# HG changeset patch # User Dan # Date 1186343930 14400 # Node ID d7fc25acd3f3cd9eccfb596dbcf2c11da9a42d0c # Parent cb7dde69c30145700e707b1627ea4b8079f064c3 Replaced the menu in the admin theme with something much more visually pleasureable; minor fix in Special:UploadFile; finished patching a couple of XSS problems from Banshee; finished Admin:PageGroups; removed unneeded code in flyin.js; finished tag system (except tag cloud); 1.0.1 release candidate diff -r cb7dde69c301 -r d7fc25acd3f3 ajax.php --- a/ajax.php Wed Aug 01 13:39:27 2007 -0400 +++ b/ajax.php Sun Aug 05 15:58:50 2007 -0400 @@ -164,7 +164,7 @@ for($i=0;$i top ) || ( abs_dir == FI_UP && top > topi ) ) - topi = top; - - // tell the browser to do it - setTimeout('var o = fly_in_cache['+rand_seed+']; o.style.top=\''+topi+'px\';', timer); - if ( !nofade ) - { - // handle fade - opac_factor = ratio * 100; - if ( direction == FI_OUT ) - opac_factor = 100 - opac_factor; - setTimeout('var o = fly_in_cache['+rand_seed+']; domObjChangeOpac('+opac_factor+', o);', timer); - } - - // if we're done or if our sanity check failed then break out of the loop - if ( ( abs_dir == FI_DOWN && topi >= top ) || ( abs_dir == FI_UP && top >= topi ) || frames > 1000 ) - break; - } - - timer += timestep; - setTimeout('delete(fly_in_cache['+rand_seed+']);', timer); - return timer; - */ timeout += timerstep; return timeout; } diff -r cb7dde69c301 -r d7fc25acd3f3 includes/functions.php --- a/includes/functions.php Wed Aug 01 13:39:27 2007 -0400 +++ b/includes/functions.php Sun Aug 05 15:58:50 2007 -0400 @@ -2680,15 +2680,19 @@ // if ( $do_gzip && function_exists('ob_gzhandler') ) { - // - // Copied from phpBB, which was in turn borrowed from php.net - // $gzip_contents = ob_get_contents(); ob_end_clean(); - header('Content-encoding: gzip'); - $gzip_contents = ob_gzhandler($gzip_contents); - echo $gzip_contents; + $return = ob_gzhandler($gzip_contents); + if ( $return ) + { + header('Content-encoding: gzip'); + echo $gzip_contents; + } + else + { + echo $gzip_contents; + } } } @@ -2763,8 +2767,9 @@ // fix for firefox issue $js = preg_replace('/\};([\s]*)(else|\))/i', '}\\2', $js); + $replacement = "/* */"; // apply changes - $html = str_replace($jscript[0][$i], "$js", $html); + $html = str_replace($jscript[0][$i], $replacement, $html); } // Which tags to strip - you can change this if needed @@ -2797,11 +2802,11 @@ $size_after = strlen($html); // Tell snoopish users what's going on - $html = str_replace('', "\n".'\n", $html); + -->\n'; + // Some of these are sanitized at insert-time. Others follow the newer Enano policy of stripping HTML at runtime. if ($r['action']=='prot') echo 'Protected pageReason: '.$r['edit_summary']; elseif($r['action']=='unprot') echo 'Unprotected pageReason: '.$r['edit_summary']; elseif($r['action']=='semiprot') echo 'Semi-protected pageReason: '.$r['edit_summary']; - elseif($r['action']=='rename') echo 'Renamed pageOld title: '.$r['edit_summary']; + elseif($r['action']=='rename') echo 'Renamed pageOld title: '.htmlspecialchars($r['edit_summary']); elseif($r['action']=='create') echo 'Created page'; elseif($r['action']=='delete') echo 'Deleted pageReason: '.$r['edit_summary']; - elseif($r['action']=='reupload') echo 'Uploaded new file versionReason: '.