Hacking Attempt

# HG changeset patch # User Dan # Date 1197063742 18000 # Node ID 854eecfada2025fa26c2442fed7b0a7112b6ea22 # Parent 199b9708f4a2c50865d9ba7e8e8504787c134cd2# Parent 6c7060d36a23644231b17be93865a2290dd51964 Merging in changes from stable diff -r 199b9708f4a2 -r 854eecfada20 ajax.php --- a/ajax.php Sun Dec 02 16:00:56 2007 -0500 +++ b/ajax.php Fri Dec 07 16:42:22 2007 -0500 @@ -12,6 +12,8 @@ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. */ + define('ENANO_INTERFACE_AJAX', ''); + // fillusername should be done without the help of the rest of Enano - all we need is the DBAL if ( isset($_GET['_mode']) && $_GET['_mode'] == 'fillusername' ) { diff -r 199b9708f4a2 -r 854eecfada20 cache/index.php --- a/cache/index.php Sun Dec 02 16:00:56 2007 -0500 +++ b/cache/index.php Fri Dec 07 16:42:22 2007 -0500 @@ -1,13 +1,10 @@ perms['edit_page'] = AUTH_DENY; -$session->perms['view_source'] = AUTH_DENY; -$template->tpl_strings['PAGE_NAME'] = 'Access denied'; $template->header(); -echo '

The administrator has flagged the page "' . $_SERVER['REQUEST_URI'] . '" so that it cannot be accessed from the web. Perhaps this is because this is a cache or includes directory and only needs to be accessed by scripts.

HTTP error: 403 Forbidden

'; +echo '

The administrator has flagged the page "' . htmlspecialchars($_SERVER['REQUEST_URI']) . '" so that it cannot be accessed from the web. Perhaps this is because this is a cache or includes directory and only needs to be accessed by scripts.

HTTP error: 403 Forbidden

'; $template->footer(); -$db->close(); + diff -r 199b9708f4a2 -r 854eecfada20 files/index.php --- a/files/index.php Sun Dec 02 16:00:56 2007 -0500 +++ b/files/index.php Fri Dec 07 16:42:22 2007 -0500 @@ -1,13 +1,10 @@ perms['edit_page'] = AUTH_DENY; -$session->perms['view_source'] = AUTH_DENY; -$template->tpl_strings['PAGE_NAME'] = 'Access denied'; $template->header(); -echo '

HTTP error: 403 Forbidden

'; +echo '

HTTP error: 403 Forbidden

'; $template->footer(); -$db->close(); + diff -r 199b9708f4a2 -r 854eecfada20 images/index.php --- a/images/index.php Sun Dec 02 16:00:56 2007 -0500 +++ b/images/index.php Fri Dec 07 16:42:22 2007 -0500 @@ -1,13 +1,10 @@ perms['edit_page'] = AUTH_DENY; -$session->perms['view_source'] = AUTH_DENY; -$template->tpl_strings['PAGE_NAME'] = 'Access denied'; $template->header(); -echo '

HTTP error: 403 Forbidden

'; +echo '

HTTP error: 403 Forbidden

'; $template->footer(); -$db->close(); + diff -r 199b9708f4a2 -r 854eecfada20 includes/common.php --- a/includes/common.php Sun Dec 02 16:00:56 2007 -0500 +++ b/includes/common.php Fri Dec 07 16:42:22 2007 -0500 @@ -11,8 +11,17 @@ * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for details. */ + +/** + * The main loader script that initializes everything about Enano in the proper order. Prepare to get + * redirected if you don't have $_GET['title'] or $_SERVER['PATH_INFO'] set up. + * @package Enano + * @subpackage Core + * @copyright See header block + */ -if(isset($_REQUEST['GLOBALS'])) +// Make sure we don't have an attempt to inject globals (register_globals on) +if ( isset($_REQUEST['GLOBALS']) ) { ?> Hacking Attempt

Hacking attempt using PHP $GLOBALS overwrite vulnerability detected, reported to admin

You're worse than this guy! Unless you are this guy...

