28 |
28 |
29 error_reporting(E_ALL); |
29 error_reporting(E_ALL); |
30 |
30 |
31 if($aggressive_optimize_html || $do_gzip) |
31 if($aggressive_optimize_html || $do_gzip) |
32 { |
32 { |
33 ob_start(); |
33 ob_start(); |
34 } |
34 } |
35 |
35 |
36 global $db, $session, $paths, $template, $plugins; // Common objects |
36 global $db, $session, $paths, $template, $plugins; // Common objects |
37 $page_timestamp = time(); |
37 $page_timestamp = time(); |
38 |
38 |
39 if ( !isset($_GET['do']) ) |
39 if ( !isset($_GET['do']) ) |
40 { |
40 { |
41 $_GET['do'] = 'view'; |
41 $_GET['do'] = 'view'; |
42 } |
42 } |
43 switch($_GET['do']) |
43 switch($_GET['do']) |
44 { |
44 { |
45 default: |
45 default: |
46 $code = $plugins->setHook('page_action'); |
46 $code = $plugins->setHook('page_action'); |
47 ob_start(); |
47 ob_start(); |
48 foreach ( $code as $cmd ) |
48 foreach ( $code as $cmd ) |
49 { |
49 { |
50 eval($cmd); |
50 eval($cmd); |
51 } |
51 } |
52 if ( $contents = ob_get_contents() ) |
52 if ( $contents = ob_get_contents() ) |
53 { |
53 { |
54 ob_end_clean(); |
54 ob_end_clean(); |
55 echo $contents; |
55 echo $contents; |
56 } |
56 } |
57 else |
57 else |
58 { |
58 { |
59 die_friendly('Invalid action', '<p>The action "'.htmlspecialchars($_GET['do']).'" is not defined. Return to <a href="'.makeUrl($paths->page).'">viewing this page\'s text</a>.</p>'); |
59 die_friendly('Invalid action', '<p>The action "'.htmlspecialchars($_GET['do']).'" is not defined. Return to <a href="'.makeUrl($paths->page).'">viewing this page\'s text</a>.</p>'); |
60 } |
60 } |
61 break; |
61 break; |
62 case 'view': |
62 case 'view': |
63 // echo PageUtils::getpage($paths->page, true, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false )); |
63 // echo PageUtils::getpage($paths->page, true, ( (isset($_GET['oldid'])) ? $_GET['oldid'] : false )); |
64 $rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 ); |
64 $rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 ); |
65 $page = new PageProcessor( $paths->page_id, $paths->namespace, $rev_id ); |
65 $page = new PageProcessor( $paths->page_id, $paths->namespace, $rev_id ); |
66 // Feed this PageProcessor to the template processor. This prevents $template from starting another |
66 // Feed this PageProcessor to the template processor. This prevents $template from starting another |
67 // PageProcessor when we already have one going. |
67 // PageProcessor when we already have one going. |
68 $template->set_page($page); |
68 $template->set_page($page); |
69 $page->send_headers = true; |
69 $page->send_headers = true; |
70 $page->allow_redir = ( !isset($_GET['redirect']) || (isset($_GET['redirect']) && $_GET['redirect'] !== 'no') ); |
70 $page->allow_redir = ( !isset($_GET['redirect']) || (isset($_GET['redirect']) && $_GET['redirect'] !== 'no') ); |
71 $pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : ''; |
71 $pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : ''; |
72 $page->password = $pagepass; |
72 $page->password = $pagepass; |
73 $page->send(true); |
73 $page->send(true); |
74 $page_timestamp = $page->revision_time; |
74 $page_timestamp = $page->revision_time; |
75 break; |
75 break; |
76 case 'comments': |
76 case 'comments': |
77 $output->header(); |
77 $output->header(); |
78 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
78 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
79 $sub = ( isset ($_GET['sub']) ) ? $_GET['sub'] : false; |
79 $sub = ( isset ($_GET['sub']) ) ? $_GET['sub'] : false; |
80 switch($sub) |
80 switch($sub) |
81 { |
81 { |
82 case 'admin': |
82 case 'admin': |
83 default: |
83 default: |
84 $act = ( isset ($_GET['action']) ) ? $_GET['action'] : false; |
84 $act = ( isset ($_GET['action']) ) ? $_GET['action'] : false; |
85 $id = ( isset ($_GET['id']) ) ? intval($_GET['id']) : -1; |
85 $id = ( isset ($_GET['id']) ) ? intval($_GET['id']) : -1; |
86 echo PageUtils::comments_html($paths->page_id, $paths->namespace, $act, Array('id'=>$id)); |
86 echo PageUtils::comments_html($paths->page_id, $paths->namespace, $act, Array('id'=>$id)); |
87 break; |
87 break; |
88 case 'postcomment': |
88 case 'postcomment': |
89 if(empty($_POST['name']) || |
89 if(empty($_POST['name']) || |
90 empty($_POST['subj']) || |
90 empty($_POST['subj']) || |
91 empty($_POST['text']) |
91 empty($_POST['text']) |
92 ) { echo 'Invalid request'; break; } |
92 ) { echo 'Invalid request'; break; } |
93 $cid = ( isset($_POST['captcha_id']) ) ? $_POST['captcha_id'] : false; |
93 $cid = ( isset($_POST['captcha_id']) ) ? $_POST['captcha_id'] : false; |
94 $cin = ( isset($_POST['captcha_input']) ) ? $_POST['captcha_input'] : false; |
94 $cin = ( isset($_POST['captcha_input']) ) ? $_POST['captcha_input'] : false; |
95 |
95 |
96 require_once('includes/comment.php'); |
96 require_once('includes/comment.php'); |
97 $comments = new Comments($paths->page_id, $paths->namespace); |
97 $comments = new Comments($paths->page_id, $paths->namespace); |
98 |
98 |
99 $submission = array( |
99 $submission = array( |
100 'mode' => 'submit', |
100 'mode' => 'submit', |
101 'captcha_id' => $cid, |
101 'captcha_id' => $cid, |
102 'captcha_code' => $cin, |
102 'captcha_code' => $cin, |
103 'name' => $_POST['name'], |
103 'name' => $_POST['name'], |
104 'subj' => $_POST['subj'], |
104 'subj' => $_POST['subj'], |
105 'text' => $_POST['text'], |
105 'text' => $_POST['text'], |
106 ); |
106 ); |
107 |
107 |
108 $result = $comments->process_json($submission); |
108 $result = $comments->process_json($submission); |
109 if ( $result['mode'] == 'error' ) |
109 if ( $result['mode'] == 'error' ) |
110 { |
110 { |
111 echo '<div class="error-box">' . htmlspecialchars($result['error']) . '</div>'; |
111 echo '<div class="error-box">' . htmlspecialchars($result['error']) . '</div>'; |
112 } |
112 } |
113 else |
113 else |
114 { |
114 { |
115 echo '<div class="info-box">' . $lang->get('comment_msg_comment_posted') . '</div>'; |
115 echo '<div class="info-box">' . $lang->get('comment_msg_comment_posted') . '</div>'; |
116 } |
116 } |
117 |
117 |
118 echo PageUtils::comments_html($paths->page_id, $paths->namespace); |
118 echo PageUtils::comments_html($paths->page_id, $paths->namespace); |
119 break; |
119 break; |
120 case 'editcomment': |
120 case 'editcomment': |
121 if(!isset($_GET['id']) || ( isset($_GET['id']) && !preg_match('#^([0-9]+)$#', $_GET['id']) )) { echo '<p>Invalid comment ID</p>'; break; } |
121 if(!isset($_GET['id']) || ( isset($_GET['id']) && !preg_match('#^([0-9]+)$#', $_GET['id']) )) { echo '<p>Invalid comment ID</p>'; break; } |
122 $q = $db->sql_query('SELECT subject,comment_data,comment_id FROM '.table_prefix.'comments WHERE comment_id='.$_GET['id']); |
122 $q = $db->sql_query('SELECT subject,comment_data,comment_id FROM '.table_prefix.'comments WHERE comment_id='.$_GET['id']); |
123 if(!$q) $db->_die('The comment data could not be selected.'); |
