405
$this->raise_error($lang->get('editor_err_no_permission'));
322
+ − 406
return false;
+ − 407
}
+ − 408
+ − 409
list($protection) = $db->fetchrow_num();
+ − 410
$db->free_result();
+ − 411
+ − 412
if ( $protection == 1 )
+ − 413
{
+ − 414
// The page is protected - do we have permission to edit protected pages?
+ − 415
if ( !$this->perms->get_permissions('even_when_protected') )
+ − 416
{
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 417
$this->raise_error($lang->get('editor_err_page_protected'));
322
+ − 418
return false;
+ − 419
}
+ − 420
}
+ − 421
else if ( $protection == 2 )
+ − 422
{
+ − 423
// The page is semi-protected.
+ − 424
if (
+ − 425
( !$session->user_logged_in || // Is the user logged in?
+ − 426
( $session->user_logged_in && $session->reg_time + ( 4 * 86400 ) >= time() ) ) // If so, have they been registered for 4 days?
+ − 427
&& !$this->perms->get_permissions('even_when_protected') ) // And of course, is there an ACL that overrides semi-protection?
+ − 428
{
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 429
$this->raise_error($lang->get('editor_err_page_protected'));
322
+ − 430
return false;
+ − 431
}
+ − 432
}
+ − 433
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 434
//
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 435
// Protection validated; update page content
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 436
//
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 437
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 438
$text_undb = RenderMan::preprocess_text($text, false, false);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 439
$text = $db->escape($text_undb);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 440
$author = $db->escape($session->username);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 441
$time = time();
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 442
$edit_summary = ( strval($edit_summary) === $edit_summary ) ? $db->escape($edit_summary) : '';
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 443
$minor_edit = ( $minor_edit ) ? '1' : '0';
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 444
$date_string = enano_date('d M Y h:i a');
335
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 445
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 446
// Insert log entry
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 447
$sql = 'INSERT INTO ' . table_prefix . "logs ( time_id, date_string, log_type, action, page_id, namespace, author, page_text, edit_summary, minor_edit )\n"
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 448
. " VALUES ( $time, '$date_string', 'page', 'edit', '{$this->page_id}', '{$this->namespace}', '$author', '$text', '$edit_summary', $minor_edit );";
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 449
if ( !$db->sql_query($sql) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 450
{
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 451
$this->raise_error($db->get_error());
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 452
return false;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 453
}
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 454
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 455
// Update the master text entry
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 456
$sql = 'UPDATE ' . table_prefix . "page_text SET page_text = '$text' WHERE page_id = '{$this->page_id}' AND namespace = '{$this->namespace}';";
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 457
if ( !$db->sql_query($sql) )
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 458
{
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 459
$this->raise_error($db->get_error());
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 460
return false;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 461
}
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 462
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 463
// Rebuild the search index
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 464
$paths->rebuild_page_index($this->page_id, $this->namespace);
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 465
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 466
$this->text_cache = $text;
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 467
67bd3121a12e
Replaced TinyMCE 2.x with 3.0 beta 3. Supports everything but IE. Also rewrote the editor interface completely from the ground up.
Dan
diff
changeset
+ − 468
return true;
322
+ − 469
+ − 470
}
+ − 471
+ − 472
/**
+ − 473
* Creates the page if it doesn't already exist.
426
+ − 474
* @param string Optional page title.
322
+ − 475
* @return bool True on success, false on failure.
+ − 476
*/
+ − 477
426
+ − 478
function create_page($title = false)
322
+ − 479
{
+ − 480
global $db, $session, $paths, $template, $plugins; // Common objects
426
+ − 481
global $lang;
322
+ − 482
+ − 483
// Do we have permission to create the page?
+ − 484
if ( !$this->perms->get_permissions('create_page') )
+ − 485
{
426
+ − 486
$this->raise_error($lang->get('pagetools_create_err_no_permission'));
322
+ − 487
return false;
+ − 488
}
+ − 489
+ − 490
// Does it already exist?
+ − 491
if ( $this->page_exists )
+ − 492
{
426
+ − 493
$this->raise_error($lang->get('pagetools_create_err_already_exists'));
322
+ − 494
return false;
+ − 495
}
+ − 496
+ − 497
// It's not in there. Perform validation.
+ − 498
+ − 499
// We can't create special, admin, or external pages.
+ − 500
if ( $this->namespace == 'Special' || $this->namespace == 'Admin' || $this->namespace == 'Anonymous' )
+ − 501
{
426
+ − 502
$this->raise_error($lang->get('pagetools_create_err_nodb_namespace'));
322
+ − 503
return false;
+ − 504
}
+ − 505
+ − 506
// Guess the proper title
426
+ − 507
$name = ( !empty($title) ) ? $title : dirtify_page_id($this->page_id);
322
+ − 508
+ − 509
// Check for the restricted Project: prefix
+ − 510
if ( substr($this->page_id, 0, 8) == 'Project:' )
+ − 511
{
426
+ − 512
$this->raise_error($lang->get('pagetools_create_err_reserved_prefix'));
322
+ − 513
return false;
+ − 514
}
+ − 515
+ − 516
// Validation successful - insert the page
+ − 517
+ − 518
$metadata = array(
+ − 519
'urlname' => $this->page_id,
+ − 520
'namespace' => $this->namespace,
+ − 521
'name' => $name,
+ − 522
'special' => 0,
+ − 523
'visible' => 1,
+ − 524
'comments_on' => 1,
+ − 525
'protected' => ( $this->namespace == 'System' ? 1 : 0 ),
+ − 526
'delvotes' => 0,
+ − 527
'delvote_ips' => serialize(array()),
+ − 528
'wiki_mode' => 2
+ − 529
);
+ − 530
+ − 531
$paths->add_page($metadata);
+ − 532
+ − 533
$page_id = $db->escape($this->page_id);
+ − 534
$namespace = $db->escape($this->namespace);
+ − 535
$name = $db->escape($name);
+ − 536
$protect = ( $this->namespace == 'System' ) ? '1' : '0';
+ − 537
$blank_array = $db->escape(serialize(array()));
+ − 538
+ − 539
// Query 1: Metadata entry
+ − 540
$q = $db->sql_query('INSERT INTO ' . table_prefix . "pages(name, urlname, namespace, protected, delvotes, delvote_ips, wiki_mode)\n"
+ − 541
. "VALUES ( '$name', '$page_id', '$namespace', $protect, 0, '$blank_array', 2 );");
+ − 542
if ( !$q )
+ − 543
$db->_die('PageProcessor page creation - metadata stage');
+ − 544
+ − 545
// Query 2: Text insertion
+ − 546
$q = $db->sql_query('INSERT INTO ' . table_prefix . "page_text(page_id, namespace, page_text)\n"
+ − 547
. "VALUES ( '$page_id', '$namespace', '' );");
+ − 548
if ( !$q )
+ − 549
$db->_die('PageProcessor page creation - text stage');
+ − 550
426
+ − 551
// Query 3: Log entry
+ − 552
$db->sql_query('INSERT INTO ' . table_prefix."logs(time_id, date_string, log_type, action, author, page_id, namespace)\n"
+ − 553
. " VALUES ( " . time() . ", '" . enano_date('d M Y h:i a') . "', 'page', 'create', \n"
+ − 554
. " '" . $db->escape($session->username) . "', '" . $db->escape($this->page_id) . "', '" . $this->namespace . "');");
+ − 555
if ( !$q )
+ − 556
$db->_die('PageProcessor page creation - logging stage');
+ − 557
322
+ − 558
// Page created. We're good!