', - 'openPopup' => 'debugConsole = window.open', - 'closePopup' => 'debugConsole.close()', - 'write' => 'debugConsole.document.write', - 'scroll' => 'debugConsole.scrollBy', - 'focus' => 'debugConsole.focus()' -); - -/** - * html snippets, do not touch! - */ -$_debugConsoleConfig['html'] = array ( - 'header' => ' - - - - debugConsole - - - - - ', - 'footer' => '' -); -?> \ No newline at end of file diff -r 199b9708f4a2 -r 854eecfada20 includes/debugger/debugConsole.functions.php --- a/includes/debugger/debugConsole.functions.php Sun Dec 02 16:00:56 2007 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,126 +0,0 @@ - - * @see - * @version 1.0.0 - * @package debugConsole_1.2.1 - */ - -/** - * show debug info of a variable in debugConsole, - * add own text for documentation or hints - * - * @param mixed $variable - * @param string $text - */ -function dc_dump($variable, $text) { - if(!defined('ENANO_DEBUG')) return false; - $debugConsole = debugConsoleLoader(); - - if (is_object($debugConsole)) { - $debugConsole->dump($variable, $text); - } -} - -/** - * watch value changes of a variable in debugConsole - * - * @param string $variableName - */ -function dc_watch($variableName) { - if(!defined('ENANO_DEBUG')) return false; - $debugConsole = debugConsoleLoader(); - - if (is_object($debugConsole)) { - $debugConsole->watchVariable($variableName); - } -} - -/** - * show checkpoint info in debugConsole to make sure - * that a certain program line has been passed - * - * @param string $message - */ -function dc_here($message = NULL) { - if(!defined('ENANO_DEBUG')) return false; - $debugConsole = debugConsoleLoader(); - - if (is_object($debugConsole)) { - (bool)$message ? $debugConsole->passedCheckpoint($message) : $debugConsole->passedCheckpoint(); - } -} - -/** - * starts a new timer clock and returns its handle - * - * @return mixed - * @param string $comment - */ -function dc_start_timer($comment) { - if(!defined('ENANO_DEBUG')) return false; - $debugConsole = debugConsoleLoader(); - - if (is_object($debugConsole)) { - return $debugConsole->startTimer($comment); - } -} - -/** - * stops and shows a certain timer clock in debugConsole - * - * @return bool - * @param string $timerHandle - */ -function dc_stop_timer($timerHandle) { - if(!defined('ENANO_DEBUG')) return false; - $debugConsole = debugConsoleLoader(); - - if (is_object($debugConsole)) { - return $debugConsole->stopTimer($timerHandle); - } -} - -/** - * singleton loader for debugConsole - * DO NOT USE, private to debugConsole functions - * - * @return mixed - */ -function debugConsoleLoader() { - static $debugConsole; - static $access = 'unset'; - - $config = $GLOBALS['_debugConsoleConfig']; - - /* obey access restrictions */ - if (gettype($access) != 'bool') { - if ($config['active']) { - if ($config['restrictions']['restrictAccess']) { - if (in_array($_SERVER['REMOTE_ADDR'], $config['restrictions']['allowedClientAdresses'])) { - $access = TRUE; - } else { - $access = FALSE; - } - } else { - $access = TRUE; - } - } else { - $access = FALSE; - } - } - - /* access granted */ - if ($access) { - if (!is_object($debugConsole)) { - $debugConsole = new debugConsole(); - } - } else { - $debugConsole = FALSE; - } - - return $debugConsole; -} -?> \ No newline at end of file diff -r 199b9708f4a2 -r 854eecfada20 includes/debugger/debugConsole.php --- a/includes/debugger/debugConsole.php Sun Dec 02 16:00:56 2007 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,16 +0,0 @@ - - * @see - * @version 1.0.0 - * @package debugConsole_1.2.1 - */ - -$path = dirname(__FILE__) . '/'; - -require_once $path . 'debugConsole.config.php'; -require_once $path . 'debugConsole.class.php'; -require_once $path . 'debugConsole.functions.php'; -?> \ No newline at end of file diff -r 199b9708f4a2 -r 854eecfada20 includes/functions.php --- a/includes/functions.php Sun Dec 02 16:00:56 2007 -0500 +++ b/includes/functions.php Fri Dec 07 16:42:22 2007 -0500 @@ -485,8 +485,6 @@ if ( ob_get_status() ) ob_end_clean(); - dc_here('functions: calling die_semicritical'); - $tpl = new template_nodb(); $tpl->load_theme('oxygen', 'bleu'); $tpl->tpl_strings['SITE_NAME'] = getConfig('site_name'); @@ -513,7 +511,6 @@ if ( ob_get_status() ) ob_end_clean(); - dc_here('functions: calling die_friendly'); $paths->cpage['name'] = $t; $template->tpl_strings['PAGE_NAME'] = $t; $template->header(); @@ -543,7 +540,6 @@ if ( ob_get_status() ) ob_end_clean(); - dc_here('functions: calling grinding_halt'); $tpl = new template_nodb(); $tpl->load_theme('oxygen', 'bleu'); $tpl->tpl_strings['SITE_NAME'] = 'Critical error'; diff -r 199b9708f4a2 -r 854eecfada20 includes/index.php --- a/includes/index.php Sun Dec 02 16:00:56 2007 -0500 +++ b/includes/index.php Fri Dec 07 16:42:22 2007 -0500 @@ -1,13 +1,10 @@ perms['edit_page'] = AUTH_DENY; -$session->perms['view_source'] = AUTH_DENY; -$template->tpl_strings['PAGE_NAME'] = 'Access denied'; $template->header(); -echo '

