diff -r 4629ad98ee88 -r 9cdfe82c56cd includes/functions.php --- a/includes/functions.php Sat Jan 03 17:54:26 2009 -0500 +++ b/includes/functions.php Sat Jan 03 18:11:18 2009 -0500 @@ -277,7 +277,7 @@ { $logged_in = true; } - return $logged_in ? getConfig('main_page_alt', getConfig('main_page')) : getConfig('main_page'); + return $logged_in && getConfig('main_page_alt_enable', '0') == '1' ? getConfig('main_page_alt', getConfig('main_page')) : getConfig('main_page'); } /** @@ -523,10 +523,10 @@ function csrf_request_confirm() { global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; + global $lang, $output; // If the token was overridden with the correct one, the user confirmed the action using this form. Continue exec. - if ( isset($_POST['cstok']) || isset($_GET ['cstok']) ) + if ( isset($_POST['cstok']) || isset($_GET['cstok']) ) { // using the if() check makes sure that the token isn't in a cookie, since $_REQUEST includes $_COOKIE. $token_check =& $_REQUEST['cstok']; @@ -537,8 +537,8 @@ } } - $template->tpl_strings['PAGE_NAME'] = htmlspecialchars($lang->get('user_csrf_confirm_title')); - $template->header(); + $output->set_title($lang->get('user_csrf_confirm_title')); + $output->header(); // initial info echo '

' . $lang->get('user_csrf_confirm_body') . '

'; @@ -564,9 +564,9 @@ // insert the right CSRF token echo ''; echo '

'; - echo ''; + echo ''; - $template->footer(); + $output->footer(); exit; } @@ -638,6 +638,35 @@ } /** + * Returns the appropriate Namespace_* object for a page. + * @param string Page ID + * @param string Namespace + * @param int Revision ID + */ + +function namespace_factory($page_id, $namespace, $revision_id = 0) +{ + if ( !class_exists("Namespace_$namespace") ) + { + if ( file_exists(ENANO_ROOT . "/includes/namespaces/" . strtolower($namespace) . ".php") ) + { + require(ENANO_ROOT . "/includes/namespaces/" . strtolower($namespace) . ".php"); + } + } + if ( class_exists("Namespace_$namespace") ) + { + $class = "Namespace_$namespace"; + $ns = new $class($page_id, $namespace, $revision_id); + return $ns; + } + else + { + $ns = new Namespace_Default($page_id, $namespace, $revision_id); + return $ns; + } +} + +/** * These are some old functions that were used with the Midget codebase. They are deprecated and should not be used any more. */ @@ -683,22 +712,10 @@ } function arrayItemBottom($arr, $keyname) { - $keylist = array_keys($arr); - $keyflop = array_flip($keylist); - $idx = $keyflop[$keyname]; - $sz = sizeof($arr); $sz--; - while( $orig != $arr[$keylist[$sz]] ) { - // echo 'Keyname: '.$keylist[$idx] . '
'; flush(); ob_flush(); // Debugger - if($idx > $sz) return $arr; - if($keylist[$idx] == '' || $keylist[$idx] < 0 || !$keylist[$idx]) { - echo 'Infinite loop caught in arrayItemBottom(
';
-      print_r($arr);
-      echo '

, '.$keyname.');

EnanoCMS: Critical error during function call, exiting to prevent excessive server load.'; - exit; - } - $arr = arrayItemDown($arr, $keylist[$idx]); - $idx++; - } + $b = $arr[$keyname]; + unset($arr[$keyname]); + $arr[$keyname] = $b; + unset($b); return $arr; } @@ -822,18 +839,11 @@ exit; } - $theme = ( defined('ENANO_CONFIG_FETCHED') ) ? getConfig('theme_default') : 'oxygen'; - $style = ( defined('ENANO_CONFIG_FETCHED') ) ? '__foo__' : 'bleu'; - - $tpl = new template_nodb(); - $tpl->load_theme($theme, $style); - $tpl->tpl_strings['SITE_NAME'] = getConfig('site_name'); - $tpl->tpl_strings['SITE_DESC'] = getConfig('site_desc'); - $tpl->tpl_strings['COPYRIGHT'] = getConfig('copyright_notice'); - $tpl->tpl_strings['PAGE_NAME'] = $t; - $tpl->header(); + $output = new Output_Safe(); + $output->set_title($t); + $output->header(); echo $p; - $tpl->footer(); + $output->footer(); exit; } @@ -918,169 +928,7 @@ function show_category_info() { - global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; - - if ( $paths->namespace == 'Category' ) - { - // Show member pages and subcategories - $q = $db->sql_query('SELECT p.urlname, p.namespace, p.name, p.namespace=\'Category\' AS is_category FROM '.table_prefix.'categories AS c - LEFT JOIN '.table_prefix.'pages AS p - ON ( p.urlname = c.page_id AND p.namespace = c.namespace ) - WHERE c.category_id=\'' . $db->escape($paths->page_id) . '\' - ORDER BY is_category DESC, p.name ASC;'); - if ( !$q ) - { - $db->_die(); - } - echo '