+ − 559
return true;
+ − 560
}
+ − 561
+ − 562
/**
1
+ − 563
* Sets internal variables.
+ − 564
* @access private
+ − 565
*/
+ − 566
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 567
function _setup($page_id, $namespace, $revision_id)
1
+ − 568
{
+ − 569
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 570
+ − 571
$page_id_cleaned = sanitize_page_id($page_id);
+ − 572
+ − 573
$this->page_id = $page_id_cleaned;
+ − 574
$this->namespace = $namespace;
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 575
$this->revision_id = $revision_id;
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 576
$this->page_id_unclean = dirtify_page_id($page_id);
1
+ − 577
+ − 578
$this->perms = $session->fetch_page_acl( $page_id, $namespace );
+ − 579
+ − 580
// Exception for Admin: pages
+ − 581
if ( $this->namespace == 'Admin' )
+ − 582
{
+ − 583
$fname = "page_Admin_{$this->page_id}";
+ − 584
}
+ − 585
+ − 586
// Does the page "exist"?
426
+ − 587
$pathskey = $paths->nslist[$namespace] . $page_id_cleaned;
+ − 588
322
+ − 589
if ( $paths->page_id == $page_id && $paths->namespace == $namespace && !$paths->page_exists && ( $this->namespace != 'Admin' || ($this->namespace == 'Admin' && !function_exists($fname) ) ) )
1
+ − 590
{
+ − 591
$this->page_exists = false;
+ − 592
}
426
+ − 593
else if ( !isset( $paths->pages[ $pathskey ] ) && ( ( $this->namespace == 'Admin' && !function_exists($fname) ) || ( $this->namespace != 'Admin' ) ) )
1
+ − 594
{
+ − 595
$this->page_exists = false;
+ − 596
}
+ − 597
else
+ − 598
{
+ − 599
$this->page_exists = true;
+ − 600
}
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 601
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 602
// Compatibility with older databases
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 603
if ( strstr($this->page_id, '.2e') && !$this->page_exists )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 604
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 605
$page_id = str_replace('.2e', '.', $page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 606
322
+ − 607
if ( $paths->page_id == $page_id && $paths->namespace == $namespace && !$paths->page_exists && ( $this->namespace != 'Admin' || ($this->namespace == 'Admin' && !function_exists($fname) ) ) )
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 608
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 609
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 610
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 611
else if ( !isset( $paths->pages[ $paths->nslist[$namespace] . $page_id ] ) && ( $this->namespace == 'Admin' && !function_exists($fname) ) )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 612
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 613
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 614
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 615
else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 616
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 617
$this->page_exists = true;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 618
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 619
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 620
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 621
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 622
$this->title = get_page_title_ns($this->page_id, $this->namespace);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 623
372
5bd429428101
A number of scattered changes. Profiler added and only enabled in debug mode (currently on), but awfully useful for fixing performance in the future. Started work on Admin:LangManager
Dan
diff
changeset
+ − 624
profiler_log("PageProcessor [{$this->namespace}:{$this->page_id}]: Ran _setup()");
1
+ − 625
}
+ − 626
+ − 627
/**
+ − 628
* Renders it all in one go, and echoes it out. This assumes that the text is in the DB.
+ − 629
* @access private
+ − 630
*/
+ − 631
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 632
function render($incl_inner_headers = true, $_errormsg = false)
1
+ − 633
{
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 634
global $db, $session, $paths, $template, $plugins; // Common objects
314
+ − 635
global $lang;
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 636
1
+ − 637
$text = $this->fetch_text();
91
+ − 638
$text = preg_replace('/([\s]*)__NOBREADCRUMBS__([\s]*)/', '', $text);
+ − 639
$text = preg_replace('/([\s]*)__NOTOC__([\s]*)/', '', $text);
1
+ − 640
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 641
$redir_enabled = false;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 642
if ( preg_match('/^#redirect \[\[([^\]]+?)\]\]/i', $text, $match ) )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 643
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 644
$redir_enabled = true;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 645
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 646
$oldtarget = RenderMan::strToPageID($match[1]);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 647
$oldtarget[0] = sanitize_page_id($oldtarget[0]);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 648
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 649
$url = makeUrlNS($oldtarget[1], $oldtarget[0], false, true);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 650
$page_id_key = $paths->nslist[ $oldtarget[1] ] . $oldtarget[0];
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 651
$page_data = $paths->pages[$page_id_key];
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 652
$title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$oldtarget[1]] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $oldtarget[0] ) ) );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 653
if ( !isset($page_data['name']) )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 654
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 655
$cls = 'class="wikilink-nonexistent"';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 656
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 657
else
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 658
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 659
$cls = '';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 660
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 661
$a = '<a ' . $cls . ' href="' . $url . '">' . $title . '</a>';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 662
$redir_html = '<br /><div class="mdg-infobox">
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 663
<table border="0" width="100%" cellspacing="0" cellpadding="0">
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 664
<tr>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 665
<td valign="top">
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 666
<img alt="Cute wet-floor icon" src="'.scriptPath.'/images/redirector.png" />
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 667
</td>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 668
<td valign="top" style="padding-left: 10px;">
314
+ − 669
' . $lang->get('page_msg_this_is_a_redirector', array( 'redirect_target' => $a )) . '
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 670
</td>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 671
</tr>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 672
</table>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 673
</div>
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 674
<br />
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 675
<hr style="margin-left: 1em; width: 200px;" />';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 676
$text = str_replace($match[0], '', $text);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 677
$text = trim($text);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 678
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 679
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 680
$template->tpl_strings['PAGE_NAME'] = htmlspecialchars( $this->title );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 681
1
+ − 682
$this->header();
91
+ − 683
$this->do_breadcrumbs();
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 684
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 685
if ( $_errormsg )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 686
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 687
echo $_errormsg;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 688
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 689
24
+ − 690
if ( $incl_inner_headers )
+ − 691
{
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 692
if ( count($this->redirect_stack) > 0 )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 693
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 694
$stack = array_reverse($this->redirect_stack);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 695
foreach ( $stack as $oldtarget )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 696
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 697
$url = makeUrlNS($oldtarget[1], $oldtarget[0], 'redirect=no', true);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 698
$page_id_key = $paths->nslist[ $oldtarget[1] ] . $oldtarget[0];
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 699
$page_data = $paths->pages[$page_id_key];
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 700
$title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$oldtarget[1]] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $oldtarget[0] ) ) );
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 701
$a = '<a href="' . $url . '">' . $title . '</a>';
368
+ − 702
echo '<small>' . $lang->get('page_msg_redirected_from', array('from' => $a)) . '<br /></small>';
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 703
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 704
}
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 705
display_page_headers();
24
+ − 706
}
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 707
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 708
if ( $this->revision_id )
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 709
{
368
+ − 710
echo '<div class="info-box" style="margin-left: 0; margin-top: 5px;">
+ − 711
<b>' . $lang->get('page_msg_archived_title') . '</b><br />
+ − 712