$r['edit_summary']; + elseif($r['action']=='reupload') echo 'Uploaded new file versionReason: '.htmlspecialchars($r['edit_summary']); echo ''; // Actions! diff -r cb7dde69c301 -r d7fc25acd3f3 index.php --- a/index.php Wed Aug 01 13:39:27 2007 -0400 +++ b/index.php Sun Aug 05 15:58:50 2007 -0400 @@ -13,7 +13,7 @@ * */ - // Se t up gzip encoding before any output is sent + // Set up gzip encoding before any output is sent $aggressive_optimize_html = true; diff -r cb7dde69c301 -r d7fc25acd3f3 plugins/SpecialUpdownload.php --- a/plugins/SpecialUpdownload.php Wed Aug 01 13:39:27 2007 -0400 +++ b/plugins/SpecialUpdownload.php Sun Aug 05 15:58:50 2007 -0400 @@ -129,7 +129,7 @@ $ext = substr($filename, strrpos($filename, '.'), strlen($filename)); $flen = filesize($file['tmp_name']); - $comments = $db->escape(RenderMan::strip_php($_POST['comments'])); + $comments = ( isset($_POST['update']) ) ? $db->escape($_POST['comments']) : $db->escape(RenderMan::preprocess_text($_POST['comments'], false, false)); $chartag = sha1(microtime()); $urln = str_replace(' ', '_', $filename); diff -r cb7dde69c301 -r d7fc25acd3f3 plugins/SpecialUserFuncs.php --- a/plugins/SpecialUserFuncs.php Wed Aug 01 13:39:27 2007 -0400 +++ b/plugins/SpecialUserFuncs.php Sun Aug 05 15:58:50 2007 -0400 @@ -577,8 +577,7 @@ { echo 'No user selected!'; $template->footer(); - $db->close(); - exit; + return; } $user = $db->escape($user); @@ -587,8 +586,10 @@ if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.'); echo 'History of edits and actions

Edits:

'; if($db->numrows() < 1) echo 'No history entries in this category.'; - while($r = $db->fetchrow()) { - echo ''.$r['date_string'].' (revert) '.$paths->nslist[$r['namespace']].$r['page_id'].': '.$r['edit_summary']; + while($r = $db->fetchrow()) + { + $title = get_page_title($r['page_id'], $r['namespace']); + echo ''.$r['date_string'].' (revert to) '.htmlspecialchars($title).': '.$r['edit_summary']; if($r['minor_edit']) echo ' - minor edit'; echo '
'; } @@ -597,17 +598,22 @@ $q = 'SELECT log_type,time_id,action,date_string,page_id,namespace,author,edit_summary,minor_edit,page_id,namespace FROM '.table_prefix.'logs WHERE author=\''.$user.'\' AND action!=\'edit\' ORDER BY time_id DESC;'; if(!$db->sql_query($q)) $db->_die('The history data for the page "'.$paths->cpage['name'].'" could not be selected.'); if($db->numrows() < 1) echo 'No history entries in this category.'; - while($r = $db->fetchrow()) { - if($r['log_type']=='page') { - echo '(rollback) '.$r['date_string'].' '.$paths->nslist[$r['namespace']].$r['page_id'].': '; - if($r['action']=='prot') echo 'Protected page; reason: '.$r['edit_summary']; - elseif($r['action']=='unprot') echo 'Unprotected page; reason: '.$r['edit_summary']; - elseif($r['action']=='rename') echo 'Renamed page; old title was: '.$r['edit_summary']; - elseif($r['action']=='create') echo 'Created page'; - elseif($r['action']=='delete') echo 'Deleted page'; - if($r['minor_edit']) echo ' - minor edit'; - echo '
'; - } elseif($r['log_type']=='security') { + while($r = $db->fetchrow()) + { + if ( $r['log_type'] == 'page' ) + { + $title = get_page_title($r['page_id'], $r['namespace']); + echo '(rollback) '.$r['date_string'].' '.htmlspecialchars($title).': '; + if ( $r['action'] == 'prot' ) echo 'Protected page; reason: '.$r['edit_summary']; + else if ( $r['action'] == 'unprot' ) echo 'Unprotected page; reason: '.$r['edit_summary']; + else if ( $r['action'] == 'rename' ) echo 'Renamed page; old title was: '.htmlspecialchars($r['edit_summary']); + else if ( $r['action'] == 'create' ) echo 'Created page'; + else if ( $r['action'] == 'delete' ) echo 'Deleted page'; + if ( $r['minor_edit'] ) echo ' - minor edit'; + echo '
'; + } + else if($r['log_type']=='security') + { // Not implemented, and when it is, it won't be public } } @@ -621,6 +627,10 @@ if(!$session->user_logged_in) die_friendly('Access denied', '

You must be logged in to change your style. Spoofer.