123 if(!$q) $db->_die('The comment data could not be selected.'); |
124 $row = $db->fetchrow(); |
124 $row = $db->fetchrow(); |
125 $db->free_result(); |
125 $db->free_result(); |
126 $row['subject'] = str_replace('\'', ''', $row['subject']); |
126 $row['subject'] = str_replace('\'', ''', $row['subject']); |
127 echo '<form action="'.makeUrl($paths->page, 'do=comments&sub=savecomment').'" method="post">'; |
127 echo '<form action="'.makeUrl($paths->page, 'do=comments&sub=savecomment').'" method="post">'; |
128 echo "<br /><div class='tblholder'><table border='0' width='100%' cellspacing='1' cellpadding='4'> |
128 echo "<br /><div class='tblholder'><table border='0' width='100%' cellspacing='1' cellpadding='4'> |
129 <tr><td class='row1'>" . $lang->get('comment_postform_field_subject') . "</td><td class='row1'><input type='text' name='subj' value='{$row['subject']}' /></td></tr> |
129 <tr><td class='row1'>" . $lang->get('comment_postform_field_subject') . "</td><td class='row1'><input type='text' name='subj' value='{$row['subject']}' /></td></tr> |
130 <tr><td class='row2'>" . $lang->get('comment_postform_field_comment') . "</td><td class='row2'><textarea rows='10' cols='40' style='width: 98%;' name='text'>{$row['comment_data']}</textarea></td></tr> |
130 <tr><td class='row2'>" . $lang->get('comment_postform_field_comment') . "</td><td class='row2'><textarea rows='10' cols='40' style='width: 98%;' name='text'>{$row['comment_data']}</textarea></td></tr> |
131 <tr><td class='row1' colspan='2' class='row1' style='text-align: center;'><input type='hidden' name='id' value='{$row['comment_id']}' /><input type='submit' value='" . $lang->get('etc_save_changes') . "' /></td></tr> |
131 <tr><td class='row1' colspan='2' class='row1' style='text-align: center;'><input type='hidden' name='id' value='{$row['comment_id']}' /><input type='submit' value='" . $lang->get('etc_save_changes') . "' /></td></tr> |
132 </table></div>"; |
132 </table></div>"; |
133 echo '</form>'; |
133 echo '</form>'; |
134 break; |
134 break; |
135 case 'savecomment': |
135 case 'savecomment': |
136 if(empty($_POST['subj']) || empty($_POST['text'])) { echo '<p>Invalid request</p>'; break; } |
136 if(empty($_POST['subj']) || empty($_POST['text'])) { echo '<p>Invalid request</p>'; break; } |
137 $r = PageUtils::savecomment_neater($paths->page_id, $paths->namespace, $_POST['subj'], $_POST['text'], (int)$_POST['id']); |
137 $r = PageUtils::savecomment_neater($paths->page_id, $paths->namespace, $_POST['subj'], $_POST['text'], (int)$_POST['id']); |
138 if($r != 'good') { echo "<pre>$r</pre>"; break; } |
138 if($r != 'good') { echo "<pre>$r</pre>"; break; } |
139 echo PageUtils::comments_html($paths->page_id, $paths->namespace); |
139 echo PageUtils::comments_html($paths->page_id, $paths->namespace); |
140 break; |
140 break; |
141 case 'deletecomment': |
141 case 'deletecomment': |
142 if(!empty($_GET['id'])) |
142 if(!empty($_GET['id'])) |
143 { |
143 { |
144 PageUtils::deletecomment_neater($paths->page_id, $paths->namespace, (int)$_GET['id']); |
144 PageUtils::deletecomment_neater($paths->page_id, $paths->namespace, (int)$_GET['id']); |
145 } |
145 } |
146 echo PageUtils::comments_html($paths->page_id, $paths->namespace); |
146 echo PageUtils::comments_html($paths->page_id, $paths->namespace); |
147 break; |
147 break; |
148 } |
148 } |
149 $output->footer(); |
149 $output->footer(); |
150 break; |
150 break; |
151 case 'edit': |
151 case 'edit': |
152 if(isset($_POST['_cancel'])) |
152 if(isset($_POST['_cancel'])) |
153 { |
153 { |
154 redirect(makeUrl($paths->page), '', '', 0); |
154 redirect(makeUrl($paths->page), '', '', 0); |
155 break; |
155 break; |
156 } |
156 } |
157 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
157 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
158 if(isset($_POST['_save'])) |
158 if(isset($_POST['_save'])) |
159 { |
159 { |
160 $captcha_valid = true; |
160 $captcha_valid = true; |
161 if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' ) |
161 if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' ) |
162 { |
162 { |
163 $captcha_valid = false; |
163 $captcha_valid = false; |
164 if ( isset($_POST['captcha_id']) && isset($_POST['captcha_code']) ) |
164 if ( isset($_POST['captcha_id']) && isset($_POST['captcha_code']) ) |
165 { |
165 { |
166 $hash_correct = strtolower($session->get_captcha($_POST['captcha_id'])); |
166 $hash_correct = strtolower($session->get_captcha($_POST['captcha_id'])); |
167 $hash_input = strtolower($_POST['captcha_code']); |
167 $hash_input = strtolower($_POST['captcha_code']); |
168 if ( $hash_input === $hash_correct ) |
168 if ( $hash_input === $hash_correct ) |
169 $captcha_valid = true; |
169 $captcha_valid = true; |
170 } |
170 } |
171 } |
171 } |
172 if ( $captcha_valid ) |
172 if ( $captcha_valid ) |
173 { |
173 { |
174 $e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['page_text'], $_POST['edit_summary'], isset($_POST['minor'])); |
174 $e = PageUtils::savepage($paths->page_id, $paths->namespace, $_POST['page_text'], $_POST['edit_summary'], isset($_POST['minor'])); |
175 if ( $e == 'good' ) |
175 if ( $e == 'good' ) |
176 { |
176 { |
177 redirect(makeUrl($paths->page), $lang->get('editor_msg_save_success_title'), $lang->get('editor_msg_save_success_body'), 3); |
177 redirect(makeUrl($paths->page), $lang->get('editor_msg_save_success_title'), $lang->get('editor_msg_save_success_body'), 3); |
178 } |
178 } |
179 } |
179 } |
180 } |
180 } |
181 $template->header(); |
181 $template->header(); |
182 if ( isset($captcha_valid) ) |
182 if ( isset($captcha_valid) ) |
183 { |
183 { |
184 echo '<div class="usermessage">' . $lang->get('editor_err_captcha_wrong') . '</div>'; |
184 echo '<div class="usermessage">' . $lang->get('editor_err_captcha_wrong') . '</div>'; |
185 } |
185 } |
186 if(isset($_POST['_preview'])) |
186 if(isset($_POST['_preview'])) |
187 { |
187 { |
188 $text = $_POST['page_text']; |
188 $text = $_POST['page_text']; |
189 $edsumm = $_POST['edit_summary']; |
189 $edsumm = $_POST['edit_summary']; |
190 echo PageUtils::genPreview($_POST['page_text']); |
190 echo PageUtils::genPreview($_POST['page_text']); |
191 $text = htmlspecialchars($text); |
191 $text = htmlspecialchars($text); |
192 $revid = 0; |
192 $revid = 0; |
193 } |
193 } |
194 else |
194 else |
195 { |
195 { |
196 $revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0; |
196 $revid = ( isset($_GET['revid']) ) ? intval($_GET['revid']) : 0; |
197 $page = new PageProcessor($paths->page_id, $paths->namespace, $revid); |
197 $page = new PageProcessor($paths->page_id, $paths->namespace, $revid); |
198 $text = $page->fetch_source(); |
198 $text = $page->fetch_source(); |
199 $edsumm = ''; |
199 $edsumm = ''; |
200 // $text = RenderMan::getPage($paths->cpage['urlname_nons'], $paths->namespace, 0, false, false, false, false); |