' . $lang->get('page_msg_archived_body', array(
+ − 713
'archive_date' => enano_date('F d, Y', $this->revision_id),
+ − 714
'archive_time' => enano_date('h:i a', $this->revision_id),
+ − 715
'current_link' => makeUrlNS($this->namespace, $this->page_id),
+ − 716
'restore_link' => makeUrlNS($this->namespace, $this->page_id, 'do=rollback&id='.$this->revision_id),
+ − 717
'restore_onclick' => 'ajaxRollback(\''.$this->revision_id.'\'); return false;',
+ − 718
)) . '
+ − 719
</div>
+ − 720
<br />';
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 721
}
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 722
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 723
if ( $redir_enabled )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 724
{
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 725
echo $redir_html;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 726
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 727
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 728
$code = $plugins->setHook('pageprocess_render_head');
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 729
foreach ( $code as $cmd )
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 730
{
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 731
eval($cmd);
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 732
}
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 733
25
+ − 734
if ( $incl_inner_headers )
+ − 735
{
+ − 736
$text = '?>' . RenderMan::render($text);
+ − 737
}
+ − 738
else
+ − 739
{
+ − 740
$text = '?>' . $text;
26
+ − 741
$text = preg_replace('/<nowiki>(.*?)<\/nowiki>/s', '\\1', $text);
25
+ − 742
}
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 743
// echo('<pre>'.htmlspecialchars($text).'</pre>');
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 744
eval ( $text );
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 745
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 746
$code = $plugins->setHook('pageprocess_render_tail');
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 747
foreach ( $code as $cmd )
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 748
{
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 749
eval($cmd);
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 750
}
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 751
24
+ − 752
if ( $incl_inner_headers )
+ − 753
{
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 754
display_page_footers();
24
+ − 755
}
9
1e61232606d6
Following fixes: admin theme supports <button> tag now, PageProcessor can eval now, and SpecialAdmin.php plugin can no longer be disabled
dan@fuhry
diff
changeset
+ − 756
1
+ − 757
$this->footer();
+ − 758
}
+ − 759
+ − 760
/**
+ − 761
* Sends the page header, dependent on, of course, whether we're supposed to.
+ − 762
*/
+ − 763
+ − 764
function header()
+ − 765
{
+ − 766
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 767
if ( $this->send_headers )
+ − 768
$template->header();
+ − 769
}
+ − 770
+ − 771
/**
+ − 772
* Sends the page footer, dependent on, of course, whether we're supposed to.
+ − 773
*/
+ − 774
+ − 775
function footer()
+ − 776
{
+ − 777
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 778
if ( $this->send_headers )
+ − 779
$template->footer();
+ − 780
}
+ − 781
+ − 782
/**
+ − 783
* Fetches the raw, unfiltered page text.
+ − 784
* @access public
+ − 785
*/
+ − 786
+ − 787
function fetch_text()
+ − 788
{
+ − 789
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 790
+ − 791
if ( !empty($this->text_cache) )
+ − 792
{
+ − 793
return $this->text_cache;
+ − 794
}
+ − 795
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 796
if ( $this->revision_id > 0 && is_int($this->revision_id) )
1
+ − 797
{
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 798
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 799
$q = $db->sql_query('SELECT page_text, char_tag, date_string FROM '.table_prefix.'logs WHERE page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\' AND time_id=' . $this->revision_id . ';');
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 800
if ( !$q )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 801
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 802
$this->send_error('Error during SQL query.', true);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 803
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 804
if ( $db->numrows() < 1 )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 805
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 806
// Compatibility fix for old pages with dots in the page ID
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 807
if ( strstr($this->page_id, '.2e') )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 808
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 809
$db->free_result();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 810
$page_id = str_replace('.2e', '.', $this->page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 811
$q = $db->sql_query('SELECT page_text, char_tag, date_string FROM '.table_prefix.'logs WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $this->namespace . '\' AND time_id=' . $this->revision_id . ';');
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 812
if ( !$q )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 813
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 814
$this->send_error('Error during SQL query.', true);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 815
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 816
if ( $db->numrows() < 1 )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 817
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 818
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 819
return 'err_no_text_rows';
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 820
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 821
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 822
else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 823
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 824
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 825
return 'err_no_text_rows';
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 826
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 827
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 828
else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 829
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 830
$row = $db->fetchrow();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 831
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 832
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 833
$db->free_result();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 834
1
+ − 835
}
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 836
else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 837
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 838
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 839
$q = $db->sql_query('SELECT page_text, char_tag FROM '.table_prefix.'page_text WHERE page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\';');
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 840
if ( !$q )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 841
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 842
$this->send_error('Error during SQL query.', true);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 843
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 844
if ( $db->numrows() < 1 )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 845
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 846
// Compatibility fix for old pages with dots in the page ID
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 847
if ( strstr($this->page_id, '.2e') )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 848
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 849
$db->free_result();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 850
$page_id = str_replace('.2e', '.', $this->page_id);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 851
$q = $db->sql_query('SELECT page_text, char_tag FROM '.table_prefix.'page_text WHERE page_id=\'' . $page_id . '\' AND namespace=\'' . $this->namespace . '\';');
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 852
if ( !$q )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 853
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 854
$this->send_error('Error during SQL query.', true);
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 855
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 856
if ( $db->numrows() < 1 )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 857
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 858
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 859
return 'err_no_text_rows';
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 860
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 861
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 862
else
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 863
{
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 864
$this->page_exists = false;
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 865
return 'err_no_text_rows';
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 866
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 867
}
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 868
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 869
$row = $db->fetchrow();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 870
$db->free_result();
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 871
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 872
}
1
+ − 873
+ − 874
if ( !empty($row['char_tag']) )
+ − 875
{
+ − 876
// This page text entry uses the old text-escaping format
+ − 877
$from = array(
+ − 878
"{APOS:{$row['char_tag']}}",
+ − 879
"{QUOT:{$row['char_tag']}}",
+ − 880
"{SLASH:{$row['char_tag']}}"
+ − 881
);
+ − 882
$to = array("'", '"', '\\');
+ − 883
$row['page_text'] = str_replace($from, $to, $row['page_text']);
+ − 884
}
+ − 885
+ − 886
$this->text_cache = $row['page_text'];
+ − 887
+ − 888
return $row['page_text'];
+ − 889
+ − 890
}
+ − 891
+ − 892
/**
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 893
* Handles the extra overhead required for user pages.