HTTP error: 403 Forbidden

'; +echo '

HTTP error: 403 Forbidden

'; $template->footer(); -$db->close(); + diff -r 199b9708f4a2 -r 854eecfada20 includes/pageprocess.php --- a/includes/pageprocess.php Sun Dec 02 16:00:56 2007 -0500 +++ b/includes/pageprocess.php Fri Dec 07 16:42:22 2007 -0500 @@ -232,7 +232,16 @@ echo $text; $this->footer(); - + } + else if ( $this->namespace == 'Anonymous' ) + { + $uri = scriptPath . '/' . $this->page_id; + if ( !$this->send_headers ) + { + $sep = ( strstr($uri, '?') ) ? '&' : '?'; + $uri .= "{$sep}noheaders"; + } + redirect( $uri, '', '', 0 ); } else if ( !$this->page_exists ) { diff -r 199b9708f4a2 -r 854eecfada20 includes/paths.php --- a/includes/paths.php Sun Dec 02 16:00:56 2007 -0500 +++ b/includes/paths.php Fri Dec 07 16:42:22 2007 -0500 @@ -18,7 +18,7 @@ */ class pathManager { - var $pages, $custom_page, $cpage, $page, $fullpage, $page_exists, $namespace, $nslist, $admin_tree, $wiki_mode, $page_protected, $template_cache; + var $pages, $custom_page, $cpage, $page, $fullpage, $page_exists, $namespace, $nslist, $admin_tree, $wiki_mode, $page_protected, $template_cache, $anonymous_page; function __construct() { global $db, $session, $paths, $template, $plugins; // Common objects @@ -26,8 +26,6 @@ $GLOBALS['paths'] =& $this; $this->pages = Array(); - dc_here('paths: setting up namespaces, admin nodes'); - // DEFINE NAMESPACES HERE // The key names should NOT EVER be changed, or Enano will be very broken $this->nslist = Array( @@ -40,6 +38,7 @@ 'System' =>'Enano:', 'Template'=>'Template:', 'Category'=>'Category:', + 'Anonymous'=>'PhysicalRedirect:', 'Project' =>sanitize_page_id(getConfig('site_name')).':', ); @@ -110,8 +109,6 @@ { global $db, $session, $paths, $template, $plugins; // Common objects - dc_here('paths: selecting master page data'); - $code = $plugins->setHook('paths_init_before'); foreach ( $code as $cmd ) { @@ -152,115 +149,148 @@ } $db->free_result(); - dc_here('paths: determining page ID'); - if( isset($_GET['title']) ) + if ( defined('ENANO_INTERFACE_INDEX') || defined('ENANO_INTERFACE_AJAX') || defined('IN_ENANO_INSTALL') || defined('IN_ENANO_UPGRADE') ) { - if ( $_GET['title'] == '' && getConfig('main_page') != '' ) - { - $this->main_page(); - } - if(strstr($_GET['title'], ' ')) + if( isset($_GET['title']) ) { - $loc = urldecode(rawurldecode($_SERVER['REQUEST_URI'])); - $loc = str_replace(' ', '_', $loc); - $loc = str_replace('+', '_', $loc); - $loc = str_replace('%20', '_', $loc); - redirect($loc, 'Redirecting...', 'Space detected in the URL, please wait whilst you are redirected', 0); - exit; + if ( $_GET['title'] == '' && getConfig('main_page') != '' ) + { + $this->main_page(); + } + if(strstr($_GET['title'], ' ')) + { + $loc = urldecode(rawurldecode($_SERVER['REQUEST_URI'])); + $loc = str_replace(' ', '_', $loc); + $loc = str_replace('+', '_', $loc); + $loc = str_replace('%20', '_', $loc); + redirect($loc, 'Redirecting...', 'Space detected in the URL, please wait whilst you are redirected', 0); + exit; + } + $url_namespace_special = substr($_GET['title'], 0, strlen($this->nslist['Special']) ); + $url_namespace_template = substr($_GET['title'], 0, strlen($this->nslist['Template']) ); + if($url_namespace_special == $this->nslist['Special'] || $url_namespace_template == $this->nslist['Template'] ) + { + $ex = explode('/', $_GET['title']); + $this->page = $ex[0]; + } + else + { + $this->page = $_GET['title']; + } + $this->fullpage = $_GET['title']; } - $url_namespace_special = substr($_GET['title'], 0, strlen($this->nslist['Special']) ); - $url_namespace_template = substr($_GET['title'], 0, strlen($this->nslist['Template']) ); - if($url_namespace_special == $this->nslist['Special'] || $url_namespace_template == $this->nslist['Template'] ) + elseif( isset($_SERVER['PATH_INFO']) ) { - $ex = explode('/', $_GET['title']); - $this->page = $ex[0]; + $pi = explode('/', $_SERVER['PATH_INFO']); + + if( !isset($pi[1]) || (isset($pi[1]) && $pi[1] == '' && getConfig('main_page') != '') ) + { + $this->main_page(); + } + if( strstr($pi[1], ' ') ) + { + $loc = str_replace(' ', '_', urldecode(rawurldecode($_SERVER['REQUEST_URI']))); + $loc = str_replace('+', '_', $loc); + $loc = str_replace('%20', '_', $loc); + redirect($loc, 'Redirecting...', 'Please wait whilst you are redirected', 3); + exit; + } + unset($pi[0]); + if( substr($pi[1], 0, strlen($this->nslist['Special'])) == $this->nslist['Special'] || substr($pi[1], 0, strlen($this->nslist['Template'])) == $this->nslist['Template'] ) + { + $pi2 = $pi[1]; + } + else + { + $pi2 = implode('/', $pi); + } + $this->page = $pi2; + $this->fullpage = implode('/', $pi); } else { - $this->page = $_GET['title']; - } - $this->fullpage = $_GET['title']; - } - elseif( isset($_SERVER['PATH_INFO']) ) - { - $pi = explode('/', $_SERVER['PATH_INFO']); - - if( !isset($pi[1]) || (isset($pi[1]) && $pi[1] == '' && getConfig('main_page') != '') ) - { - $this->main_page(); + $k = array_keys($_GET); + foreach($k as $c) + { + if(substr($c, 0, 1) == '/') + { + $this->page = substr($c, 1, strlen($c)); + + // Bugfix for apache somehow passing dots as underscores + global $mime_types; + + $exts = array_keys($mime_types); + $exts = '(' . implode('|', $exts) . ')'; + + if ( preg_match( '#_'.$exts.'#i', $this->page ) ) + { + $this->page = preg_replace( '#_'.$exts.'#i', '.\\1', $this->page ); + } + + $this->fullpage = $this->page; + + if(substr($this->page, 0, strlen($this->nslist['Special']))==$this->nslist['Special'] || substr($this->page, 0, strlen($this->nslist['Template']))==$this->nslist['Template']) + { + $ex = explode('/', $this->page); + $this->page = $ex[0]; + } + if(strstr($this->page, ' ')) + { + $loc = str_replace(' ', '_', urldecode(rawurldecode($_SERVER['REQUEST_URI']))); + $loc = str_replace('+', '_', $loc); + $loc = str_replace('%20', '_', $loc); + redirect($loc, 'Redirecting...', 'Space in the URL detected, please wait whilst you are redirected', 0); + exit; + } + break; + } + } + if(!$this->page && !($this->page == '' && getConfig('main_page') == '')) + { + $this->main_page(); + } } - if( strstr($pi[1], ' ') ) - { - $loc = str_replace(' ', '_', urldecode(rawurldecode($_SERVER['REQUEST_URI']))); - $loc = str_replace('+', '_', $loc); - $loc = str_replace('%20', '_', $loc); - redirect($loc, 'Redirecting...', 'Please wait whilst you are redirected', 3); - exit; - } - unset($pi[0]); - if( substr($pi[1], 0, strlen($this->nslist['Special'])) == $this->nslist['Special'] || substr($pi[1], 0, strlen($this->nslist['Template'])) == $this->nslist['Template'] ) - { - $pi2 = $pi[1]; - } - else - { - $pi2 = implode('/', $pi); - } - $this->page = $pi2; - $this->fullpage = implode('/', $pi); } else { - $k = array_keys($_GET); - foreach($k as $c) + // Starting up Enano with the API from a page that wants to do its own thing. Generate + // metadata for an anonymous page and avoid redirection at all costs. + if ( isset($GLOBALS['title']) ) + { + $title =& $GLOBALS['title']; + } + else { - if(substr($c, 0, 1) == '/') - { - $this->page = substr($c, 1, strlen($c)); - - // Bugfix for apache somehow passing dots as underscores - global $mime_types; - - $exts = array_keys($mime_types); - $exts = '(' . implode('|', $exts) . ')'; - - if ( preg_match( '#_'.$exts.'#i', $this->page ) ) - { - $this->page = preg_replace( '#_'.$exts.'#i', '.\\1', $this->page ); - } - - $this->fullpage = $this->page; - - if(substr($this->page, 0, strlen($this->nslist['Special']))==$this->nslist['Special'] || substr($this->page, 0, strlen($this->nslist['Template']))==$this->nslist['Template']) - { - $ex = explode('/', $this->page); - $this->page = $ex[0]; - } - if(strstr($this->page, ' ')) - { - $loc = str_replace(' ', '_', urldecode(rawurldecode($_SERVER['REQUEST_URI']))); - $loc = str_replace('+', '_', $loc); - $loc = str_replace('%20', '_', $loc); - redirect($loc, 'Redirecting...', 'Space in the URL detected, please wait whilst you are redirected', 0); - exit; - } - break; - } + $title = basename($_SERVER['SCRIPT_NAME']); } - if(!