diff --git a/core.php b/core.php index 1ee38ea..0056710 100644 --- a/core.php +++ b/core.php @@ -208,7 +208,7 @@ function renderpage($title, $content, $minimal = false) $content
@@ -526,6 +526,13 @@ switch($_GET["action"]) * %delete% */ case "delete": + if(!$editing) + { + exit(renderpage("Deleting $page - error", "

You tried to delete $page, but editing is disabled on this wiki.

+

If you wish to delete this page, please re-enable editing on this wiki first.

+

Go back to $page.

+

Nothing has been changed.

")); + } if(!$isadmin) { exit(renderpage("Deleting $page - error", "

You tried to delete $page, but you are not an admin so you don't have permission to do that.

@@ -553,9 +560,18 @@ switch($_GET["action"]) * %move% */ case "move": + if(!$editing) + { + exit(renderpage("Moving $page - error", "

You tried to move $page, but editing is disabled on this wiki.

+

If you wish to move this page, please re-enable editing on this wiki first.

+

Go back to $page.

+

Nothing has been changed.

")); + } if(!$isadmin) + { exit(renderpage("Moving $page - Error", "

You tried to move $page, but you do not have permission to do that.

You should try logging in as an admin.

")); + } if(!isset($_GET["new_name"]) or strlen($_GET["new_name"]) == 0) exit(renderpage("Moving $page", "

Moving $page

diff --git a/index.php b/index.php index 47605ba..63d8c9b 100755 --- a/index.php +++ b/index.php @@ -1,5 +1,5 @@ $title - "; - if(preg_match("/^[^\/]*\/\/|^\//", $css)) - { - $html .= "\n\t\t\n"; - } - else - { - $html .= "\n\t\t\n"; - } - $html .= "\n"; + "; + if(preg_match("/^[^\/]*\/\/|^\//", $css)) + { + $html .= "\n\t\t\n"; + } + else + { + $html .= "\n\t\t\n"; + } + $html .= "\n"; ////////// @@ -284,47 +284,47 @@ function renderpage($title, $content, $minimal = false) $html .= "

$sitename

$content
\n"; @@ -347,7 +347,7 @@ function renderpage($title, $content, $minimal = false) //////////////////////////////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////// Slimdown ///////////////////////////////////////// -////////////////////////////////////////////////////////////////////////////// %slimdown% // +////////////////////////////////////////////////////////////////////////////// %slimdown% // //////////////////////////////////////////////////////////////////////////////////////////// /** * Slimdown - A very basic regex-based Markdown parser. Supports the @@ -390,7 +390,7 @@ class Slimdown { '/\~\~(.*?)\~\~/' => '\1', // del '/\:\"(.*?)\"\:/' => '\1', // quote '/`(.*?)`/' => '\1', // inline code - '/\n\s*(\*|-)(.*)/' => 'self::ul_list', // ul lists + '/\n\s*(\*|-)(.*)/' => 'self::ul_list', // ul lists '/\n[0-9]+\.(.*)/' => 'self::ol_list', // ol lists '/\n(>|\>)(.*)/' => 'self::blockquote', // blockquotes '/\n-{3,}/' => "\n
", // horizontal rule @@ -408,7 +408,7 @@ class Slimdown { return sprintf ("\n

%s

\n", $trimmed); } private static function ul_list ($regs) { - $item = $regs[2]; + $item = $regs[2]; return sprintf ("\n", trim($item)); } private static function ol_list ($regs) { @@ -482,104 +482,104 @@ function human_time_since($time) switch($_GET["action"]) { - /* - * _ _ _ - * ___ __| (_) |_ - * / _ \/ _` | | __| - * | __/ (_| | | |_ - * \___|\__,_|_|\__| - * %edit% - */ + /* + * _ _ _ + * ___ __| (_) |_ + * / _ \/ _` | | __| + * | __/ (_| | | |_ + * \___|\__,_|_|\__| + * %edit% + */ case "edit": if(!$editing) { http_response_code(203); - header("location: index.php?page=$page"); + header("location: index.php?page=$page"); } - - $filename = "$page.md"; - $creatingpage = !isset($pageindex->$page); + + $filename = "$page.md"; + $creatingpage = !isset($pageindex->$page); if((isset($_GET["newpage"]) and $_GET["newpage"] == "true") or $creatingpage) { - $title = "Creating $page"; + $title = "Creating $page"; } else { - $title = "Editing $page"; + $title = "Editing $page"; } - + $pagetext = ""; - if(isset($pageindex->$page)) + if(isset($pageindex->$page)) { $pagetext = file_get_contents($filename); } - if((!$isloggedin and !$anonedits) or !$editing) - { - if(!$creatingpage) - { - //the page already exists - let the user view the page source - exit(renderpage("Viewing source for $page", "")); - } - else - { - http_response_code(404); - exit(renderpage("404 - $page", "

The page $page does not exist, but you do not have permission to create it.

If you haven't already, perhaps you should try logging in.