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 894
* @access private
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 895
*/
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 896
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 897
function _handle_userpage()
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 898
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 899
global $db, $session, $paths, $template, $plugins; // Common objects
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 900
global $email;
328
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 901
global $lang;
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 902
285
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 903
$page_urlname = dirtify_page_id($this->page_id);
322
+ − 904
if ( $this->page_id == $paths->page_id && $this->namespace == $paths->namespace )
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 905
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 906
$page_name = ( isset($paths->cpage['name']) ) ? $paths->cpage['name'] : $this->page_id;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 907
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 908
else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 909
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 910
$page_name = ( isset($paths->pages[$this->page_id]) ) ? $paths->pages[$this->page_id]['name'] : $this->page_id;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 911
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 912
285
7846d45bd250
Changed all urlname/page_id columns to varchar(255) because 63 characters just isn't long enough
Dan
diff
changeset
+ − 913
$target_username = strtr($page_urlname,
22
+ − 914
Array(
+ − 915
'_' => ' ',
+ − 916
'<' => '<',
+ − 917
'>' => '>'
+ − 918
));
+ − 919
377
bb3e6c3bd4f4
Removed stray debugging info from ACL editor success notification; added ability for guests to set language on URI (?lang=eng); added html_in_pages ACL type and separated from php_in_pages so HTML can be embedded but not PHP; rewote portions of the path manager to better abstract URL input; added Zend Framework into list of BSD-licensed libraries; localized some remaining strings; got the migration script working, but just barely; fixed display bug in Special:Contributions; localized Main Page button in admin panel
Dan
diff
changeset
+ − 920
$target_username = preg_replace('/^' . str_replace('/', '\\/', preg_quote($paths->nslist['User'])) . '/', '', $target_username);
bb3e6c3bd4f4
Removed stray debugging info from ACL editor success notification; added ability for guests to set language on URI (?lang=eng); added html_in_pages ACL type and separated from php_in_pages so HTML can be embedded but not PHP; rewote portions of the path manager to better abstract URL input; added Zend Framework into list of BSD-licensed libraries; localized some remaining strings; got the migration script working, but just barely; fixed display bug in Special:Contributions; localized Main Page button in admin panel
Dan
diff
changeset
+ − 921
list($target_username) = explode('/', $target_username);
22
+ − 922
+ − 923
if ( ( $page_name == str_replace('_', ' ', $this->page_id) || $page_name == $paths->nslist['User'] . str_replace('_', ' ', $this->page_id) ) || !$this->page_exists )
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 924
{
377
bb3e6c3bd4f4
Removed stray debugging info from ACL editor success notification; added ability for guests to set language on URI (?lang=eng); added html_in_pages ACL type and separated from php_in_pages so HTML can be embedded but not PHP; rewote portions of the path manager to better abstract URL input; added Zend Framework into list of BSD-licensed libraries; localized some remaining strings; got the migration script working, but just barely; fixed display bug in Special:Contributions; localized Main Page button in admin panel
Dan
diff
changeset
+ − 925
$page_name = $lang->get('userpage_page_title', array('username' => htmlspecialchars($target_username)));
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 926
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 927
else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 928
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 929
// User has a custom title for their userpage
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 930
$page_name = $paths->pages[ $paths->nslist[$this->namespace] . $this->page_id ]['name'];
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 931
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 932
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 933
$template->tpl_strings['PAGE_NAME'] = htmlspecialchars($page_name);
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 934
328
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 935
$q = $db->sql_query('SELECT u.username, u.user_id AS authoritative_uid, u.real_name, u.email, u.reg_time, u.user_has_avatar, u.avatar_type, x.*, COUNT(c.comment_id) AS n_comments
22
+ − 936
FROM '.table_prefix.'users u
+ − 937
LEFT JOIN '.table_prefix.'users_extra AS x
+ − 938
ON ( u.user_id = x.user_id OR x.user_id IS NULL )
+ − 939
LEFT JOIN '.table_prefix.'comments AS c
47
+ − 940
ON ( ( c.user_id=u.user_id AND c.name=u.username AND c.approved=1 ) OR ( c.comment_id IS NULL AND c.approved IS NULL ) )
22
+ − 941
WHERE u.username=\'' . $db->escape($target_username) . '\'
328
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 942
GROUP BY u.username, u.user_id, u.real_name, u.email, u.reg_time, u.user_has_avatar, u.avatar_type, x.user_id, x.user_aim, x.user_yahoo, x.user_msn, x.user_xmpp, x.user_homepage, x.user_location, x.user_job, x.user_hobbies, x.email_public;');
22
+ − 943
if ( !$q )
+ − 944
$db->_die();
+ − 945
+ − 946
$user_exists = true;
+ − 947
+ − 948
if ( $db->numrows() < 1 )
+ − 949
{
+ − 950
$user_exists = false;
+ − 951
}
+ − 952
else
+ − 953
{
+ − 954
$userdata = $db->fetchrow();
+ − 955
if ( $userdata['authoritative_uid'] == 1 )
+ − 956
{
+ − 957
// Hide data for anonymous user
+ − 958
$user_exists = false;
+ − 959
unset($userdata);
+ − 960
}
+ − 961
}
+ − 962
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 963
$this->header();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 964
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 965
// if ( $send_headers )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 966
// {
22
+ − 967
// display_page_headers();
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 968
// }
16
+ − 969
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 970
// Start left sidebar: basic user info, latest comments
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 971
22
+ − 972
if ( $user_exists ):
+ − 973
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 974
echo '<table border="0" cellspacing="4" cellpadding="0" style="width: 100%;">';
22
+ − 975
echo '<tr><td style="width: 150px;" valign="top">';
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 976
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 977
echo '<div class="tblholder">
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 978
<table border="0" cellspacing="1" cellpadding="4">';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 979
22
+ − 980
//
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 981
// Main part of sidebar
22
+ − 982
//
+ − 983
+ − 984
// Basic user info
+ − 985
368
+ − 986
echo '<tr><th class="subhead">' . $lang->get('userpage_heading_basics', array('username' => htmlspecialchars($target_username))) . '</th></tr>';
328
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 987
if ( $userdata['user_has_avatar'] == '1' )
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 988
{
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 989
echo '<tr><td class="row1" style="text-align: center;"><img alt="' . $lang->get('usercp_avatar_image_alt', array('username' => $userdata['username'])) . '" src="' . make_avatar_url(intval($userdata['authoritative_uid']), $userdata['avatar_type']) . '" /></td></tr>';
dc838fd61a06
Added initial avatar support. Currently rather feature complete except for admin controls for avatar.