$this->page && !($this->page == '' && getConfig('main_page') == '')) + $base_uri = str_replace( scriptPath . '/', '', $_SERVER['SCRIPT_NAME'] ); + $this->page = $this->nslist['Anonymous'] . sanitize_page_id($base_uri); + $this->fullpage = $this->nslist['Anonymous'] . sanitize_page_id($base_uri); + $this->namespace = 'Anonymous'; + $this->cpage = array( + 'name' => $title, + 'urlname' => sanitize_page_id($base_uri), + 'namespace' => 'Anonymous', + 'special' => 1, + 'visible' => 1, + 'comments_on' => 1, + 'protected' => 1, + 'delvotes' => 0, + 'delvote_ips' => '' + ); + $this->anonymous_page = true; + $code = $plugins->setHook('paths_anonymous_page'); + foreach ( $code as $cmd ) { - $this->main_page(); + eval($cmd); } } $this->page = sanitize_page_id($this->page); $this->fullpage = sanitize_page_id($this->fullpage); - dc_here('paths: setting $paths->cpage'); - if(isset($this->pages[$this->page])) { - dc_here('paths: page existence verified, our page ID is: '.$this->page); $this->page_exists = true; $this->cpage = $this->pages[$this->page]; $this->namespace = $this->cpage['namespace']; @@ -304,7 +334,6 @@ } else { - dc_here('paths: page doesn\'t exist, creating new page in memory
our page ID is: '.$this->page); $this->page_exists = false; $page_name = dirtify_page_id($this->page); $page_name = str_replace('_', ' ', $page_name); @@ -315,18 +344,21 @@ redirect($pid_cleaned, 'Sanitizer message', 'page id sanitized', 0); } - $this->cpage = Array( - 'name'=>$page_name, - 'urlname'=>$this->page, - 'namespace'=>'Article', - 'special'=>0, - 'visible'=>0, - 'comments_on'=>1, - 'protected'=>0, - 'delvotes'=>0, - 'delvote_ips'=>'', - 'wiki_mode'=>2, - ); + if ( !is_array($this->cpage) ) + { + $this->cpage = Array( + 'name'=>$page_name, + 'urlname'=>$this->page, + 'namespace'=>'Article', + 'special'=>0, + 'visible'=>0, + 'comments_on'=>1, + 'protected'=>0, + 'delvotes'=>0, + 'delvote_ips'=>'', + 'wiki_mode'=>2, + ); + } // Look for a namespace prefix in the urlname, and assign a different namespace, if necessary $k = array_keys($this->nslist); for($i=0;$inslist);$i++) @@ -348,7 +380,7 @@ { $this->cpage['protected'] = 1; } - if($this->namespace == 'Special') + if($this->namespace == 'Special' && !$this->anonymous_page) { // Can't load nonexistent pages if( is_string(getConfig('main_page')) ) @@ -384,7 +416,6 @@ function add_page($flags) { - //dc_dump($flags, 'paths: page added by plugin:'); $flags['urlname_nons'] = $flags['urlname']; $flags['urlname'] = $this->nslist[$flags['namespace']] . $flags['urlname']; // Applies the User:/File:/etc prefixes to the URL names $pages_len = sizeof($this->pages)/2; @@ -409,7 +440,6 @@ function sysmsg($n) { global $db, $session, $paths, $template, $plugins; // Common objects - dc_here('paths: system message requested: '.$n); $q = $db->sql_query('SELECT page_text, char_tag FROM '.table_prefix.'page_text WHERE page_id=\''.$db->escape($n).'\' AND namespace=\'System\''); if( !$q ) { diff -r 199b9708f4a2 -r 854eecfada20 includes/plugins.php --- a/includes/plugins.php Sun Dec 02 16:00:56 2007 -0500 +++ b/includes/plugins.php Fri Dec 07 16:42:22 2007 -0500 @@ -19,8 +19,6 @@ var $system_plugins = Array('SpecialUserFuncs.php','SpecialUserPrefs.php','SpecialPageFuncs.php','SpecialAdmin.php','SpecialCSS.php','SpecialUpdownload.php','SpecialSearch.php','PrivateMessages.php','SpecialGroups.php'); function loadAll() { - dc_here('plugins: building file list'); - $dir = ENANO_ROOT.'/plugins/'; $this->load_list = Array(); @@ -67,7 +65,6 @@ //die('