' . $lang->get('onpage_cat_heading_subcategories') . '

'; - echo '
'; - echo ''; - echo ''; - $ticker = 0; - $counter = 0; - $switched = false; - $class = 'row1'; - while ( $row = $db->fetchrow() ) - { - if ( $row['is_category'] == 0 && !$switched ) - { - if ( $counter > 0 ) - { - // Fill-in - while ( $ticker < 3 ) - { - $ticker++; - echo ''; - } - } - else - { - echo ''; - } - echo '
' . $lang->get('onpage_cat_msg_no_subcategories') . '
' . "\n\n"; - echo '

' . $lang->get('onpage_cat_heading_pages') . '

'; - echo '
'; - echo ''; - echo ''; - $counter = 0; - $ticker = -1; - $switched = true; - } - $counter++; - $ticker++; - if ( $ticker == 3 ) - { - echo ''; - $ticker = 0; - $class = ( $class == 'row3' ) ? 'row1' : 'row3'; - } - echo ""; - } - if ( !$switched ) - { - if ( $counter > 0 ) - { - // Fill-in - while ( $ticker < 2 ) - { - $ticker++; - echo ''; - } - } - else - { - echo ''; - } - echo '
"; // " to workaround stupid jEdit bug - - $link = makeUrlNS($row['namespace'], sanitize_page_id($row['urlname'])); - echo 'nslist[$row['namespace']] . sanitize_page_id($row['urlname']); - if ( !isPage( $key ) ) - { - echo ' class="wikilink-nonexistent"'; - } - echo '>'; - $title = get_page_title_ns($row['urlname'], $row['namespace']); - echo htmlspecialchars($title); - echo ''; - - echo "' . $lang->get('onpage_cat_msg_no_subcategories') . '
' . "\n\n"; - echo '

' . $lang->get('onpage_cat_heading_pages') . '

'; - echo '
'; - echo ''; - echo ''; - $counter = 0; - $ticker = 0; - $switched = true; - } - if ( $counter > 0 ) - { - // Fill-in - while ( $ticker < 2 ) - { - $ticker++; - echo ''; - } - } - else - { - echo ''; - } - echo '
' . $lang->get('onpage_cat_msg_no_pages') . '
' . "\n\n"; - } - - if ( $paths->namespace != 'Special' && $paths->namespace != 'Admin' ) - { - echo '
'; - echo '
'; - echo '(' . $lang->get('tags_catbox_link') . ')'; - echo '
'; - echo '
' . $lang->get('catedit_catbox_lbl_categories') . ' '; - - $where = '( c.page_id=\'' . $db->escape($paths->page_id) . '\' AND c.namespace=\'' . $db->escape($paths->namespace) . '\' )'; - $prefix = table_prefix; - $sql = <<sql_query($sql); - if ( !$q ) - $db->_die(); - - if ( $row = $db->fetchrow() ) - { - $list = array(); - do - { - $cid = sanitize_page_id($row['category_id']); - $title = get_page_title_ns($cid, 'Category'); - $link = makeUrlNS('Category', $cid); - $list[] = '' . htmlspecialchars($title) . ''; - } - while ( $row = $db->fetchrow() ); - echo implode(', ', $list); - } - else - { - echo $lang->get('catedit_catbox_lbl_uncategorized'); - } - - $can_edit = ( $session->get_permissions('edit_cat') && ( !$paths->page_protected || $session->get_permissions('even_when_protected') ) ); - if ( $can_edit ) - { - $edit_link = '' . $lang->get('catedit_catbox_link_edit') . ''; - echo ' [ ' . $edit_link . ' ]'; - } - - echo '
'; - - } - + throw new Exception('show_category_info() is deprecated. Use Namespace_*::display_categories().'); } /** @@ -1089,146 +937,7 @@ function show_file_info($page = false) { - global $db, $session, $paths, $template, $plugins; // Common objects - global $lang; - - $local_page_id = $paths->page_id; - $local_namespace = $paths->namespace; - - if ( is_object($page) ) - { - $local_page = $page->page_id; - $local_namespace = $page->namespace; - } - - // Prevent unnecessary work - if ( $local_namespace != 'File' ) - return null; - - $selfn = $local_page_id; - if ( substr($paths->cpage['name'], 0, strlen($paths->nslist['File'])) == $paths->nslist['File']) - { - $selfn = substr($local_page_id, strlen($paths->nslist['File']), strlen($local_page_id)); - } - $selfn = $db->escape($selfn); - $q = $db->sql_query('SELECT f.mimetype,f.time_id,f.size,l.log_id FROM ' . table_prefix . "files AS f\n" - . " LEFT JOIN " . table_prefix . "logs AS l\n" - . " ON ( l.time_id = f.time_id AND ( l.action = 'reupload' OR l.action IS NULL ) )\n" - . " WHERE f.page_id = '$selfn'\n" - . " ORDER BY f.time_id DESC;"); - if ( !$q ) - { - $db->_die('The file type could not be fetched.'); - } - - if ( $db->numrows() < 1 ) - { - echo '
-