'); if(isset($_POST['theme']) && isset($_POST['style']) && isset($_POST['return_to'])) { + if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['theme']) ) + die('Hacking attempt'); + if ( !preg_match('/^([a-z0-9_-]+)$/i', $_POST['style']) ) + die('Hacking attempt'); $d = ENANO_ROOT . '/themes/' . $_POST['theme']; $f = ENANO_ROOT . '/themes/' . $_POST['theme'] . '/css/' . $_POST['style'] . '.css'; if(!file_exists($d) || !is_dir($d)) die('The directory "'.$d.'" does not exist.'); diff -r cb7dde69c301 -r d7fc25acd3f3 plugins/admin/PageGroups.php --- a/plugins/admin/PageGroups.php Wed Aug 01 13:39:27 2007 -0400 +++ b/plugins/admin/PageGroups.php Sun Aug 05 15:58:50 2007 -0400 @@ -404,7 +404,7 @@ $q = $db->sql_query('DELETE FROM '.table_prefix.'page_group_members WHERE pg_id=' . $delete_id . ';'); if ( !$q ) $db->_die(); - echo "
The group ".'"'."$pg_name".'"'." has been deleted.
"; + echo "
The group ".'"'.htmlspecialchars("$pg_name").'"'." has been deleted.
"; } else if ( isset($_POST['action']['edit']) && !isset($_POST['action']['noop']) ) { @@ -439,16 +439,26 @@ return; } + /* + // We're gonna allow adding nonexistent pages for now if ( !isPage($page) ) { $return = array('mode' => 'error', 'text' => 'The page you are trying to add (' . htmlspecialchars($page) . ') does not exist.'); echo $json->encode($return); return; } + */ list($page_id, $namespace) = RenderMan::strToPageID($page); $page_id = sanitize_page_id($page_id); + if ( !isset($paths->namespace[$namespace]) ) + { + $return = array('mode' => 'error', 'text' => 'Invalid namespace return from RenderMan::strToPageID()'); + echo $json->encode($return); + return; + } + $q = $db->sql_query('SELECT "x" FROM '.table_prefix.'page_group_members WHERE pg_id=' . $edit_id . ' AND page_id=\'' . $db->escape($page_id) . '\' AND namespace=\'' . $namespace . '\';'); if ( !$q ) { @@ -479,9 +489,76 @@ return; } - if ( isset($_POST['action']['edit_save']) ) + if ( isset($_POST['action']['edit_save']) && isset($_POST['pg_name']) ) { $edit_id = $_POST['action']['edit']; + $edit_id = intval($edit_id); + if ( !empty($edit_id) ) + { + // Update group name + $new_name = $_POST['pg_name']; + if ( empty($new_name) ) + { + echo '
Please enter a valid name for this group.
'; + } + else + { + $q = $db->sql_query('SELECT pg_name FROM '.table_prefix.'page_groups WHERE pg_id=' . $edit_id . ';'); + if ( !$q ) + $db->_die(); + $row = $db->fetchrow(); + $db->free_result(); + if ( $new_name != $row['pg_name'] ) + { + $new_name = $db->escape(trim($new_name)); + $q = $db->sql_query('UPDATE '.table_prefix.'page_groups SET pg_name=\'' . $new_name . '\' WHERE pg_id=' . $edit_id . ';'); + if ( !$q ) + $db->_die(); + else + echo '
The group name was updated successfully.
'; + } + if ( $_POST['pg_type'] == PAGE_GRP_TAGGED ) + { + $target = $_POST['pg_target']; + $target = sanitize_tag($target); + if ( empty($target) ) + { + echo '
Please enter a valid tag.
'; + } + else + { + $target = $db->escape($target); + $q = $db->sql_query('UPDATE '.table_prefix.'page_groups SET pg_target=\'' . $target . '\' WHERE pg_id=' . $edit_id . ';'); + if ( !$q ) + $db->_die(); + else + echo '
The affecting tag was updated.