200 // $text = RenderMan::getPage($paths->cpage['urlname_nons'], $paths->namespace, 0, false, false, false, false); |
201 } |
201 } |
202 if ( $revid > 0 ) |
202 if ( $revid > 0 ) |
203 { |
203 { |
204 $time = $page->revision_time; |
204 $time = $page->revision_time; |
205 // Retrieve information about this revision and the current one |
205 // Retrieve information about this revision and the current one |
206 $q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1 |
206 $q = $db->sql_query('SELECT l1.author AS currentrev_author, l2.author AS oldrev_author FROM ' . table_prefix . 'logs AS l1 |
207 LEFT JOIN ' . table_prefix . 'logs AS l2 |
207 LEFT JOIN ' . table_prefix . 'logs AS l2 |
208 ON ( l2.log_id = ' . $revid . ' |
208 ON ( l2.log_id = ' . $revid . ' |
209 AND l2.log_type = \'page\' |
209 AND l2.log_type = \'page\' |
210 AND l2.action = \'edit\' |
210 AND l2.action = \'edit\' |
211 AND l2.page_id = \'' . $db->escape($paths->page_id) . '\' |
211 AND l2.page_id = \'' . $db->escape($paths->page_id) . '\' |
212 AND l2.namespace = \'' . $db->escape($paths->namespace) . '\' |
212 AND l2.namespace = \'' . $db->escape($paths->namespace) . '\' |
213 AND l1.is_draft != 1 |
213 AND l1.is_draft != 1 |
214 ) |
214 ) |
215 WHERE l1.log_type = \'page\' |
215 WHERE l1.log_type = \'page\' |
216 AND l1.action = \'edit\' |
216 AND l1.action = \'edit\' |
217 AND l1.page_id = \'' . $db->escape($paths->page_id) . '\' |
217 AND l1.page_id = \'' . $db->escape($paths->page_id) . '\' |
218 AND l1.namespace = \'' . $db->escape($paths->namespace) . '\' |
218 AND l1.namespace = \'' . $db->escape($paths->namespace) . '\' |
219 AND l1.time_id > ' . $time . ' |
219 AND l1.time_id > ' . $time . ' |
220 AND l1.is_draft != 1 |
220 AND l1.is_draft != 1 |
221 ORDER BY l1.time_id DESC;'); |
221 ORDER BY l1.time_id DESC;'); |
222 if ( !$q ) |
222 if ( !$q ) |
223 $db->die_json(); |
223 $db->die_json(); |
224 |
224 |
225 if ( $db->numrows() > 0 ) |
225 if ( $db->numrows() > 0 ) |
226 { |
226 { |
227 echo '<div class="usermessage">' . $lang->get('editor_msg_editing_old_revision') . '</div>'; |
227 echo '<div class="usermessage">' . $lang->get('editor_msg_editing_old_revision') . '</div>'; |
228 |
228 |
229 $rev_count = $db->numrows() - 2; |
229 $rev_count = $db->numrows() - 2; |
230 $row = $db->fetchrow(); |
230 $row = $db->fetchrow(); |
231 $undo_info = array( |
231 $undo_info = array( |
232 'old_author' => $row['oldrev_author'], |
232 'old_author' => $row['oldrev_author'], |
233 'current_author' => $row['currentrev_author'], |
233 'current_author' => $row['currentrev_author'], |
234 'undo_count' => max($rev_count, 1), |
234 'undo_count' => max($rev_count, 1), |
235 'last_rev_id' => $revid |
235 'last_rev_id' => $revid |
236 ); |
236 ); |
237 } |
237 } |
238 else |
238 else |
239 { |
239 { |
240 $revid = 0; |
240 $revid = 0; |
241 } |
241 } |
242 $db->free_result(); |
242 $db->free_result(); |
243 } |
243 } |
244 echo ' |
244 echo ' |
245 <form action="'.makeUrl($paths->page, 'do=edit').'" method="post" enctype="multipart/form-data"> |
245 <form action="'.makeUrl($paths->page, 'do=edit').'" method="post" enctype="multipart/form-data"> |
246 <br /> |
246 <br /> |
247 <textarea name="page_text" rows="20" cols="60" style="width: 97%;">'.$text.'</textarea><br /> |
247 <textarea name="page_text" rows="20" cols="60" style="width: 97%;">'.$text.'</textarea><br /> |
248 <br /> |
248 <br /> |
249 '; |
249 '; |
250 $edsumm = ( $revid > 0 ) ? $lang->get('editor_reversion_edit_summary', $undo_info) : $edsumm; |
250 $edsumm = ( $revid > 0 ) ? $lang->get('editor_reversion_edit_summary', $undo_info) : $edsumm; |
251 echo $lang->get('editor_lbl_edit_summary') . ' <input name="edit_summary" type="text" size="40" value="' . htmlspecialchars($edsumm) . '" /><br /><label><input type="checkbox" name="minor" /> ' . $lang->get('editor_lbl_minor_edit_field') . '</label><br />'; |
251 echo $lang->get('editor_lbl_edit_summary') . ' <input name="edit_summary" type="text" size="40" value="' . htmlspecialchars($edsumm) . '" /><br /><label><input type="checkbox" name="minor" /> ' . $lang->get('editor_lbl_minor_edit_field') . '</label><br />'; |
252 if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' ) |
252 if ( !$session->user_logged_in && getConfig('guest_edit_require_captcha') == '1' ) |
253 { |
253 { |
254 echo '<br /><table border="0"><tr><td>'; |
254 echo '<br /><table border="0"><tr><td>'; |
255 echo '<b>' . $lang->get('editor_lbl_field_captcha') . '</b><br />' |
255 echo '<b>' . $lang->get('editor_lbl_field_captcha') . '</b><br />' |
256 . '<br />' |
256 . '<br />' |
257 . $lang->get('editor_msg_captcha_pleaseenter') . '<br /><br />' |
257 . $lang->get('editor_msg_captcha_pleaseenter') . '<br /><br />' |
258 . $lang->get('editor_msg_captcha_blind'); |
258 . $lang->get('editor_msg_captcha_blind'); |
259 echo '</td><td>'; |
259 echo '</td><td>'; |
260 $hash = $session->make_captcha(); |
260 $hash = $session->make_captcha(); |
261 echo '<img src="' . makeUrlNS('Special', "Captcha/$hash") . '" onclick="this.src+=\'/a\'" style="cursor: pointer;" /><br />'; |
261 echo '<img src="' . makeUrlNS('Special', "Captcha/$hash") . '" onclick="this.src+=\'/a\'" style="cursor: pointer;" /><br />'; |
262 echo '<input type="hidden" name="captcha_id" value="' . $hash . '" />'; |
262 echo '<input type="hidden" name="captcha_id" value="' . $hash . '" />'; |
263 echo $lang->get('editor_lbl_field_captcha_code') . ' <input type="text" name="captcha_code" value="" size="9" />'; |
263 echo $lang->get('editor_lbl_field_captcha_code') . ' <input type="text" name="captcha_code" value="" size="9" />'; |
264 echo '</td></tr></table>'; |
264 echo '</td></tr></table>'; |
265 } |
265 } |
266 echo '<br /> |
266 echo '<br /> |
267 <input type="submit" name="_save" value="' . $lang->get('editor_btn_save') . '" style="font-weight: bold;" /> |
267 <input type="submit" name="_save" value="' . $lang->get('editor_btn_save') . '" style="font-weight: bold;" /> |
268 <input type="submit" name="_preview" value="' . $lang->get('editor_btn_preview') . '" /> |
268 <input type="submit" name="_preview" value="' . $lang->get('editor_btn_preview') . '" /> |
269 <input type="submit" name="_revert" value="' . $lang->get('editor_btn_revert') . '" /> |
269 <input type="submit" name="_revert" value="' . $lang->get('editor_btn_revert') . '" /> |
270 <input type="submit" name="_cancel" value="' . $lang->get('editor_btn_cancel') . '" /> |
270 <input type="submit" name="_cancel" value="' . $lang->get('editor_btn_cancel') . '" /> |
271 </form> |
271 </form> |
272 '; |
272 '; |
273 if ( getConfig('wiki_edit_notice', '0') == '1' ) |
273 if ( getConfig('wiki_edit_notice', '0') == '1' ) |
274 { |
274 { |
275 $notice = getConfig('wiki_edit_notice_text'); |
275 $notice = getConfig('wiki_edit_notice_text'); |
276 echo RenderMan::render($notice); |
276 echo RenderMan::render($notice); |
277 } |
277 } |
278 $template->footer(); |