Dan
diff
changeset
+ − 990
}
368
+ − 991
echo '<tr><td class="row3">' . $lang->get('userpage_lbl_joined') . ' ' . enano_date('F d, Y h:i a', $userdata['reg_time']) . '</td></tr>';
+ − 992
echo '<tr><td class="row1">' . $lang->get('userpage_lbl_num_comments') . ' ' . $userdata['n_comments'] . '</td></tr>';
22
+ − 993
+ − 994
if ( !empty($userdata['real_name']) )
+ − 995
{
368
+ − 996
echo '<tr><td class="row3">' . $lang->get('userpage_lbl_real_name') . ' ' . $userdata['real_name'] . '</td></tr>';
22
+ − 997
}
+ − 998
108
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 999
// Administer user button
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 1000
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 1001
if ( $session->user_level >= USER_LEVEL_ADMIN )
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 1002
{
368
+ − 1003
echo '<tr><td class="row1"><a href="' . makeUrlNS('Special', 'Administration', 'module=' . $paths->nslist['Admin'] . 'UserManager&src=get&user=' . urlencode($target_username), true) . '" onclick="ajaxAdminUser(\'' . addslashes($target_username) . '\'); return false;">' . $lang->get('userpage_btn_administer_user') . '</a></td></tr>';
108
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 1004
}
1c7f59df9474
Implemented some extra functionality for friends/foes in comments; fixed lack of table_prefix in stats.php line 63
Dan
diff
changeset
+ − 1005
22
+ − 1006
// Comments
+ − 1007
368
+ − 1008
echo '<tr><th class="subhead">' . $lang->get('userpage_heading_comments', array('username' => htmlspecialchars($target_username))) . '</th></tr>';
47
+ − 1009
$q = $db->sql_query('SELECT page_id, namespace, subject, time FROM '.table_prefix.'comments WHERE name=\'' . $db->escape($target_username) . '\' AND user_id=' . $userdata['authoritative_uid'] . ' AND approved=1 ORDER BY time DESC LIMIT 5;');
22
+ − 1010
if ( !$q )
+ − 1011
$db->_die();
+ − 1012
+ − 1013
$comments = Array();
+ − 1014
$no_comments = false;
+ − 1015
+ − 1016
if ( $row = $db->fetchrow() )
+ − 1017
{
+ − 1018
do
+ − 1019
{
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1020
$row['time'] = enano_date('F d, Y', $row['time']);
22
+ − 1021
$comments[] = $row;
+ − 1022
}
+ − 1023
while ( $row = $db->fetchrow() );
+ − 1024
}
+ − 1025
else
+ − 1026
{
+ − 1027
$no_comments = true;
+ − 1028
}
+ − 1029
+ − 1030
echo '<tr><td class="row3">';
+ − 1031
echo '<div style="border: 1px solid #000000; padding: 0px; margin: 0; max-height: 200px; clip: rect(0px,auto,auto,0px); overflow: auto; background-color: transparent;" class="tblholder">';
+ − 1032
+ − 1033
echo '<table border="0" cellspacing="1" cellpadding="4">';
+ − 1034
$class = 'row1';
+ − 1035
+ − 1036
$tpl = '<tr>
+ − 1037
<td class="{CLASS}">
+ − 1038
<a href="{PAGE_LINK}" <!-- BEGINNOT page_exists -->class="wikilink-nonexistent"<!-- END page_exists -->>{PAGE}</a><br />
368
+ − 1039
<small>{lang:userpage_comments_lbl_posted} {DATE}<br /></small>
22
+ − 1040
<b><a href="{COMMENT_LINK}">{SUBJECT}</a></b>
+ − 1041
</td>
+ − 1042
</tr>';
+ − 1043
$parser = $template->makeParserText($tpl);
+ − 1044
+ − 1045
if ( count($comments) > 0 )
+ − 1046
{
+ − 1047
foreach ( $comments as $comment )
+ − 1048
{
+ − 1049
$c_page_id = $paths->nslist[ $comment['namespace'] ] . sanitize_page_id($comment['page_id']);
+ − 1050
if ( isset($paths->pages[ $c_page_id ]) )
+ − 1051
{
+ − 1052
$parser->assign_bool(array(
+ − 1053
'page_exists' => true
+ − 1054
));
83
+ − 1055
$page_title = htmlspecialchars($paths->pages[ $c_page_id ]['name']);
22
+ − 1056
}
+ − 1057
else
+ − 1058
{
+ − 1059
$parser->assign_bool(array(
+ − 1060
'page_exists' => false
+ − 1061
));
+ − 1062
$page_title = htmlspecialchars(dirtify_page_id($c_page_id));
+ − 1063
}
+ − 1064
$parser->assign_vars(array(
+ − 1065
'CLASS' => $class,
+ − 1066
'PAGE_LINK' => makeUrlNS($comment['namespace'], sanitize_page_id($comment['page_id'])),
+ − 1067
'PAGE' => $page_title,
+ − 1068
'SUBJECT' => $comment['subject'],
+ − 1069
'DATE' => $comment['time'],
+ − 1070
'COMMENT_LINK' => makeUrlNS($comment['namespace'], sanitize_page_id($comment['page_id']), 'do=comments', true)
+ − 1071
));
+ − 1072
$class = ( $class == 'row3' ) ? 'row1' : 'row3';
+ − 1073
echo $parser->run();
+ − 1074
}
+ − 1075
}
+ − 1076
else
+ − 1077
{
368
+ − 1078
echo '<tr><td class="' . $class . '">' . $lang->get('userpage_msg_no_comments') . '</td></tr>';
22
+ − 1079
}
+ − 1080
echo '</table>';
+ − 1081
+ − 1082
echo '</div>';
+ − 1083
echo '</td></tr>';
315
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1084
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1085
$code = $plugins->setHook('userpage_sidebar_left');
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1086
foreach ( $code as $cmd )
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1087
{
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1088
eval($cmd);
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1089
}
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1090
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1091
echo ' </table>
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1092
</div>';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1093
22
+ − 1094
echo '</td><td valign="top" style="padding: 0 10px;">';
+ − 1095
+ − 1096
else:
+ − 1097
+ − 1098
// Nothing for now
+ − 1099
+ − 1100
endif;
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1101
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1102
// User's own content
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1103
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1104
$send_headers = $this->send_headers;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1105
$this->send_headers = false;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1106
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1107
if ( $this->page_exists )
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1108
{
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1109
$this->render();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1110
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1111
else
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1112
{
22
+ − 1113
$this->err_page_not_existent(true);
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1114
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1115
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1116
// Right sidebar
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1117
22
+ − 1118
if ( $user_exists ):
+ − 1119
+ − 1120
echo '</td><td style="width: 150px;" valign="top">';
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1121
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1122
echo '<div class="tblholder">
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1123
<table border="0" cellspacing="1" cellpadding="4">';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1124
22
+ − 1125
//
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1126
// Main part of sidebar
22
+ − 1127
//
+ − 1128
+ − 1129
// Contact information
+ − 1130
368
+ − 1131
echo '<tr><th class="subhead">' . $lang->get('userpage_heading_contact') . '</th></tr>';
22
+ − 1132
+ − 1133
$class = 'row3';
+ − 1134
+ − 1135
if ( $userdata['email_public'] == 1 )
+ − 1136
{
+ − 1137
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 1138
$email_link = $email->encryptEmail($userdata['email']);
368
+ − 1139
echo '<tr><td class="'.$class.'">' . $lang->get('userpage_lbl_email') . ' ' . $email_link . '</td></tr>';
22
+ − 1140
}
+ − 1141
+ − 1142
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 1143
if ( $session->user_logged_in )
+ − 1144
{
368
+ − 1145
echo '<tr><td class="'.$class.'">' . $lang->get('userpage_btn_send_pm', array('username' => htmlspecialchars($target_username), 'pm_link' => makeUrlNS('Special', 'PrivateMessages/Compose/to/' . $this->page_id, false, true))) . '</td></tr>';
22
+ − 1146
}
+ − 1147
else
+ − 1148
{
368
+ − 1149
echo '<tr><td class="'.$class.'">' . $lang->get('userpage_btn_send_pm_guest', array('username' => htmlspecialchars($target_username), 'login_flags' => 'href="' . makeUrlNS('Special', 'Login/' . $paths->nslist[$this->namespace] . $this->page_id) . '" onclick="ajaxStartLogin(); return false;"')) . '</td></tr>';