' . $lang->get('onpage_filebox_heading') . '

-

' . $lang->get('onpage_filebox_msg_not_found', array('upload_link' => makeUrlNS('Special', 'UploadFile/'.$local_page_id))) . '

-
-
'; - return; - } - $r = $db->fetchrow(); - $mimetype = $r['mimetype']; - $datestring = enano_date('F d, Y h:i a', (int)$r['time_id']); - echo '
-

' . $lang->get('onpage_filebox_heading') . '

-

' . $lang->get('onpage_filebox_lbl_type') . ' '.$r['mimetype'].'
'; - - $size = $r['size'] . ' ' . $lang->get('etc_unit_bytes'); - if ( $r['size'] >= 1048576 ) - { - $size .= ' (' . ( round($r['size'] / 1048576, 1) ) . ' ' . $lang->get('etc_unit_megabytes_short') . ')'; - } - else if ( $r['size'] >= 1024 ) - { - $size .= ' (' . ( round($r['size'] / 1024, 1) ) . ' ' . $lang->get('etc_unit_kilobytes_short') . ')'; - } - - echo $lang->get('onpage_filebox_lbl_size', array('size' => $size)); - - echo '
' . $lang->get('onpage_filebox_lbl_uploaded') . ' ' . $datestring . '

'; - if ( substr($mimetype, 0, 6) != 'image/' && ( substr($mimetype, 0, 5) != 'text/' || $mimetype == 'text/html' || $mimetype == 'text/javascript' ) ) - { - echo '
- ' . $lang->get('onpage_filebox_msg_virus_warning') . ' -
'; - } - if ( substr($mimetype, 0, 6) == 'image/' ) - { - echo '

- - '.$paths->page.' - -

'; - } - echo '

- - ' . $lang->get('onpage_filebox_btn_download') . ' - '; - if(!$paths->page_protected && ( $paths->wiki_mode || $session->get_permissions('upload_new_version') )) - { - echo ' | - ' . $lang->get('onpage_filebox_btn_upload_new') . ' - '; - } - echo '

'; - if ( $db->numrows() > 1 ) - { - // requery, sql_result_seek() doesn't work on postgres - $db->free_result(); - $q = $db->sql_query('SELECT f.mimetype,f.time_id,f.size,l.log_id FROM ' . table_prefix . "files AS f\n" - . " LEFT JOIN " . table_prefix . "logs AS l\n" - . " ON ( l.time_id = f.time_id AND ( l.action = 'reupload' OR l.action IS NULL ) )\n" - . " WHERE f.page_id = '$selfn'\n" - . " ORDER BY f.time_id DESC;"); - if ( !$q ) - $db->_die(); - - echo '

' . $lang->get('onpage_filebox_heading_history') . '

'; - $last_rollback_id = false; - while ( $r = $db->fetchrow() ) - { - echo '(' . $lang->get('onpage_filebox_btn_this_version') . ') '; - if ( $session->get_permissions('history_rollback') && $last_rollback_id ) - echo ' (' . $lang->get('onpage_filebox_btn_revert') . ') '; - else if ( $session->get_permissions('history_rollback') && !$last_rollback_id ) - echo ' (' . $lang->get('onpage_filebox_btn_current') . ') '; - $last_rollback_id = $r['log_id']; - $mimetype = $r['mimetype']; - $datestring = enano_date('F d, Y h:i a', (int)$r['time_id']); - - echo $datestring.': '.$r['mimetype'].', '; - - $fs = $r['size']; - $fs = (int)$fs; - - if($fs >= 1048576) - { - $fs = round($fs / 1048576, 1); - $size = $fs . ' ' . $lang->get('etc_unit_megabytes_short'); - } - else - if ( $fs >= 1024 ) - { - $fs = round($fs / 1024, 1); - $size = $fs . ' ' . $lang->get('etc_unit_kilobytes_short'); - } - else - { - $size = $fs . ' ' . $lang->get('etc_unit_bytes'); - } - - echo $size; - - echo '
'; - } - echo '

'; - } - $db->free_result(); - echo '

'; + throw new Exception('show_file_info() is deprecated. Use Namespace_File::show_info().'); } /** @@ -1262,14 +971,17 @@ function display_page_footers() { global $db, $session, $paths, $template, $plugins; // Common objects - if(isset($_GET['nofooters'])) return; + + if ( isset($_GET['nofooters']) ) + { + return; + } + $code = $plugins->setHook('send_page_footers'); foreach ( $code as $cmd ) { eval($cmd); } - show_file_info(); - show_category_info(); } /** @@ -2915,6 +2627,8 @@ $char = strtolower($char); $char = intval(hexdec($char)); $char = chr($char); + if ( preg_match('/^[\w\.\/:;\(\)@\[\]_-]$/', $char) ) + continue; $page_id = str_replace($matches[0][$id], $char, $page_id); }