278 $template->footer(); |
279 break; |
279 break; |
280 case 'viewsource': |
280 case 'viewsource': |
281 $template->header(); |
281 $template->header(); |
282 $text = RenderMan::getPage($paths->page_id, $paths->namespace, 0, false, false, false, false); |
282 $text = RenderMan::getPage($paths->page_id, $paths->namespace, 0, false, false, false, false); |
283 $text = htmlspecialchars($text); |
283 $text = htmlspecialchars($text); |
284 echo ' |
284 echo ' |
285 <form action="'.makeUrl($paths->page, 'do=edit').'" method="post"> |
285 <form action="'.makeUrl($paths->page, 'do=edit').'" method="post"> |
286 <br /> |
286 <br /> |
287 <textarea readonly="readonly" name="page_text" rows="20" cols="60" style="width: 97%;">'.$text.'</textarea>'; |
287 <textarea readonly="readonly" name="page_text" rows="20" cols="60" style="width: 97%;">'.$text.'</textarea>'; |
288 echo '<br /> |
288 echo '<br /> |
289 <input type="submit" name="_cancel" value="' . $lang->get('editor_btn_closeviewer') . '" /> |
289 <input type="submit" name="_cancel" value="' . $lang->get('editor_btn_closeviewer') . '" /> |
290 </form> |
290 </form> |
291 '; |
291 '; |
292 $template->footer(); |
292 $template->footer(); |
293 break; |
293 break; |
294 case 'history': |
294 case 'history': |
295 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
295 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
296 $hist = PageUtils::histlist($paths->page_id, $paths->namespace); |
296 $hist = PageUtils::histlist($paths->page_id, $paths->namespace); |
297 $template->header(); |
297 $template->header(); |
298 echo $hist; |
298 echo $hist; |
299 $template->footer(); |
299 $template->footer(); |
300 break; |
300 break; |
301 case 'rollback': |
301 case 'rollback': |
302 $id = (isset($_GET['id'])) ? $_GET['id'] : false; |
302 $id = (isset($_GET['id'])) ? $_GET['id'] : false; |
303 if(!$id || !ctype_digit($id)) die_friendly('Invalid action ID', '<p>The URL parameter "id" is not an integer. Exiting to prevent nasties like SQL injection, etc.</p>'); |
303 if(!$id || !ctype_digit($id)) die_friendly('Invalid action ID', '<p>The URL parameter "id" is not an integer. Exiting to prevent nasties like SQL injection, etc.</p>'); |
304 |
304 |
305 $id = intval($id); |
305 $id = intval($id); |
306 |
306 |
307 $page = new PageProcessor($paths->page_id, $paths->namespace); |
307 $page = new PageProcessor($paths->page_id, $paths->namespace); |
308 $result = $page->rollback_log_entry($id); |
308 $result = $page->rollback_log_entry($id); |
309 |
309 |
310 if ( $result['success'] ) |
310 if ( $result['success'] ) |
311 { |
311 { |
312 $result = $lang->get("page_msg_rb_success_{$result['action']}", array('dateline' => $result['dateline'])); |
312 $result = $lang->get("page_msg_rb_success_{$result['action']}", array('dateline' => $result['dateline'])); |
313 } |
313 } |
314 else |
314 else |
315 { |
315 { |
316 $result = $lang->get("page_err_{$result['error']}", array('action' => @$result['action'])); |
316 $result = $lang->get("page_err_{$result['error']}", array('action' => @$result['action'])); |
317 } |
317 } |
318 |
318 |
319 $template->header(); |
319 $template->header(); |
320 echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a></p>'; |
320 echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a></p>'; |
321 $template->footer(); |
321 $template->footer(); |
322 break; |
322 break; |
323 case 'catedit': |
323 case 'catedit': |
324 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
324 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
325 if(isset($_POST['__enanoSaveButton'])) |
325 if(isset($_POST['__enanoSaveButton'])) |
326 { |
326 { |
327 unset($_POST['__enanoSaveButton']); |
327 unset($_POST['__enanoSaveButton']); |
328 $val = PageUtils::catsave($paths->page_id, $paths->namespace, $_POST); |
328 $val = PageUtils::catsave($paths->page_id, $paths->namespace, $_POST); |
329 if($val == 'GOOD') |
329 if($val == 'GOOD') |
330 { |
330 { |
331 header('Location: '.makeUrl($paths->page)); echo '<html><head><title>Redirecting...</title></head><body>If you haven\'t been redirected yet, <a href="'.makeUrl($paths->page).'">click here</a>.'; break; |
331 header('Location: '.makeUrl($paths->page)); echo '<html><head><title>Redirecting...</title></head><body>If you haven\'t been redirected yet, <a href="'.makeUrl($paths->page).'">click here</a>.'; break; |
332 } else { |
332 } else { |
333 die_friendly('Error saving category information', '<p>'.$val.'</p>'); |
333 die_friendly('Error saving category information', '<p>'.$val.'</p>'); |
334 } |
334 } |
335 } |
335 } |
336 elseif(isset($_POST['__enanoCatCancel'])) |
336 elseif(isset($_POST['__enanoCatCancel'])) |
337 { |
337 { |
338 header('Location: '.makeUrl($paths->page)); echo '<html><head><title>Redirecting...</title></head><body>If you haven\'t been redirected yet, <a href="'.makeUrl($paths->page).'">click here</a>.'; break; |
338 header('Location: '.makeUrl($paths->page)); echo '<html><head><title>Redirecting...</title></head><body>If you haven\'t been redirected yet, <a href="'.makeUrl($paths->page).'">click here</a>.'; break; |
339 } |
339 } |
340 $template->header(); |
340 $template->header(); |
341 $c = PageUtils::catedit_raw($paths->page_id, $paths->namespace); |
341 $c = PageUtils::catedit_raw($paths->page_id, $paths->namespace); |
342 echo $c[1]; |
342 echo $c[1]; |
343 $template->footer(); |
343 $template->footer(); |
344 break; |
344 break; |
345 case 'moreoptions': |
345 case 'moreoptions': |
346 $template->header(); |
346 $template->header(); |
347 echo '<div class="menu_nojs" style="width: 150px; padding: 0;"><ul style="display: block;"><li><div class="label">' . $lang->get('ajax_lbl_moreoptions_nojs') . '</div><div style="clear: both;"></div></li>'.$template->toolbar_menu.'</ul></div>'; |
347 echo '<div class="menu_nojs" style="width: 150px; padding: 0;"><ul style="display: block;"><li><div class="label">' . $lang->get('ajax_lbl_moreoptions_nojs') . '</div><div style="clear: both;"></div></li>'.$template->toolbar_menu.'</ul></div>'; |
348 $template->footer(); |
348 $template->footer(); |
349 break; |
349 break; |
350 case 'protect': |
350 case 'protect': |
351 if ( !$session->sid_super ) |
351 if ( !$session->sid_super ) |
352 { |
352 { |
353 redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=protect&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); |
353 redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=protect&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); |
354 } |
354 } |
355 |
355 |
356 if ( isset($_POST['level']) && isset($_POST['reason']) ) |
356 if ( isset($_POST['level']) && isset($_POST['reason']) ) |
357 { |
357 { |
358 $level = intval($_POST['level']); |
358 $level = intval($_POST['level']); |
359 if ( !in_array($level, array(PROTECT_FULL, PROTECT_SEMI, PROTECT_NONE)) ) |
359 if ( !in_array($level, array(PROTECT_FULL, PROTECT_SEMI, PROTECT_NONE)) ) |