22
+ − 1150
}
+ − 1151
+ − 1152
if ( !empty($userdata['user_aim']) )
+ − 1153
{
+ − 1154
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
368
+ − 1155
echo '<tr><td class="'.$class.'">' . $lang->get('userpage_lbl_aim') . ' ' . $userdata['user_aim'] . '</td></tr>';
22
+ − 1156
}
+ − 1157
+ − 1158
if ( !empty($userdata['user_yahoo']) )
+ − 1159
{
+ − 1160
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
368
+ − 1161
echo '<tr><td class="'.$class.'">' . $lang->get('userpage_lbl_yim') . ' ' . $userdata['user_yahoo'] . '</td></tr>';
22
+ − 1162
}
+ − 1163
+ − 1164
if ( !empty($userdata['user_msn']) )
+ − 1165
{
+ − 1166
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 1167
$email_link = $email->encryptEmail($userdata['user_msn']);
368
+ − 1168
echo '<tr><td class="'.$class.'">' . $lang->get('userpage_lbl_wlm') . ' ' . $email_link . '</td></tr>';
22
+ − 1169
}
+ − 1170
+ − 1171
if ( !empty($userdata['user_xmpp']) )
+ − 1172
{
+ − 1173
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
+ − 1174
$email_link = $email->encryptEmail($userdata['user_xmpp']);
368
+ − 1175
echo '<tr><td class="'.$class.'">' . $lang->get('userpage_lbl_xmpp') . ' ' . $email_link . '</td></tr>';
22
+ − 1176
}
+ − 1177
+ − 1178
// Real life
+ − 1179
368
+ − 1180
echo '<tr><th class="subhead">' . $lang->get('userpage_heading_real_life', array('username' => htmlspecialchars($target_username))) . '</th></tr>';
22
+ − 1181
+ − 1182
if ( !empty($userdata['user_location']) )
+ − 1183
{
+ − 1184
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
368
+ − 1185
echo '<tr><td class="'.$class.'">' . $lang->get('userpage_lbl_location') . ' ' . $userdata['user_location'] . '</td></tr>';
22
+ − 1186
}
+ − 1187
+ − 1188
if ( !empty($userdata['user_job']) )
+ − 1189
{
+ − 1190
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
368
+ − 1191
echo '<tr><td class="'.$class.'">' . $lang->get('userpage_lbl_job') . ' ' . $userdata['user_job'] . '</td></tr>';
22
+ − 1192
}
+ − 1193
+ − 1194
if ( !empty($userdata['user_hobbies']) )
+ − 1195
{
+ − 1196
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
368
+ − 1197
echo '<tr><td class="'.$class.'">' . $lang->get('userpage_lbl_hobbies') . ' ' . $userdata['user_hobbies'] . '</td></tr>';
22
+ − 1198
}
+ − 1199
28
+ − 1200
if ( empty($userdata['user_location']) && empty($userdata['user_job']) && empty($userdata['user_hobbies']) )
+ − 1201
{
+ − 1202
$class = ( $class == 'row1' ) ? 'row3' : 'row1';
368
+ − 1203
echo '<tr><td class="'.$class.'">' . $lang->get('userpage_msg_no_contact_info', array('username' => htmlspecialchars($target_username))) . '</td></tr>';
28
+ − 1204
}
+ − 1205
315
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1206
$code = $plugins->setHook('userpage_sidebar_right');
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1207
foreach ( $code as $cmd )
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1208
{
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1209
eval($cmd);
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1210
}
f49e3c8b638c
Fixed focus of AJAX login form fields in IE; removed stale/unused call to $template->makeParserText() in paginate_array(); added hook page_create_request to possibly help control creation of pages of certain namespaces from plugins; fixed critical bug in user CP that prevented plugins from adding custom CP modules
Dan
diff
changeset
+ − 1211
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1212
echo ' </table>
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1213
</div>';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1214
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1215
echo '</tr></table>';
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1216
22
+ − 1217
else:
+ − 1218
368
+ − 1219
if ( !is_valid_ip($target_username) )
+ − 1220
{
+ − 1221
echo '<p>' . $lang->get('userpage_msg_user_not_exist', array('username' => htmlspecialchars($target_username))) . '</p>';
+ − 1222
}
22
+ − 1223
+ − 1224
endif;
+ − 1225
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1226
// if ( $send_headers )
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1227
// {
22
+ − 1228
// display_page_footers();
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1229
// }
16
+ − 1230
15
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1231
$this->send_headers = $send_headers;
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1232
unset($send_headers);
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1233
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1234
$this->footer();
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1235
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1236
}
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1237
ad5986a53197
Fixed complicated SQL injection vulnerability in URL handler, updated license info for Tigra Tree Menu, and killed one XSS vulnerability
Dan
diff
changeset
+ − 1238
/**
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1239
* Pushes to the redirect stack and resets the instance. This depends on the page ID and namespace already being validated and sanitized, and does not check the size of the redirect stack.
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1240
* @param string Page ID to redirect to
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1241
* @param string Namespace to redirect to
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1242
* @access private
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1243
*/
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1244
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1245
function _handle_redirect($page_id, $namespace)
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1246
{
92
+ − 1247
global $db, $session, $paths, $template, $plugins; // Common objects
314
+ − 1248
global $lang;
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1249
$arr_pid = array($this->page_id, $this->namespace);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1250
if ( $namespace == 'Special' || $namespace == 'Admin' )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1251
{
314
+ − 1252
return $lang->get('page_err_redirect_to_special');
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1253
}
314
+ − 1254
$looped = false;
+ − 1255
foreach ( $this->redirect_stack as $page )
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1256
{
314
+ − 1257
if ( $page[0] == $arr_pid[0] && $page[1] == $arr_pid[1] )
+ − 1258
{
+ − 1259
$looped = true;
+ − 1260
break;
+ − 1261
}
+ − 1262
}
+ − 1263
if ( $looped )
+ − 1264
{
+ − 1265
return $lang->get('page_err_redirect_infinite_loop');
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1266
}
92
+ − 1267
$page_id_key = $paths->nslist[ $namespace ] . sanitize_page_id($page_id);
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1268
if ( !isset($paths->pages[$page_id_key]) )
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1269
{
314
+ − 1270
return $lang->get('page_err_redirect_to_nonexistent');
62
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1271
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1272
$this->redirect_stack[] = $arr_pid;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1273
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1274
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1275
// Nuke the text cache to avoid infinite loops, gah...
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1276
$this->text_cache = '';
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1277
$this->_setup($page_id, $namespace, 0);
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1278
$this->send();
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1279
return true;
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1280
}
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1281
9dc4fded30e6
Redirect pages actually work stable-ish now; critical extraneous debug message removed (oops!)
Dan
diff
changeset
+ − 1282
/**
1
+ − 1283
* Send the error message to the user that the access to this page is denied.
