Added ability to delete the draft revision; [SECURITY] fixed lack of permission check on draft save; renamed messagebox() constructor to MessageBox() (backward compat. maintained)
<?php
/*
* Enano - an open-source CMS capable of wiki functions, Drupal-like sidebar blocks, and everything in between
* Version 1.1.4 (Caoineag alpha 4)
* Copyright (C) 2006-2008 Dan Fuhry
* jsres.php - the Enano client-side runtime, a.k.a. AJAX on steroids
*
* This program is Free Software; you can redistribute and/or modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
* warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details.
*/
// Disable for IE, it causes problems.
if ( strstr(@$_SERVER['HTTP_USER_AGENT'], 'MSIE') )
{
header('HTTP/1.1 302 Redirect');
header('Location: static/enano-lib-basic.js');
exit();
}
// Setup Enano
//
// Determine the location of Enano as an absolute path.
//
// We need to see if this is a specially marked Enano development server. You can create an Enano
// development server by cloning the Mercurial repository into a directory named repo, and then
// using symlinks to reference the original files so as to segregate unique files from non-unique
// and distribution-standard ones. Enano will pivot its root directory accordingly if the file
// .enanodev is found in the Enano root (not /repo/).
if ( strpos(__FILE__, '/repo/') && ( file_exists('../../.enanodev') || file_exists('../../../.enanodev') ) )
{
// We have a development directory. Remove /repo/ from the picture.
$filename = str_replace('/repo/', '/', __FILE__);
}
else
{
// Standard Enano installation
$filename = __FILE__;
}
// ENANO_ROOT is sometimes defined by plugins like AjIM that need the constant before the Enano API is initialized
if ( !defined('ENANO_ROOT') )
define('ENANO_ROOT', dirname(dirname(dirname($filename))));
chdir(ENANO_ROOT);
// CONFIG
// Files safe to run full (aggressive) compression on
$full_compress_safe = array(
// Sorted by file size, descending (du -b *.js | sort -n)
'libbigint.js',
'ajax.js',
'editor.js',
'acl.js',
'misc.js',
'comments.js',
'rijndael.js',
'autofill.js',
'dropdown.js',
'paginate.js',
'autocomplete.js',
'md5.js',
'pwstrength.js',
'sha256.js',
'flyin.js',
'template-compiler.js',
'toolbar.js',
'diffiehellman.js',
'enanomath.js'
);
// Files that should NOT be compressed due to already being compressed, licensing, or invalid produced code
$compress_unsafe = array('SpryEffects.js', 'json.js', 'fat.js', 'admin-menu.js');
require('includes/functions.php');
require('includes/json2.php');
require('includes/js-compressor.php');
// try to gzip the output
$do_gzip = false;
if ( isset($_SERVER['HTTP_ACCEPT_ENCODING']) )
{
$acceptenc = str_replace(' ', '', strtolower($_SERVER['HTTP_ACCEPT_ENCODING']));
$acceptenc = explode(',', $acceptenc);
if ( in_array('gzip', $acceptenc) )
{
$do_gzip = true;
ob_start();
}
}
// Output format will always be JS
header('Content-type: text/javascript');
$everything = '';
// Load and parse enano_lib_basic
$file = @file_get_contents('includes/clientside/static/enano-lib-basic.js');
$pos_start_includes = strpos($file, '/*!START_INCLUDER*/');
$pos_end_includes = strpos($file, '/*!END_INCLUDER*/');
if ( !$pos_start_includes || !$pos_end_includes )
{
die('// Error: enano-lib-basic does not have required metacomments');
}
$pos_end_includes += strlen('/*!END_INCLUDER*/');
preg_match('/var thefiles = (\[([^\]]+?)\]);/', $file, $match);
if ( empty($match) )
die('// Error: could not retrieve file list from enano-lib-basic');
// Decode file list
try
{
$file_list = enano_json_decode($match[1]);
}
catch ( Exception $e )
{
die("// Exception caught during file list parsing");
}
$apex = filemtime('includes/clientside/static/enano-lib-basic.js');
$before_includes = substr($file, 0, $pos_start_includes);
$after_includes = substr($file, $pos_end_includes);
$everything .= $before_includes;
$everything .= $after_includes;
foreach ( $file_list as $js_file )
{
$file_contents = file_get_contents("includes/clientside/static/$js_file");
$file_md5 = md5($file_contents);
$time = filemtime("includes/clientside/static/$js_file");
if ( $time > $apex )
$apex = $time;
// Is this file cached?
$cache_path = ENANO_ROOT . "/cache/jsres_$js_file.json";
$loaded_cache = false;
if ( file_exists($cache_path) )
{
// Load the cache file and parse it.
$cache_file = file_get_contents($cache_path);
try
{
$cache_file = enano_json_decode($cache_file);
}
catch ( Exception $e )
{
// Don't do anything - let our fallbacks come into place
}
if ( is_array($cache_file) && isset($cache_file['md5']) && isset($cache_file['src']) )
{
if ( $cache_file['md5'] === $file_md5 )
{
$loaded_cache = true;
$file_contents = $cache_file['src'];
}
}
}
if ( !$loaded_cache )
{
// Try to open the cache file and write to it. If we can't do that, just don't compress the code.
$handle = @fopen($cache_path, 'w');
if ( $handle )
{
$aggressive = in_array($js_file, $full_compress_safe);
if ( !in_array($js_file, $compress_unsafe) )
$file_contents = perform_js_compress($file_contents, $aggressive);
$payload = enano_json_encode(array(
'md5' => $file_md5,
'src' => $file_contents
));
fwrite($handle, $payload);
fclose($handle);
}
}
$everything .= "\n // $js_file\n";
$everything .= "\n" . $file_contents;
}
// generate ETag
$etag = base64_encode(hexdecode(sha1($everything)));
if ( isset($_SERVER['HTTP_IF_NONE_MATCH']) )
{
if ( "\"$etag\"" == $_SERVER['HTTP_IF_NONE_MATCH'] )
{
header('HTTP/1.1 304 Not Modified');
exit();
}
}
$date = date('r', $apex);
header("Date: $date");
header("Last-Modified: $date");
header("ETag: \"$etag\"");
echo $everything;
if ( $do_gzip )
{
gzip_output();
}