'.htmlspecialchars(print_r($plugins, true)).'

'); } function setHook($name, $opts = Array()) { - dc_dump($name, 'plugins: hook added: '); /* $r = Array(); if(isset($this->hook_list[$name])) { @@ -89,7 +86,6 @@ } } function attachHook($name, $code) { - dc_dump($code, 'plugins: hook attached: '.$name.'
code:'); if(!isset($this->hook_list[$name])) { $this->hook_list[$name] = Array(); diff -r 199b9708f4a2 -r 854eecfada20 includes/render.php --- a/includes/render.php Sun Dec 02 16:00:56 2007 -0500 +++ b/includes/render.php Fri Dec 07 16:42:22 2007 -0500 @@ -41,7 +41,6 @@ function getPage($page_id, $namespace, $wiki = 1, $smilies = true, $filter_links = true, $redir = true, $render = true) { global $db, $session, $paths, $template, $plugins; // Common objects - dc_here('render: page requested
ID/namespace: '."$page_id, $namespace
Wiki mode: $wiki
Smilies: ".(string)$smilies."
Allow redirects: ".(string)$redir); $perms =& $session; @@ -81,7 +80,6 @@ if ( preg_match("#^\#redirect \[\[([^\]\r\n\a\t]+?)\]\]#", $message, $m) && $redir && ( !isset($_GET['redirect']) || ( isset($_GET['redirect']) && $_GET['redirect'] != 'no' ) ) ) { - dc_here('render: looks like a redirect page to me...'); $old = $paths->cpage; $a = RenderMan::strToPageID($m[1]); $a[0] = str_replace(' ', '_', $a[0]); @@ -91,8 +89,6 @@ $paths->cpage = $paths->pages[$pageid]; //die('

'.print_r($paths->cpage,true).'

'); - dc_here('render: wreckin\' $template, and reloading the theme vars to match the new page
This might get messy!'); - unset($template); unset($GLOBALS['template']); @@ -108,21 +104,17 @@ } else if(preg_match('#^\#redirect \[\[(.+?)\]\]#', $message, $m) && isset($_GET['redirect']) && $_GET['redirect'] == 'no') { - dc_here('render: looks like a redirect page to me...'); - dc_here('render: skipping redirect as requested on URI'); preg_match('#^\#redirect \[\[(.+)\]\]#', $message, $m); $m[1] = str_replace(' ', '_', $m[1]); $message = preg_replace('#\#redirect \[\[(.+)\]\]#', '

This page is a redirector.
This means that this page will not show its own content by default. Instead it will display the contents of the page it redirects to.

To create a redirect page, make the first characters in the page content #redirect [[Page_ID]]. For more information, see the Enano Wiki formatting guide.

This page redirects to '.$paths->pages[$m[1]]['name'].'.