'; + } + } + else if ( $_POST['pg_type'] == PAGE_GRP_CATLINK ) + { + $target = $_POST['pg_target']; + if ( empty($target) ) + { + echo '
No category ID specified on POST URI.
'; + } + else + { + $target = $db->escape($target); + $q = $db->sql_query('UPDATE '.table_prefix.'page_groups SET pg_target=\'' . $target . '\' WHERE pg_id=' . $edit_id . ';'); + if ( !$q ) + $db->_die(); + else + echo '
The affecting category was updated.
'; + } + } + } + } + } + else if ( isset($_POST['action']['edit_save']) ) + { + $edit_id = $_POST['action']['edit']; + $edit_id = intval($edit_id); } else { @@ -495,7 +572,7 @@ return; } - if ( isset($_POST['action']['edit_save']['do_rm']) ) + if ( isset($_POST['action']['edit_save']['do_rm']) && !isset($_POST['pg_name']) ) { $vals = array_keys($_POST['action']['edit_save']['rm']); $good = array(); @@ -504,13 +581,20 @@ if ( strval(intval($id)) == $id ) $good[] = $id; } - $subquery = ( count($good) > 0 ) ? 'pg_member_id=' . implode(' OR pg_member_id=', $good) : "'foo'='foo'"; - $sql = 'DELETE FROM '.table_prefix."page_group_members WHERE ( $subquery ) AND pg_id=$edit_id;"; - if ( !$db->sql_query($sql) ) + $subquery = ( count($good) > 0 ) ? 'pg_member_id=' . implode(' OR pg_member_id=', $good) : "'foo'='bar'"; + if ( $subquery == "'foo'='bar'" ) + { + echo '
No pages were selected for deletion, and thus none were deleted.
'; + } + else { - $db->_die(); + $sql = 'DELETE FROM '.table_prefix."page_group_members WHERE ( $subquery ) AND pg_id=$edit_id;"; + if ( !$db->sql_query($sql) ) + { + $db->_die(); + } + echo '
The requested page group members have been deleted.
'; } - echo '
The requested page group members have been deleted.
'; } // Fetch information about page group @@ -529,6 +613,7 @@ echo '
'; echo ''; + echo ''; echo '
@@ -553,10 +638,20 @@ switch ( $row['pg_type'] ) { case PAGE_GRP_NORMAL: + // You have guessed correct. // *Sits in chair for 10 minutes listening to the radio in an effort to put off writing the code you see below* echo ''; + echo '
'; + echo '
'; + echo '
'; + echo ''; + echo '
+ + + + '; $q = $db->sql_query('SELECT m.pg_member_id,m.page_id,m.namespace FROM '.table_prefix.'page_group_members AS m LEFT JOIN '.table_prefix.'pages AS p @@ -689,6 +784,50 @@ break; case PAGE_GRP_TAGGED: + echo ' + + + '; + break; + case PAGE_GRP_CATLINK: + + // Build category list + $q = $db->sql_query('SELECT name,urlname FROM '.table_prefix.'pages WHERE namespace=\'Category\';'); + if ( !$q ) + $db->_die(); + + if ( $db->numrows() < 1 ) + { + $catlist = 'There aren\'t any categories on this site.'; + } + else + { + $catlist = ''; + } + + echo ' + + + '; + break; } diff -r cb7dde69c301 -r d7fc25acd3f3 themes/admin/header.tpl --- a/themes/admin/header.tpl Wed Aug 01 13:39:27 2007 -0400 +++ b/themes/admin/header.tpl Sun Aug 05 15:58:50 2007 -0400 @@ -1,5 +1,5 @@ - +{PAGE_NAME} • {SITE_NAME} @@ -36,7 +36,7 @@
Remove pages from this group
+ Include pages with this tag: + + +
+ Include pages that are in this category:
+ Reminder: Enano does not automatically place any access controls on the category. If you + don\'t want users to be able to freely add and remove pages from the category (assuming Wiki Mode is enabled + for the category) then you need to enable protection on the category using the button on the more options menu. + +