")); - } - } - + if((!$isloggedin and !$anonedits) or !$editing) + { + if(!$creatingpage) + { + //the page already exists - let the user view the page source + exit(renderpage("Viewing source for $page", "")); + } + else + { + http_response_code(404); + exit(renderpage("404 - $page", "

The page $page does not exist, but you do not have permission to create it.

If you haven't already, perhaps you should try logging in.

")); + } + } + $content = "

$title

"; if(!$isloggedin and $anonedits) { $content .= "

Warning: You are not logged in! Your IP address may be recorded.

"; } - $content .= "
+ $content .= "
"; exit(renderpage("$title - $sitename", $content)); break; - /* - * - * ___ __ ___ _____ - * / __|/ _` \ \ / / _ \ - * \__ \ (_| |\ V / __/ - * |___/\__,_| \_/ \___| - * %save% - */ + /* + * + * ___ __ ___ _____ + * / __|/ _` \ \ / / _ \ + * \__ \ (_| |\ V / __/ + * |___/\__,_| \_/ \___| + * %save% + */ case "save": if(!$editing) { - header("location: index.php?page=$page"); + header("location: index.php?page=$page"); exit(renderpage("Error saving edit", "

Editing is currently disabled on this wiki.

")); } if(!$isloggedin and !$anonedits) { http_response_code(403); - header("refresh: 5; url=index.php?page=$page"); + header("refresh: 5; url=index.php?page=$page"); exit("You are not logged in, so you are not allowed to save pages on $sitename. Redirecting in 5 seconds...."); } if(!isset($_POST["content"])) { http_response_code(400); - header("refresh: 5; url=index.php?page=$page"); + header("refresh: 5; url=index.php?page=$page"); exit("Bad request: No content specified."); } - if(file_put_contents("$page.md", htmlentities($_POST["content"]), ENT_QUOTES) !== false) + if(file_put_contents("$page.md", htmlentities($_POST["content"]), ENT_QUOTES) !== false) { //update the page index - if(!isset($pageindex->$page)) + if(!isset($pageindex->$page)) { - $pageindex->$page = new stdClass(); - $pageindex->$page->filename = "$page.md"; + $pageindex->$page = new stdClass(); + $pageindex->$page->filename = "$page.md"; } - $pageindex->$page->size = strlen($_POST["content"]); - $pageindex->$page->lastmodified = time(); + $pageindex->$page->size = strlen($_POST["content"]); + $pageindex->$page->lastmodified = time(); if($isloggedin) - $pageindex->$page->lasteditor = utf8_encode($user); + $pageindex->$page->lasteditor = utf8_encode($user); else - $pageindex->$page->lasteditor = utf8_encode("anonymous"); + $pageindex->$page->lasteditor = utf8_encode("anonymous"); file_put_contents("./pageindex.json", json_encode($pageindex, JSON_PRETTY_PRINT)); @@ -588,7 +588,7 @@ switch($_GET["action"]) else http_response_code(200); - header("location: index.php?page=$page"); + header("location: index.php?page=$page"); exit(); } else @@ -599,14 +599,14 @@ switch($_GET["action"]) } break; - /* - * _ _ _ - * | (_)___| |_ - * | | / __| __| - * | | \__ \ |_ - * |_|_|___/\__| - * %list% - */ + /* + * _ _ _ + * | (_)___| |_ + * | | / __| __| + * | | \__ \ |_ + * |_|_|___/\__| + * %list% + */ case "list": $title = "All Pages"; $content = "

$title on $sitename

@@ -632,93 +632,109 @@ switch($_GET["action"]) exit(renderpage("$title - $sitename", $content)); break; - /* - * _ _ _ - * __| | ___| | ___| |_ ___ - * / _` |/ _ \ |/ _ \ __/ _ \ - * | (_| | __/ | __/ || __/ - * \__,_|\___|_|\___|\__\___| - * %delete% - */ + /* + * _ _ _ + * __| | ___| | ___| |_ ___ + * / _` |/ _ \ |/ _ \ __/ _ \ + * | (_| | __/ | __/ || __/ + * \__,_|\___|_|\___|\__\___| + * %delete% + */ case "delete": - if(!$isadmin) - { - exit(renderpage("Deleting $page - error", "

You tried to delete $page, but you are not an admin so you don't have permission to do that.

-

You should try logging in as an admin.

")); - } - if(!isset($_GET["delete"]) or $_GET["delete"] !== "yes") - { - exit(renderpage("Deleting $page", "

You are about to delete $page. You can't undo this!

-

Click here to delete $page.

-

Click here to go back.")); - } - unset($pageindex->$page); //delete the page from the page index - file_put_contents("./pageindex.json", json_encode($pageindex, JSON_PRETTY_PRINT)); //save the new page index - unlink("./$page.md"); //delete the page from the disk - - exit(renderpage("Deleting $page - $sitename", "

$page has been deleted. Go back to the main page.