360 { |
360 { |
361 $errors[] = 'bad level'; |
361 $errors[] = 'bad level'; |
362 } |
362 } |
363 $reason = trim($_POST['reason']); |
363 $reason = trim($_POST['reason']); |
364 if ( empty($reason) ) |
364 if ( empty($reason) ) |
365 { |
365 { |
366 $errors[] = $lang->get('onpage_protect_err_need_reason'); |
366 $errors[] = $lang->get('onpage_protect_err_need_reason'); |
367 } |
367 } |
368 |
368 |
369 $page = new PageProcessor($paths->page_id, $paths->namespace); |
369 $page = new PageProcessor($paths->page_id, $paths->namespace); |
370 $result = $page->protect_page($level, $reason); |
370 $result = $page->protect_page($level, $reason); |
371 if ( $result['success'] ) |
371 if ( $result['success'] ) |
372 { |
372 { |
373 redirect(makeUrl($paths->page), $lang->get('page_protect_lbl_success_title'), $lang->get('page_protect_lbl_success_body', array('page_link' => makeUrl($paths->page, false, true))), 3); |
373 redirect(makeUrl($paths->page), $lang->get('page_protect_lbl_success_title'), $lang->get('page_protect_lbl_success_body', array('page_link' => makeUrl($paths->page, false, true))), 3); |
374 } |
374 } |
375 else |
375 else |
376 { |
376 { |
377 $errors[] = $lang->get('page_err_' . $result['error']); |
377 $errors[] = $lang->get('page_err_' . $result['error']); |
378 } |
378 } |
379 } |
379 } |
380 $template->header(); |
380 $template->header(); |
381 ?> |
381 ?> |
382 <form action="<?php echo makeUrl($paths->page, 'do=protect'); ?>" method="post"> |
382 <form action="<?php echo makeUrl($paths->page, 'do=protect'); ?>" method="post"> |
383 <h3><?php echo $lang->get('onpage_protect_heading'); ?></h3> |
383 <h3><?php echo $lang->get('onpage_protect_heading'); ?></h3> |
384 <p><?php echo $lang->get('onpage_protect_msg_select_level'); ?></p> |
384 <p><?php echo $lang->get('onpage_protect_msg_select_level'); ?></p> |
385 |
385 |
386 <?php |
386 <?php |
387 if ( !empty($errors) ) |
387 if ( !empty($errors) ) |
388 { |
388 { |
389 echo '<ul><li>' . implode('</li><li>', $errors) . '</li></ul>'; |
389 echo '<ul><li>' . implode('</li><li>', $errors) . '</li></ul>'; |
390 } |
390 } |
391 ?> |
391 ?> |
392 |
392 |
393 <div class="protectlevel" style="line-height: 22px; margin-left: 17px;"> |
393 <div class="protectlevel" style="line-height: 22px; margin-left: 17px;"> |
394 <label> |
394 <label> |
395 <input type="radio" name="level" value="<?php echo PROTECT_FULL; ?>" /> |
395 <input type="radio" name="level" value="<?php echo PROTECT_FULL; ?>" /> |
396 <?php echo gen_sprite(cdnPath . '/images/protect-icons.png', 22, 22, 0, 0); ?> |
396 <?php echo gen_sprite(cdnPath . '/images/protect-icons.png', 22, 22, 0, 0); ?> |
397 <?php echo $lang->get('onpage_protect_btn_full'); ?> |
397 <?php echo $lang->get('onpage_protect_btn_full'); ?> |
398 </label> |
398 </label> |
399 </div> |
399 </div> |
400 <div class="protectlevel_hint" style="font-size: smaller; margin-left: 68px;"> |
400 <div class="protectlevel_hint" style="font-size: smaller; margin-left: 68px;"> |
401 <?php echo $lang->get('onpage_protect_btn_full_hint'); ?> |
401 <?php echo $lang->get('onpage_protect_btn_full_hint'); ?> |
402 </div> |
402 </div> |
403 |
403 |
404 <div class="protectlevel" style="line-height: 22px; margin-left: 17px;"> |
404 <div class="protectlevel" style="line-height: 22px; margin-left: 17px;"> |
405 <label> |
405 <label> |
406 <input type="radio" name="level" value="<?php echo PROTECT_SEMI; ?>" /> |
406 <input type="radio" name="level" value="<?php echo PROTECT_SEMI; ?>" /> |
407 <?php echo gen_sprite(cdnPath . '/images/protect-icons.png', 22, 22, 22, 0); ?> |
407 <?php echo gen_sprite(cdnPath . '/images/protect-icons.png', 22, 22, 22, 0); ?> |
408 <?php echo $lang->get('onpage_protect_btn_semi'); ?> |
408 <?php echo $lang->get('onpage_protect_btn_semi'); ?> |
409 </label> |
409 </label> |
410 </div> |
410 </div> |
411 <div class="protectlevel_hint" style="font-size: smaller; margin-left: 68px;"> |
411 <div class="protectlevel_hint" style="font-size: smaller; margin-left: 68px;"> |
412 <?php echo $lang->get('onpage_protect_btn_semi_hint'); ?> |
412 <?php echo $lang->get('onpage_protect_btn_semi_hint'); ?> |
413 </div> |
413 </div> |
414 |
414 |
415 <div class="protectlevel" style="line-height: 22px; margin-left: 17px;"> |
415 <div class="protectlevel" style="line-height: 22px; margin-left: 17px;"> |
416 <label> |
416 <label> |
417 <input type="radio" name="level" value="<?php echo PROTECT_NONE; ?>" /> |
417 <input type="radio" name="level" value="<?php echo PROTECT_NONE; ?>" /> |
418 <?php echo gen_sprite(cdnPath . '/images/protect-icons.png', 22, 22, 44, 0); ?> |
418 <?php echo gen_sprite(cdnPath . '/images/protect-icons.png', 22, 22, 44, 0); ?> |
419 <?php echo $lang->get('onpage_protect_btn_none'); ?> |
419 <?php echo $lang->get('onpage_protect_btn_none'); ?> |
420 </label> |
420 </label> |
421 </div> |
421 </div> |
422 <div class="protectlevel_hint" style="font-size: smaller; margin-left: 68px;"> |
422 <div class="protectlevel_hint" style="font-size: smaller; margin-left: 68px;"> |
423 <?php echo $lang->get('onpage_protect_btn_none_hint'); ?> |
423 <?php echo $lang->get('onpage_protect_btn_none_hint'); ?> |
424 </div> |
424 </div> |
425 |
425 |
426 <table style="margin-left: 1em;" cellspacing="10"> |
426 <table style="margin-left: 1em;" cellspacing="10"> |
427 <tr> |
427 <tr> |
428 <td valign="top"> |
428 <td valign="top"> |
429 <?php echo $lang->get('onpage_protect_lbl_reason'); ?> |
429 <?php echo $lang->get('onpage_protect_lbl_reason'); ?> |
430 </td> |
430 </td> |
431 <td> |
431 <td> |
432 <input type="text" name="reason" size="40" /><br /> |
432 <input type="text" name="reason" size="40" /><br /> |
433 <small><?php echo $lang->get('onpage_protect_lbl_reason_hint'); ?></small> |
433 <small><?php echo $lang->get('onpage_protect_lbl_reason_hint'); ?></small> |
434 </td> |
434 </td> |
435 </tr> |
435 </tr> |
436 </table> |
436 </table> |
437 |
437 |
438 <p> |
438 <p> |
439 <input type="submit" value="<?php echo htmlspecialchars($lang->get('page_protect_btn_submit')) ?>" style="font-weight: bold;" /> |
439 <input type="submit" value="<?php echo htmlspecialchars($lang->get('page_protect_btn_submit')) ?>" style="font-weight: bold;" /> |
440 <a class="abutton" href="<?php echo makeUrl($paths->page, false, true); ?>"><?php echo $lang->get('etc_cancel'); ?></a> |
440 <a class="abutton" href="<?php echo makeUrl($paths->page, false, true); ?>"><?php echo $lang->get('etc_cancel'); ?></a> |
441 </p> |
441 </p> |
442 </form> |
442 </form> |
443 <?php |
443 <?php |
444 $template->footer(); |
444 $template->footer(); |
445 break; |
445 break; |
446 case 'rename': |
446 case 'rename': |
447 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
447 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
448 if(!empty($_POST['newname'])) |
448 if(!empty($_POST['newname'])) |