+ ' . $catlist . ' +
-  +

{PAGE_NAME}

diff -r cb7dde69c301 -r d7fc25acd3f3 themes/admin/js/menu.js --- a/themes/admin/js/menu.js Wed Aug 01 13:39:27 2007 -0400 +++ b/themes/admin/js/menu.js Sun Aug 05 15:58:50 2007 -0400 @@ -42,6 +42,7 @@ var exheight = height - magic; expander.style.height = exheight + 'px'; expander.style.top = magic + 'px'; + expander_set_pos(); } function expander_onload() @@ -59,7 +60,26 @@ } } +function expander_set_pos() +{ + var winheight = getHeight(); + var magic = $('header').Height() + $('pagebar_main').Height(); + var top = getScrollOffset(); + if ( typeof(top) != 'number' ) + { + return null; + } + magic = magic - top; + if ( magic < 0 ) + magic = 0; + var bartop = magic + top; + var barheight = winheight - magic; + var expander = document.getElementById('sidebar-hide'); + expander.style.top = bartop + 'px'; + expander.style.height = barheight + 'px'; +} + addOnloadHook(expander_set_height); addOnloadHook(expander_onload); window.onresize = expander_set_height; - +window.onscroll = expander_set_pos; diff -r cb7dde69c301 -r d7fc25acd3f3 themes/admin/simple-header.tpl --- a/themes/admin/simple-header.tpl Wed Aug 01 13:39:27 2007 -0400 +++ b/themes/admin/simple-header.tpl Sun Aug 05 15:58:50 2007 -0400 @@ -36,7 +36,7 @@
-  +

{PAGE_NAME}

diff -r cb7dde69c301 -r d7fc25acd3f3 themes/oxygen/header.tpl --- a/themes/oxygen/header.tpl Wed Aug 01 13:39:27 2007 -0400 +++ b/themes/oxygen/header.tpl Sun Aug 05 15:58:50 2007 -0400 @@ -1,5 +1,5 @@ - + {PAGE_NAME} • {SITE_NAME} @@ -73,7 +73,7 @@ elem = document.getElementById('h2PageName'); if(!elem) return; elem.style.display = 'none'; - name = elem.innerHTML; + name = elem.firstChild.nodeValue; textbox = document.createElement('input'); textbox.type = 'text'; textbox.value = name; @@ -90,7 +90,8 @@ if(!elem1 || !elem2) return; value = elem2.value; elem2.parentNode.removeChild(elem2); // just destroy the thing - elem1.innerHTML = value; + elem1.removeChild(elem1.firstChild); + elem1.appendChild(document.createTextNode(value)); elem1.style.display = 'block'; if(!value || value=='') return; ajaxPost(stdAjaxPrefix+'&_mode=rename', 'newtitle='+escape(value), function() { diff -r cb7dde69c301 -r d7fc25acd3f3 themes/printable/header.tpl --- a/themes/printable/header.tpl Wed Aug 01 13:39:27 2007 -0400 +++ b/themes/printable/header.tpl Sun Aug 05 15:58:50 2007 -0400 @@ -1,5 +1,5 @@ - + {PAGE_NAME} • {SITE_NAME} diff -r cb7dde69c301 -r d7fc25acd3f3 themes/stpatty/header.tpl --- a/themes/stpatty/header.tpl Wed Aug 01 13:39:27 2007 -0400 +++ b/themes/stpatty/header.tpl Sun Aug 05 15:58:50 2007 -0400 @@ -1,5 +1,5 @@ - + {PAGE_NAME} • {SITE_NAME} @@ -19,7 +19,7 @@ elem = document.getElementById('pagetitle'); if(!elem) return; elem.style.display = 'none'; - name = elem.innerHTML; + name = elem.firstChild.nodeValue; textbox = document.createElement('input'); textbox.type = 'text'; textbox.value = name; @@ -36,7 +36,8 @@ if(!elem1 || !elem2) return; value = elem2.value; elem2.parentNode.removeChild(elem2); // just destroy the thing - elem1.innerHTML = value; + elem1.removeChild(elem1.firstChild); + elem1.appendChild(document.createTextNode(value)); elem1.style.display = 'block'; if(!value || value=='') return; ajaxPost(stdAjaxPrefix+'&_mode=rename', 'newtitle='+escape(value), function() {