+ − 1284
* @access private
+ − 1285
*/
+ − 1286
+ − 1287
function err_access_denied()
+ − 1288
{
+ − 1289
global $db, $session, $paths, $template, $plugins; // Common objects
314
+ − 1290
global $lang;
+ − 1291
global $email;
1
+ − 1292
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1293
// Log it for crying out loud
345
4ccdfeee9a11
WiP commit for admin panel localization. All modules up to Admin:UserManager (working down the list) are localized except Admin:ThemeManager, which is due for a rewrite
Dan
diff
changeset
+ − 1294
$q = $db->sql_query('INSERT INTO '.table_prefix.'logs(log_type,action,time_id,date_string,author,edit_summary,page_text) VALUES(\'security\', \'illegal_page\', '.time().', \''.enano_date('d M Y h:i a').'\', \''.$db->escape($session->username).'\', \''.$db->escape($_SERVER['REMOTE_ADDR']).'\', \'' . $db->escape(serialize(array($this->page_id, $this->namespace))) . '\')');
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1295
1
+ − 1296
$ob = '';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1297
//$template->tpl_strings['PAGE_NAME'] = 'Access denied';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1298
$template->tpl_strings['PAGE_NAME'] = htmlspecialchars( $this->title );
1
+ − 1299
+ − 1300
if ( $this->send_headers )
+ − 1301
{
+ − 1302
$ob .= $template->getHeader();
+ − 1303
}
+ − 1304
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1305
if ( count($this->redirect_stack) > 0 )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1306
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1307
$stack = array_reverse($this->redirect_stack);
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1308
foreach ( $stack as $oldtarget )
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1309
{
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1310
$url = makeUrlNS($oldtarget[1], $oldtarget[0], 'redirect=no', true);
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1311
$page_id_key = $paths->nslist[ $oldtarget[1] ] . $oldtarget[0];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1312
$page_data = $paths->pages[$page_id_key];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1313
$title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$oldtarget[1]] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $oldtarget[0] ) ) );
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1314
$a = '<a href="' . $url . '">' . $title . '</a>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1315
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1316
$url = makeUrlNS($this->namespace, $this->page_id, 'redirect=no', true);
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1317
$page_id_key = $paths->nslist[ $this->namespace ] . $this->page_id;
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1318
$page_data = $paths->pages[$page_id_key];
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1319
$title = ( isset($page_data['name']) ) ? $page_data['name'] : $paths->nslist[$this->namespace] . htmlspecialchars( str_replace('_', ' ', dirtify_page_id( $this->page_id ) ) );
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1320
$b = '<a href="' . $url . '">' . $title . '</a>';
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1321
369
+ − 1322
$ob .= '<small>' . $lang->get('page_msg_redirected_from_to', array('from' => $a, 'to' => $b)) . '<br /></small>';
103
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1323
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1324
}
a8891e108c95
Several major improvements: Memberlist page added (planned since about beta 2), page group support added for non-JS ACL editor (oops!), and attempting to view a page for which you lack read permissions will get you logged.
Dan
diff
changeset
+ − 1325
314
+ − 1326
$email_link = $email->encryptEmail(getConfig('contact_email'), '', '', $lang->get('page_err_access_denied_siteadmin'));
+ − 1327
+ − 1328
$ob .= "<h3>" . $lang->get('page_err_access_denied_title') . "</h3>";
+ − 1329
$ob .= "<p>" . $lang->get('page_err_access_denied_body', array('site_administration' => $email_link)) . "</p>";
1
+ − 1330
+ − 1331
if ( $this->send_headers )
+ − 1332
{
+ − 1333
$ob .= $template->getFooter();
+ − 1334
}
+ − 1335
echo $ob;
+ − 1336
}
+ − 1337
+ − 1338
/**
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1339
* Inform the user of an incorrect or absent password
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1340
* @access private
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1341
*/
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1342
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1343
function err_wrong_password()
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1344
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1345
global $db, $session, $paths, $template, $plugins; // Common objects
369
+ − 1346
global $lang;
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1347
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1348
$title = 'Password required';
369
+ − 1349
$message = ( empty($this->password) ) ?
+ − 1350
'<p>' . $lang->get('page_msg_passrequired') . '</p>' :
+ − 1351
'<p>' . $lang->get('page_msg_pass_wrong') . '</p>';
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1352
$message .= '<form action="' . makeUrlNS($this->namespace, $this->page_id) . '" method="post">
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1353
<p>
369
+ − 1354
<label>' . $lang->get('page_lbl_password') . ' <input name="pagepass" type="password" /></label> <input type="submit" value="Submit" />
32
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1355
</p>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1356
</form>';
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1357
if ( $this->send_headers )
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1358
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1359
$template->tpl_strings['PAGE_NAME'] = $title;
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1360
$template->header();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1361
echo "$message";
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1362
$template->footer();
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1363
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1364
else
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1365
{
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1366
echo "<h2>$title</h2>
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1367
$message";
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1368
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1369
}
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1370
4d87aad3c4c0
Finished everything on the TODO list (yay!); several CSS cleanups; tons more changes in this commit - see the patch for details
Dan
diff
changeset
+ − 1371
/**
1
+ − 1372
* Send the error message to the user complaining that there weren't any rows.
+ − 1373
* @access private
+ − 1374
*/
+ − 1375
+ − 1376
function err_no_rows()
+ − 1377
{
+ − 1378
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1379
+ − 1380
$title = 'No text rows';
+ − 1381
$message = 'While the page\'s existence was verified, there were no rows in the database that matched the query for the text. This may indicate a bug with the software; ask the webmaster for more information. The offending query was:<pre>' . $db->latest_query . '</pre>';
+ − 1382
if ( $this->send_headers )
+ − 1383
{
+ − 1384
$template->tpl_strings['PAGE_NAME'] = $title;
+ − 1385
$template->header();
+ − 1386
echo "<p>$message</p>";
+ − 1387
$template->footer();
+ − 1388
}
+ − 1389
else
+ − 1390
{
+ − 1391
echo "<h2>$title</h2>
+ − 1392
<p>$message</p>";
+ − 1393
}
+ − 1394
}
+ − 1395
+ − 1396
/**
+ − 1397
* Tell the user the page doesn't exist, and present them with their options.