449 { |
449 { |
450 $r = PageUtils::rename($paths->page_id, $paths->namespace, $_POST['newname']); |
450 $r = PageUtils::rename($paths->page_id, $paths->namespace, $_POST['newname']); |
451 die_friendly($lang->get('page_rename_success_title'), '<p>'.nl2br($r).' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>'); |
451 die_friendly($lang->get('page_rename_success_title'), '<p>'.nl2br($r).' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>'); |
452 } |
452 } |
453 $template->header(); |
453 $template->header(); |
454 ?> |
454 ?> |
455 <form action="<?php echo makeUrl($paths->page, 'do=rename'); ?>" method="post"> |
455 <form action="<?php echo makeUrl($paths->page, 'do=rename'); ?>" method="post"> |
456 <?php if(isset($_POST['newname'])) echo '<p style="color: red;">' . $lang->get('page_rename_err_need_name') . '</p>'; ?> |
456 <?php if(isset($_POST['newname'])) echo '<p style="color: red;">' . $lang->get('page_rename_err_need_name') . '</p>'; ?> |
457 <p><?php echo $lang->get('page_rename_lbl'); ?></p> |
457 <p><?php echo $lang->get('page_rename_lbl'); ?></p> |
458 <p><input type="text" name="newname" size="40" /></p> |
458 <p><input type="text" name="newname" size="40" /></p> |
459 <p><input type="submit" value="<?php echo htmlspecialchars($lang->get('page_rename_btn_submit')); ?>" style="font-weight: bold;" /></p> |
459 <p><input type="submit" value="<?php echo htmlspecialchars($lang->get('page_rename_btn_submit')); ?>" style="font-weight: bold;" /></p> |
460 </form> |
460 </form> |
461 <?php |
461 <?php |
462 $template->footer(); |
462 $template->footer(); |
463 break; |
463 break; |
464 case 'flushlogs': |
464 case 'flushlogs': |
465 if(!$session->get_permissions('clear_logs')) |
465 if(!$session->get_permissions('clear_logs')) |
466 { |
466 { |
467 die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>'); |
467 die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>'); |
468 } |
468 } |
469 if ( !$session->sid_super ) |
469 if ( !$session->sid_super ) |
470 { |
470 { |
471 redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=flushlogs&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); |
471 redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=flushlogs&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); |
472 } |
472 } |
473 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
473 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
474 if(isset($_POST['_downthejohn'])) |
474 if(isset($_POST['_downthejohn'])) |
475 { |
475 { |
476 $template->header(); |
476 $template->header(); |
477 $result = PageUtils::flushlogs($paths->page_id, $paths->namespace); |
477 $result = PageUtils::flushlogs($paths->page_id, $paths->namespace); |
478 echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>'; |
478 echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>'; |
479 $template->footer(); |
479 $template->footer(); |
480 break; |
480 break; |
481 } |
481 } |
482 $template->header(); |
482 $template->header(); |
483 ?> |
483 ?> |
484 <form action="<?php echo makeUrl($paths->page, 'do=flushlogs'); ?>" method="post"> |
484 <form action="<?php echo makeUrl($paths->page, 'do=flushlogs'); ?>" method="post"> |
485 <?php echo $lang->get('page_flushlogs_warning_stern'); ?> |
485 <?php echo $lang->get('page_flushlogs_warning_stern'); ?> |
486 <p><input type="submit" name="_downthejohn" value="<?php echo htmlspecialchars($lang->get('page_flushlogs_btn_submit')); ?>" style="color: red; font-weight: bold;" /></p> |
486 <p><input type="submit" name="_downthejohn" value="<?php echo htmlspecialchars($lang->get('page_flushlogs_btn_submit')); ?>" style="color: red; font-weight: bold;" /></p> |
487 </form> |
487 </form> |
488 <?php |
488 <?php |
489 $template->footer(); |
489 $template->footer(); |
490 break; |
490 break; |
491 case 'delvote': |
491 case 'delvote': |
492 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
492 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
493 if(isset($_POST['_ballotbox'])) |
493 if(isset($_POST['_ballotbox'])) |
494 { |
494 { |
495 $template->header(); |
495 $template->header(); |
496 $result = PageUtils::delvote($paths->page_id, $paths->namespace); |
496 $result = PageUtils::delvote($paths->page_id, $paths->namespace); |
497 echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>'; |
497 echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>'; |
498 $template->footer(); |
498 $template->footer(); |
499 break; |
499 break; |
500 } |
500 } |
501 $template->header(); |
501 $template->header(); |
502 ?> |
502 ?> |
503 <form action="<?php echo makeUrl($paths->page, 'do=delvote'); ?>" method="post"> |
503 <form action="<?php echo makeUrl($paths->page, 'do=delvote'); ?>" method="post"> |
504 <?php |
504 <?php |
505 echo $lang->get('page_delvote_warning_stern'); |
505 echo $lang->get('page_delvote_warning_stern'); |
506 echo '<p>'; |
506 echo '<p>'; |
507 switch($paths->cpage['delvotes']) |
507 switch($paths->cpage['delvotes']) |
508 { |
508 { |
509 case 0: echo $lang->get('page_delvote_count_zero'); break; |
509 case 0: echo $lang->get('page_delvote_count_zero'); break; |
510 case 1: echo $lang->get('page_delvote_count_one'); break; |
510 case 1: echo $lang->get('page_delvote_count_one'); break; |
511 default: echo $lang->get('page_delvote_count_plural', array('delvotes' => $paths->cpage['delvotes'])); break; |
511 default: echo $lang->get('page_delvote_count_plural', array('delvotes' => $paths->cpage['delvotes'])); break; |
512 } |
512 } |
513 echo '</p>'; |
513 echo '</p>'; |
514 ?> |
514 ?> |
515 <p><input type="submit" name="_ballotbox" value="<?php echo htmlspecialchars($lang->get('page_delvote_btn_submit')); ?>" /></p> |
515 <p><input type="submit" name="_ballotbox" value="<?php echo htmlspecialchars($lang->get('page_delvote_btn_submit')); ?>" /></p> |
516 </form> |
516 </form> |
517 <?php |
517 <?php |
518 $template->footer(); |
518 $template->footer(); |
519 break; |
519 break; |
520 case 'resetvotes': |
520 case 'resetvotes': |
521 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
521 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
522 if(!$session->get_permissions('vote_reset')) |
522 if(!$session->get_permissions('vote_reset')) |
523 { |
523 { |
524 die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>'); |
524 die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>'); |
525 } |
525 } |
526 if(isset($_POST['_youmaylivealittlelonger'])) |
526 if(isset($_POST['_youmaylivealittlelonger'])) |
527 { |
527 { |
528 $template->header(); |
528 $template->header(); |
529 $result = PageUtils::resetdelvotes($paths->page_id, $paths->namespace); |
529 $result = PageUtils::resetdelvotes($paths->page_id, $paths->namespace); |
530 echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>'; |
530 echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>'; |
531 $template->footer(); |
531 $template->footer(); |