', $message); } $session->disallow_password_grab(); - dc_here('render: alright, got the text, formatting...'); return ($render) ? RenderMan::render($message, $wiki, $smilies, $filter_links) : $message; } function getTemplate($id, $parms) { global $db, $session, $paths, $template, $plugins; // Common objects - dc_here('render: template requested: '.$id); if(!isset($paths->pages[$paths->nslist['Template'].$id])) { return '[['.$paths->nslist['Template'].$id.']]'; @@ -161,7 +153,6 @@ function fetch_template_text($id) { global $db, $session, $paths, $template, $plugins; // Common objects - dc_here('render: template raw data requested: '.$id); if(!isset($paths->pages[$paths->nslist['Template'].$id])) { return '[['.$paths->nslist['Template'].$id.']]'; diff -r 199b9708f4a2 -r 854eecfada20 includes/sessions.php --- a/includes/sessions.php Sun Dec 02 16:00:56 2007 -0500 +++ b/includes/sessions.php Fri Dec 07 16:42:22 2007 -0500 @@ -1849,7 +1849,6 @@ $message .= "$prot://".$_SERVER['HTTP_HOST'].$p.$aklink; $message .= "\n\nSincerely yours, \n$admin_user and the ".$_SERVER['HTTP_HOST']." administration team"; error_reporting(E_ALL); - dc_dump($r, 'session: about to send activation e-mail to '.$r['email']); if(getConfig('smtp_enabled') == '1') { $result = smtp_send_email($r['email'], getConfig('site_name').' website account activation', preg_replace("#(?tpl_bool = Array(); $this->tpl_strings = Array(); $this->sidebar_extra = ''; @@ -137,8 +136,6 @@ global $email; global $lang; - dc_here("template: initializing all variables"); - if(!$this->theme || !$this->style) { $this->load_theme(); @@ -146,7 +143,6 @@ if(defined('ENANO_TEMPLATE_LOADED')) { - dc_here('template: access denied to call template::init_vars(), bailing out'); die_semicritical('Illegal call', '

$template->load_theme was called multiple times, this is not supposed to happen. Exiting with fatal error.

'); } @@ -154,8 +150,6 @@ $tplvars = $this->extract_vars('elements.tpl'); - dc_here('template: setting all template vars'); - if(isset($_SERVER['HTTP_USER_AGENT']) && strstr($_SERVER['HTTP_USER_AGENT'], 'MSIE')) { $this->add_header(' @@ -227,6 +221,9 @@ case "Category": $ns = $lang->get('onpage_lbl_page_category'); break; + case "Anonymous": + $ns = 'external page'; + break; } $this->namespace_string = $ns; unset($ns); @@ -245,14 +242,17 @@ $btn_selected = ( isset($tplvars['toolbar_button_selected'])) ? $tplvars['toolbar_button_selected'] : $tplvars['toolbar_button']; $parser = $this->makeParserText($btn_selected); - $parser->assign_vars(array( - 'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxReset()); return false; }" title="' . $lang->get('onpage_tip_article') . '" accesskey="a"', - 'PARENTFLAGS' => 'id="mdgToolbar_article"', - 'HREF' => makeUrl($paths->page, null, true), - 'TEXT' => $this->namespace_string - )); - - $tb .= $parser->run(); + if ( true || !$paths->anonymous_page ) + { + $parser->assign_vars(array( + 'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { void(ajaxReset()); return false; }" title="' . $lang->get('onpage_tip_article') . '" accesskey="a"', + 'PARENTFLAGS' => 'id="mdgToolbar_article"', + 'HREF' => makeUrl($paths->page, null, true), + 'TEXT' => $this->namespace_string + )); + + $tb .= $parser->run(); + } $button = $this->makeParserText($tplvars['toolbar_button']); @@ -577,7 +577,7 @@ } // Manage ACLs button - if($session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN) + if ( !$paths->anonymous_page && ( $session->get_permissions('edit_acl') || $session->user_level >= USER_LEVEL_ADMIN ) ) { $menubtn->assign_vars(array( 'FLAGS' => 'onclick="if ( !KILL_SWITCH ) { return ajaxOpenACLManager(); }" title="' . $lang->get('onpage_tip_aclmanager') . '" accesskey="m"', @@ -810,7 +810,6 @@ } $headers_sent = true; - dc_here('template: generating and sending the page header'); if(!defined('ENANO_HEADERS_SENT')) define('ENANO_HEADERS_SENT', ''); if ( !$this->no_headers ) @@ -842,7 +841,6 @@ function footer($simple = false) { global $db, $session, $paths, $template, $plugins; // Common objects - dc_here('template: generating and sending the page footer'); if(!$this->no_headers) { if(!defined('ENANO_HEADERS_SENT')) @@ -873,7 +871,6 @@ function getHeader() { $headers_sent = true; - dc_here('template: generating and sending the page header'); if(!defined('ENANO_HEADERS_SENT')) define('ENANO_HEADERS_SENT', ''); if(!$this->no_headers) return $this->process_template('header.tpl'); @@ -881,7 +878,6 @@ function getFooter() { global $db, $session, $paths, $template, $plugins; // Common objects - dc_here('template: generating and sending the page footer'); if(!$this->no_headers) { global $_starttime; $t = ''; diff -r 199b9708f4a2 -r 854eecfada20 index.php --- a/index.php Sun Dec 02 16:00:56 2007 -0500 +++ b/index.php Fri Dec 07 16:42:22 2007 -0500 @@ -16,6 +16,8 @@ * */ + define('ENANO_INTERFACE_INDEX', ''); + // Set up gzip encoding before any output is sent $aggressive_optimize_html = false; diff -r 199b9708f4a2 -r 854eecfada20 plugins/index.php --- a/plugins/index.php Sun Dec 02 16:00:56 2007 -0500 +++ b/plugins/index.php Fri Dec 07 16:42:22 2007 -0500 @@ -1,21 +1,10 @@ perms['edit_page'] = AUTH_DENY; -$session->perms['view_source'] = AUTH_DENY; -$template->tpl_strings['PAGE_NAME'] = 'Access denied'; $template->header(); -echo '