+ − 1398
* @access private
+ − 1399
*/
+ − 1400
22
+ − 1401
function err_page_not_existent($userpage = false)
1
+ − 1402
{
+ − 1403
global $db, $session, $paths, $template, $plugins; // Common objects
369
+ − 1404
global $lang;
1
+ − 1405
91
+ − 1406
header('HTTP/1.1 404 Not Found');
+ − 1407
1
+ − 1408
$this->header();
91
+ − 1409
$this->do_breadcrumbs();
+ − 1410
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1411
$msg = $paths->sysmsg('Page_not_found');
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1412
if ( $msg )
22
+ − 1413
{
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1414
$msg = RenderMan::render($msg);
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1415
eval( '?>' . $msg );
1
+ − 1416
}
+ − 1417
else
+ − 1418
{
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1419
if ( $userpage )
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1420
{
369
+ − 1421
echo '<h3>' . $lang->get('page_msg_404_title') . '</h3>
+ − 1422
<p>' . $lang->get('page_msg_404_body_userpage');
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1423
}
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1424
else
1
+ − 1425
{
369
+ − 1426
echo '<h3>' . $lang->get('page_msg_404_title') . '</h3>
+ − 1427
<p>' . $lang->get('page_msg_404_body');
1
+ − 1428
}
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1429
if ( $session->get_permissions('create_page') )
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1430
{
369
+ − 1431
echo ' ' . $lang->get('page_msg_404_create', array(
+ − 1432
'create_flags' => 'href="'.makeUrlNS($this->namespace, $this->page_id, 'do=edit', true).'" onclick="ajaxEditor(); return false;"',
+ − 1433
'mainpage_link' => makeUrl(getConfig('main_page'), false, true)
+ − 1434
));
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1435
}
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1436
else
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1437
{
369
+ − 1438
echo ' ' . $lang->get('page_msg_404_gohome', array(
+ − 1439
'mainpage_link' => makeUrl(getConfig('main_page'), false, true)
+ − 1440
));
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1441
}
369
+ − 1442
echo '</p>';
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1443
if ( $session->get_permissions('history_rollback') )
1
+ − 1444
{
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1445
$e = $db->sql_query('SELECT * FROM ' . table_prefix . 'logs WHERE action=\'delete\' AND page_id=\'' . $this->page_id . '\' AND namespace=\'' . $this->namespace . '\' ORDER BY time_id DESC;');
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1446
if ( !$e )
93
+ − 1447
{
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1448
$db->_die('The deletion log could not be selected.');
93
+ − 1449
}
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1450
if ( $db->numrows() > 0 )
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1451
{
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1452
$r = $db->fetchrow();
369
+ − 1453
echo '<p>' . $lang->get('page_msg_404_was_deleted', array(
+ − 1454
'delete_time' => enano_date('d M Y h:i a', $r['time_id']),
+ − 1455
'delete_reason' => htmlspecialchars($r['edit_summary']),
+ − 1456
'rollback_flags' => 'href="'.makeUrl($paths->page, 'do=rollback&id='.$r['time_id']).'" onclick="ajaxRollback(\''.$r['time_id'].'\'); return false;"'
+ − 1457
))
+ − 1458
. '</p>';
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1459
if ( $session->user_level >= USER_LEVEL_ADMIN )
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1460
{
369
+ − 1461
echo '<p>' . $lang->get('page_msg_404_admin_opts', array(
+ − 1462
'detag_link' => makeUrl($paths->page, 'do=detag', true)
+ − 1463
))
+ − 1464
. '</p>';
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1465
}
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1466
}
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1467
$db->free_result();
1
+ − 1468
}
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1469
echo '<p>
369
+ − 1470
' . $lang->get('page_msg_404_http_response') . '
343
eefe9ab7fe7c
Localized the first parts of the admin panel. As a consequence, also wrote a brand new Admin:PageManager that doesn't suck like the old one did.
Dan
diff
changeset
+ − 1471
</p>';
1
+ − 1472
}
+ − 1473
$this->footer();
+ − 1474
}
+ − 1475
+ − 1476
/**
91
+ − 1477
* Echoes out breadcrumb data, if appropriate.
+ − 1478
* @access private
+ − 1479
*/
+ − 1480
+ − 1481
function do_breadcrumbs()
+ − 1482
{
+ − 1483
global $db, $session, $paths, $template, $plugins; // Common objects
+ − 1484
if ( strpos($this->text_cache, '__NOBREADCRUMBS__') !== false )
+ − 1485
return false;
+ − 1486
$breadcrumb_data = explode('/', $this->page_id);
+ − 1487
if ( count($breadcrumb_data) > 1 )
+ − 1488
{
+ − 1489
echo '<!-- Start breadcrumbs -->
+ − 1490
<div class="breadcrumbs">
+ − 1491
';
+ − 1492
foreach ( $breadcrumb_data as $i => $higherpage )
+ − 1493
{
+ − 1494
$higherpage = $paths->nslist[$this->namespace] . sanitize_page_id(implode('/', array_slice($breadcrumb_data, 0, ($i+1))));
+ − 1495
if ( ($i + 1) == count($breadcrumb_data) )
+ − 1496
{
+ − 1497
$title = get_page_title($higherpage, false);
+ − 1498
if ( !$this->page_exists )
+ − 1499
{
+ − 1500
$title = explode('/', $title);
+ − 1501
$title = array_reverse($title);
+ − 1502
$title = $title[0];
+ − 1503
}
+ − 1504
echo htmlspecialchars($title);
+ − 1505
break;
+ − 1506
}
+ − 1507
else if ( isPage($higherpage) )
+ − 1508
{
+ − 1509
$title = get_page_title($higherpage, false);
+ − 1510
echo '<a href="' . makeUrl($higherpage, false, true) . '">' . htmlspecialchars($title) . '</a>';
+ − 1511
}
+ − 1512
else
+ − 1513
{
+ − 1514
$title = get_page_title($higherpage, false);
+ − 1515
$title = explode('/', $title);
+ − 1516
$title = array_reverse($title);
+ − 1517
$title = $title[0];
+ − 1518
echo '<a href="' . makeUrl($higherpage, false, true) . '" class="wikilink-nonexistent">' . htmlspecialchars($title) . '</a>';
+ − 1519
}
+ − 1520
echo ' » ';
+ − 1521
}
+ − 1522
echo '</div>
+ − 1523
<!-- End breadcrumbs -->
+ − 1524
';
+ − 1525
}
+ − 1526
}
+ − 1527
+ − 1528
/**
21
663fcf528726
Updated all version numbers back to Banshee; a few preliminary steps towards full UTF-8 support in page URLs
Dan
diff
changeset
+ − 1529
* Send an error message and die. For debugging or critical technical errors only - nothing that would under normal circumstances be shown to the user.
1
+ − 1530
* @var string Error message
+ − 1531
* @var bool If true, send DBAL's debugging information as well
+ − 1532
*/
+ − 1533
+ − 1534
function send_error($message, $sql = false)
+ − 1535
{
+ − 1536
global $db, $session, $paths, $template, $plugins; // Common objects
369
+ − 1537
global $lang;
1
+ − 1538
+ − 1539
$content = "<p>$message</p>";
369
+ − 1540
$template->tpl_strings['PAGE_NAME'] = $lang->get('page_msg_general_error');
1
+ − 1541
+ − 1542
if ( $this->debug['works'] )
+ − 1543
{
+ − 1544
$content .= $this->debug['backtrace'];
+ − 1545
}
+ − 1546
+ − 1547
header('HTTP/1.1 500 Internal Server Error');
+ − 1548
+ − 1549
$template->header();
+ − 1550
echo $content;
+ − 1551
$template->footer();
+ − 1552
+ − 1553
$db->close();
+ − 1554
+ − 1555
exit;
+ − 1556
+ − 1557
}
+ − 1558
322
+ − 1559
/**
+ − 1560
* Raises an error.
+ − 1561
* @param string Error string
+ − 1562
*/
+ − 1563
+ − 1564
function raise_error($string)
+ − 1565
{
+ − 1566
if ( !is_string($string) )
+ − 1567
return false;
+ − 1568
$this->_errors[] = $string;
+ − 1569
}
+ − 1570
+ − 1571
/**
+ − 1572
* Retrieves the latest error from the error stack and returns it ('pops' the error stack)
+ − 1573
* @return string
+ − 1574
*/
+ − 1575
+ − 1576
function pop_error()
+ − 1577
{
+ − 1578
if ( count($this->_errors) < 1 )
+ − 1579
return false;
+ − 1580
return array_pop($this->_errors);
+ − 1581
}
+ − 1582
1
+ − 1583
} // class PageProcessor
+ − 1584
+ − 1585
?>