532 break; |
532 break; |
533 } |
533 } |
534 $template->header(); |
534 $template->header(); |
535 ?> |
535 ?> |
536 <form action="<?php echo makeUrl($paths->page, 'do=resetvotes'); ?>" method="post"> |
536 <form action="<?php echo makeUrl($paths->page, 'do=resetvotes'); ?>" method="post"> |
537 <p><?php echo $lang->get('ajax_delvote_reset_confirm'); ?></p> |
537 <p><?php echo $lang->get('ajax_delvote_reset_confirm'); ?></p> |
538 <p><input type="submit" name="_youmaylivealittlelonger" value="<?php echo htmlspecialchars($lang->get('page_delvote_reset_btn_submit')); ?>" /></p> |
538 <p><input type="submit" name="_youmaylivealittlelonger" value="<?php echo htmlspecialchars($lang->get('page_delvote_reset_btn_submit')); ?>" /></p> |
539 </form> |
539 </form> |
540 <?php |
540 <?php |
541 $template->footer(); |
541 $template->footer(); |
542 break; |
542 break; |
543 case 'deletepage': |
543 case 'deletepage': |
544 if ( !$session->get_permissions('delete_page') ) |
544 if ( !$session->get_permissions('delete_page') ) |
545 { |
545 { |
546 die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>'); |
546 die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>'); |
547 } |
547 } |
548 if ( !$session->sid_super ) |
548 if ( !$session->sid_super ) |
549 { |
549 { |
550 redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=deletepage&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); |
550 redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=deletepage&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); |
551 } |
551 } |
552 |
552 |
553 require_once(ENANO_ROOT . '/includes/pageutils.php'); |
553 require_once(ENANO_ROOT . '/includes/pageutils.php'); |
554 if ( isset($_POST['_adiossucker']) ) |
554 if ( isset($_POST['_adiossucker']) ) |
555 { |
555 { |
556 $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false; |
556 $reason = ( isset($_POST['reason']) ) ? $_POST['reason'] : false; |
557 if ( empty($reason) ) |
557 if ( empty($reason) ) |
558 $error = $lang->get('ajax_delete_prompt_reason'); |
558 $error = $lang->get('ajax_delete_prompt_reason'); |
559 else |
559 else |
560 { |
560 { |
561 $template->header(); |
561 $template->header(); |
562 $result = PageUtils::deletepage($paths->page_id, $paths->namespace, $reason); |
562 $result = PageUtils::deletepage($paths->page_id, $paths->namespace, $reason); |
563 echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>'; |
563 echo '<p>'.$result.' <a href="'.makeUrl($paths->page).'">' . $lang->get('etc_return_to_page') . '</a>.</p>'; |
564 $template->footer(); |
564 $template->footer(); |
565 break; |
565 break; |
566 } |
566 } |
567 } |
567 } |
568 $template->header(); |
568 $template->header(); |
569 ?> |
569 ?> |
570 <form action="<?php echo makeUrl($paths->page, 'do=deletepage'); ?>" method="post"> |
570 <form action="<?php echo makeUrl($paths->page, 'do=deletepage'); ?>" method="post"> |
571 <?php echo $lang->get('page_delete_warning_stern'); ?> |
571 <?php echo $lang->get('page_delete_warning_stern'); ?> |
572 <?php if ( isset($error) ) echo "<p>$error</p>"; ?> |
572 <?php if ( isset($error) ) echo "<p>$error</p>"; ?> |
573 <p><?php echo $lang->get('page_delete_lbl_reason'); ?> <input type="text" name="reason" size="50" /></p> |
573 <p><?php echo $lang->get('page_delete_lbl_reason'); ?> <input type="text" name="reason" size="50" /></p> |
574 <p><input type="submit" name="_adiossucker" value="<?php echo htmlspecialchars($lang->get('page_delete_btn_submit')); ?>" style="font-weight: bold;" /></p> |
574 <p><input type="submit" name="_adiossucker" value="<?php echo htmlspecialchars($lang->get('page_delete_btn_submit')); ?>" style="font-weight: bold;" /></p> |
575 </form> |
575 </form> |
576 <?php |
576 <?php |
577 $template->footer(); |
577 $template->footer(); |
578 break; |
578 break; |
579 case 'setwikimode': |
579 case 'setwikimode': |
580 if(!$session->get_permissions('set_wiki_mode')) |
580 if(!$session->get_permissions('set_wiki_mode')) |
581 { |
581 { |
582 die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>'); |
582 die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>'); |
583 } |
583 } |
584 if ( isset($_POST['finish']) ) |
584 if ( isset($_POST['finish']) ) |
585 { |
585 { |
586 $level = intval($_POST['level']); |
586 $level = intval($_POST['level']); |
587 if ( !in_array($level, array(0, 1, 2) ) ) |
587 if ( !in_array($level, array(0, 1, 2) ) ) |
588 { |
588 { |
589 die_friendly('Invalid request', '<p>Level not specified</p>'); |
589 die_friendly('Invalid request', '<p>Level not specified</p>'); |
590 } |
590 } |
591 $q = $db->sql_query('UPDATE '.table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $paths->namespace . '\';'); |
591 $q = $db->sql_query('UPDATE '.table_prefix.'pages SET wiki_mode=' . $level . ' WHERE urlname=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $paths->namespace . '\';'); |
592 if ( !$q ) |
592 if ( !$q ) |
593 $db->_die(); |
593 $db->_die(); |
594 redirect(makeUrl($paths->page), htmlspecialchars($paths->cpage['name']), $lang->get('page_wikimode_success_redirect'), 2); |
594 redirect(makeUrl($paths->page), htmlspecialchars($paths->cpage['name']), $lang->get('page_wikimode_success_redirect'), 2); |
595 } |
595 } |
596 else |
596 else |
597 { |
597 { |
598 $template->header(); |
598 $template->header(); |
599 if(!isset($_GET['level']) || ( isset($_GET['level']) && !preg_match('#^([0-9])$#', $_GET['level']))) die_friendly('Invalid request', '<p>Level not specified</p>'); |
599 if(!isset($_GET['level']) || ( isset($_GET['level']) && !preg_match('#^([0-9])$#', $_GET['level']))) die_friendly('Invalid request', '<p>Level not specified</p>'); |
600 $level = intval($_GET['level']); |
600 $level = intval($_GET['level']); |
601 if ( !in_array($level, array(0, 1, 2) ) ) |
601 if ( !in_array($level, array(0, 1, 2) ) ) |
602 { |
602 { |
603 die_friendly('Invalid request', '<p>Level not specified</p>'); |
603 die_friendly('Invalid request', '<p>Level not specified</p>'); |
604 } |
604 } |
605 echo '<form action="' . makeUrl($paths->page, 'do=setwikimode', true) . '" method="post">'; |
605 echo '<form action="' . makeUrl($paths->page, 'do=setwikimode', true) . '" method="post">'; |
606 echo '<input type="hidden" name="finish" value="foo" />'; |
606 echo '<input type="hidden" name="finish" value="foo" />'; |
607 echo '<input type="hidden" name="level" value="' . $level . '" />'; |
607 echo '<input type="hidden" name="level" value="' . $level . '" />'; |
608 $level_txt = ( $level == 0 ) ? 'page_wikimode_level_off' : ( ( $level == 1 ) ? 'page_wikimode_level_on' : 'page_wikimode_level_global' ); |
608 $level_txt = ( $level == 0 ) ? 'page_wikimode_level_off' : ( ( $level == 1 ) ? 'page_wikimode_level_on' : 'page_wikimode_level_global' ); |
609 $blurb = ( $level == 0 || ( $level == 2 && getConfig('wiki_mode') != '1' ) ) ? 'page_wikimode_blurb_disable' : 'page_wikimode_blurb_enable'; |