HTTP error: 403 Forbidden

'; +echo '

HTTP error: 403 Forbidden

'; $template->footer(); -$db->close(); + diff -r 199b9708f4a2 -r 854eecfada20 themes/index.php --- a/themes/index.php Sun Dec 02 16:00:56 2007 -0500 +++ b/themes/index.php Fri Dec 07 16:42:22 2007 -0500 @@ -1,13 +1,10 @@ perms['edit_page'] = AUTH_DENY; -$session->perms['view_source'] = AUTH_DENY; -$template->tpl_strings['PAGE_NAME'] = 'Access denied'; $template->header(); -echo '

HTTP error: 403 Forbidden

'; +echo '

HTTP error: 403 Forbidden

'; $template->footer(); -$db->close(); + diff -r 199b9708f4a2 -r 854eecfada20 themes/oxygen/css/bleu.css --- a/themes/oxygen/css/bleu.css Sun Dec 02 16:00:56 2007 -0500 +++ b/themes/oxygen/css/bleu.css Fri Dec 07 16:42:22 2007 -0500 @@ -26,7 +26,7 @@ div.rectbot { width: 140px; height: 12px; margin: 0; padding: 0; } td.rectbottop { width: 100%; height: 12px; background-image: url(../images/bleu/border-btm.gif); background-repeat: repeat-x; margin: 0; padding: 0; } div.slideblock, .dbx-content { overflow: hidden; background-color: #DDD; } -div.slideblock2 { overflow: hidden; background-color: #DDD; margin: 0px 1px 0px 1px; } +div.slideblock2 { overflow: hidden; background-color: #DDD; margin: 0px 1px 0px 1px; border-bottom: 1px solid #FFF; } .dbx-handle { cursor: move !important; } /* The credits thingy at the bottom */ diff -r 199b9708f4a2 -r 854eecfada20 themes/oxygen/css/mint.css --- a/themes/oxygen/css/mint.css Sun Dec 02 16:00:56 2007 -0500 +++ b/themes/oxygen/css/mint.css Fri Dec 07 16:42:22 2007 -0500 @@ -26,7 +26,7 @@ div.rectbot { width: 140px; height: 12px; margin: 0; padding: 0; } td.rectbottop { width: 100%; height: 12px; background-image: url(../images/mint/border-btm.gif); background-repeat: repeat-x; margin: 0; padding: 0; } div.slideblock, .dbx-content { overflow: hidden; background-color: #DDD; } -div.slideblock2 { overflow: hidden; background-color: #DDD; margin: 0px 1px 0px 1px; } +div.slideblock2 { overflow: hidden; background-color: #DDD; margin: 0px 1px 0px 1px; border-bottom: 1px solid #FFF; } .dbx-handle { cursor: move !important; } /* The credits thingy at the bottom */