609 $blurb = ( $level == 0 || ( $level == 2 && getConfig('wiki_mode') != '1' ) ) ? 'page_wikimode_blurb_disable' : 'page_wikimode_blurb_enable'; |
610 ?> |
610 ?> |
611 <h3><?php echo $lang->get('page_wikimode_heading'); ?></h3> |
611 <h3><?php echo $lang->get('page_wikimode_heading'); ?></h3> |
612 <p><?php echo $lang->get($level_txt) . ' ' . $lang->get($blurb); ?></p> |
612 <p><?php echo $lang->get($level_txt) . ' ' . $lang->get($blurb); ?></p> |
613 <p><?php echo $lang->get('page_wikimode_warning'); ?></p> |
613 <p><?php echo $lang->get('page_wikimode_warning'); ?></p> |
614 <p><input type="submit" value="<?php echo htmlspecialchars($lang->get('page_wikimode_btn_submit')); ?>" /></p> |
614 <p><input type="submit" value="<?php echo htmlspecialchars($lang->get('page_wikimode_btn_submit')); ?>" /></p> |
615 <?php |
615 <?php |
616 echo '</form>'; |
616 echo '</form>'; |
617 $template->footer(); |
617 $template->footer(); |
618 } |
618 } |
619 break; |
619 break; |
620 case 'diff': |
620 case 'diff': |
621 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
621 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
622 require_once(ENANO_ROOT.'/includes/diff.php'); |
622 require_once(ENANO_ROOT.'/includes/diff.php'); |
623 $template->header(); |
623 $template->header(); |
624 $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false; |
624 $id1 = ( isset($_GET['diff1']) ) ? (int)$_GET['diff1'] : false; |
625 $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false; |
625 $id2 = ( isset($_GET['diff2']) ) ? (int)$_GET['diff2'] : false; |
626 if ( !$id1 || !$id2 ) |
626 if ( !$id1 || !$id2 ) |
627 { |
627 { |
628 echo '<p>Invalid request.</p>'; |
628 echo '<p>Invalid request.</p>'; |
629 $template->footer(); |
629 $template->footer(); |
630 break; |
630 break; |
631 } |
631 } |
632 if ( !ctype_digit($_GET['diff1']) || !ctype_digit($_GET['diff1']) ) |
632 if ( !ctype_digit($_GET['diff1']) || !ctype_digit($_GET['diff1']) ) |
633 { |
633 { |
634 echo '<p>SQL injection attempt</p>'; |
634 echo '<p>SQL injection attempt</p>'; |
635 $template->footer(); |
635 $template->footer(); |
636 break; |
636 break; |
637 } |
637 } |
638 echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2); |
638 echo PageUtils::pagediff($paths->page_id, $paths->namespace, $id1, $id2); |
639 $template->footer(); |
639 $template->footer(); |
640 break; |
640 break; |
641 case 'detag': |
641 case 'detag': |
642 if ( $session->user_level < USER_LEVEL_ADMIN ) |
642 if ( $session->user_level < USER_LEVEL_ADMIN ) |
643 { |
643 { |
644 die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>'); |
644 die_friendly($lang->get('etc_access_denied_short'), '<p>' . $lang->get('etc_access_denied') . '</p>'); |
645 } |
645 } |
646 if ( $paths->page_exists ) |
646 if ( $paths->page_exists ) |
647 { |
647 { |
648 die_friendly($lang->get('etc_invalid_request_short'), '<p>' . $lang->get('page_detag_err_page_exists') . '</p>'); |
648 die_friendly($lang->get('etc_invalid_request_short'), '<p>' . $lang->get('page_detag_err_page_exists') . '</p>'); |
649 } |
649 } |
650 $q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $paths->namespace . '\';'); |
650 $q = $db->sql_query('DELETE FROM '.table_prefix.'tags WHERE page_id=\'' . $db->escape($paths->page_id) . '\' AND namespace=\'' . $paths->namespace . '\';'); |
651 if ( !$q ) |
651 if ( !$q ) |
652 $db->_die('Detag query, index.php:'.__LINE__); |
652 $db->_die('Detag query, index.php:'.__LINE__); |
653 die_friendly($lang->get('page_detag_success_title'), '<p>' . $lang->get('page_detag_success_body') . '</p>'); |
653 die_friendly($lang->get('page_detag_success_title'), '<p>' . $lang->get('page_detag_success_body') . '</p>'); |
654 break; |
654 break; |
655 case 'aclmanager': |
655 case 'aclmanager': |
656 if ( !$session->sid_super ) |
656 if ( !$session->sid_super ) |
657 { |
657 { |
658 redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=aclmanager&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); |
658 redirect(makeUrlNS('Special', "Login/{$paths->page}", 'target_do=aclmanager&level=' . $session->user_level, false), $lang->get('etc_access_denied_short'), $lang->get('etc_access_denied_need_reauth'), 0); |
659 } |
659 } |
660 |
660 |
661 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
661 require_once(ENANO_ROOT.'/includes/pageutils.php'); |
662 $data = ( isset($_POST['data']) ) ? $_POST['data'] : Array('mode' => 'listgroups'); |
662 $data = ( isset($_POST['data']) ) ? $_POST['data'] : Array('mode' => 'listgroups'); |
663 PageUtils::aclmanager($data); |
663 PageUtils::aclmanager($data); |
664 break; |
664 break; |
665 case 'sql_report': |
665 case 'sql_report': |
666 $rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 ); |
666 $rev_id = ( (isset($_GET['oldid'])) ? intval($_GET['oldid']) : 0 ); |
667 $page = new PageProcessor( $paths->page_id, $paths->namespace, $rev_id ); |
667 $page = new PageProcessor( $paths->page_id, $paths->namespace, $rev_id ); |
668 $page->send_headers = true; |
668 $page->send_headers = true; |
669 $pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : ''; |
669 $pagepass = ( isset($_REQUEST['pagepass']) ) ? sha1($_REQUEST['pagepass']) : ''; |
670 $page->password = $pagepass; |
670 $page->password = $pagepass; |
671 $page->send(true); |
671 $page->send(true); |
672 ob_end_clean(); |
672 ob_end_clean(); |
673 ob_start(); |
673 ob_start(); |
674 $db->sql_report(); |
674 $db->sql_report(); |
675 break; |
675 break; |
676 } |
676 } |
677 |
677 |
678 // Generate an ETag |
678 // Generate an ETag |
679 /* |
679 /* |
680 // format: first 10 digits of SHA1 of page name, user id in hex, user and auth levels, page timestamp in hex |
680 // format: first 10 digits of SHA1 of page name, user id in hex, user and auth levels, page timestamp in hex |
681 $etag = substr(sha1($paths->namespace . ':' . $paths->page_id), 0, 10) . '-' . |
681 $etag = substr(sha1($paths->namespace . ':' . $paths->page_id), 0, 10) . '-' . |
682 "u{$session->user_id}l{$session->user_level}a{$session->auth_level}-" . |
682 "u{$session->user_id}l{$session->user_level}a{$session->auth_level}-" . |
683 dechex($page_timestamp); |
683 dechex($page_timestamp); |
684 |
684 |
685 if ( isset($_SERVER['HTTP_IF_NONE_MATCH']) ) |
685 if ( isset($_SERVER['HTTP_IF_NONE_MATCH']) ) |
686 { |
686 { |
687 if ( "\"$etag\"" == $_SERVER['HTTP_IF_NONE_MATCH'] ) |
687 if ( "\"$etag\"" == $_SERVER['HTTP_IF_NONE_MATCH'] ) |
688 { |
688 { |
689 header('HTTP/1.1 304 Not Modified'); |
689 header('HTTP/1.1 304 Not Modified'); |
690 exit(); |
690 exit(); |
691 } |
691 } |
692 } |
692 } |
693 |
693 |
694 header("ETag: \"$etag\""); |
694 header("ETag: \"$etag\""); |
695 */ |
695 */ |
696 |
696 |
697 $db->close(); |
697 $db->close(); |
698 gzip_output(); |
698 gzip_output(); |
699 |
699 |
700 @ob_end_flush(); |
700 @ob_end_flush(); |
701 |
701 |
702 ?> |
702 ?> |