")); + if(!$editing) + { + exit(renderpage("Deleting $page - error", "

You tried to delete $page, but editing is disabled on this wiki.

+

If you wish to delete this page, please re-enable editing on this wiki first.

+

Go back to $page.

+

Nothing has been changed.

")); + } + if(!$isadmin) + { + exit(renderpage("Deleting $page - error", "

You tried to delete $page, but you are not an admin so you don't have permission to do that.

+

You should try logging in as an admin.

")); + } + if(!isset($_GET["delete"]) or $_GET["delete"] !== "yes") + { + exit(renderpage("Deleting $page", "

You are about to delete $page. You can't undo this!

+

Click here to delete $page.

+

Click here to go back.")); + } + unset($pageindex->$page); //delete the page from the page index + file_put_contents("./pageindex.json", json_encode($pageindex, JSON_PRETTY_PRINT)); //save the new page index + unlink("./$page.md"); //delete the page from the disk + + exit(renderpage("Deleting $page - $sitename", "

$page has been deleted. Go back to the main page.

")); break; - /* - * __ __ - * | \/ | _____ _____ - * | |\/| |/ _ \ \ / / _ \ - * | | | | (_) \ V / __/ - * |_| |_|\___/ \_/ \___| - * %move% - */ - case "move": - if(!$isadmin) - exit(renderpage("Moving $page - Error", "

You tried to move $page, but you do not have permission to do that.

-

You should try logging in as an admin.

")); - - if(!isset($_GET["new_name"]) or strlen($_GET["new_name"]) == 0) - exit(renderpage("Moving $page", "

Moving $page

-
- - - -
- - -
- -
")); - - $new_name = makepathsafe($_GET["new_name"]); - - if(!isset($pageindex->$page)) - exit(renderpage("Moving $page - Error", "

You tried to move $page to $new_name, but the page with the name $page does not exist in the first place.

-

Nothing has been changed.

")); - - if($page == $new_name) - exit(renderpage("Moving $page - Error", "

You tried to move $page, but the new name you gave is the same as it's current name.

-

It is possible that you tried to use some characters in the new name that are not allowed and were removed.

-

Page names may only contain alphanumeric characters, dashes, and underscores.

")); - - //move the page in the page index - $pageindex->$new_name = new stdClass(); - foreach($pageindex->$page as $key => $value) - { - $pageindex->$new_name->$key = $value; - } - unset($pageindex->$page); - file_put_contents("./pageindex.json", json_encode($pageindex, JSON_PRETTY_PRINT)); - - //move the page on the disk - rename("$page.md", "$new_name.md"); - - exit(renderpage("Moving $page", "

$page has been moved to $new_name successfully.

")); - break; - - /* - * _ _ - * | |__ ___| |_ __ - * | '_ \ / _ \ | '_ \ - * | | | | __/ | |_) | - * |_| |_|\___|_| .__/ - * %help% |_| - */ + /* + * __ __ + * | \/ | _____ _____ + * | |\/| |/ _ \ \ / / _ \ + * | | | | (_) \ V / __/ + * |_| |_|\___/ \_/ \___| + * %move% + */ + case "move": + if(!$editing) + { + exit(renderpage("Moving $page - error", "

You tried to move $page, but editing is disabled on this wiki.

+

If you wish to move this page, please re-enable editing on this wiki first.

+

Go back to $page.

+

Nothing has been changed.

")); + } + if(!$isadmin) + { + exit(renderpage("Moving $page - Error", "

You tried to move $page, but you do not have permission to do that.

+

You should try logging in as an admin.

")); + } + + if(!isset($_GET["new_name"]) or strlen($_GET["new_name"]) == 0) + exit(renderpage("Moving $page", "

Moving $page

+
+ + + +
+ + +
+ +
")); + + $new_name = makepathsafe($_GET["new_name"]); + + if(!isset($pageindex->$page)) + exit(renderpage("Moving $page - Error", "

You tried to move $page to $new_name, but the page with the name $page does not exist in the first place.

+

Nothing has been changed.

")); + + if($page == $new_name) + exit(renderpage("Moving $page - Error", "

You tried to move $page, but the new name you gave is the same as it's current name.

+

It is possible that you tried to use some characters in the new name that are not allowed and were removed.

+

Page names may only contain alphanumeric characters, dashes, and underscores.

")); + + //move the page in the page index + $pageindex->$new_name = new stdClass(); + foreach($pageindex->$page as $key => $value) + { + $pageindex->$new_name->$key = $value; + } + unset($pageindex->$page); + file_put_contents("./pageindex.json", json_encode($pageindex, JSON_PRETTY_PRINT)); + + //move the page on the disk + rename("$page.md", "$new_name.md"); + + exit(renderpage("Moving $page", "

$page has been moved to $new_name successfully.

")); + break; + + /* + * _ _ + * | |__ ___| |_ __ + * | '_ \ / _ \ | '_ \ + * | | | | __/ | |_) | + * |_| |_|\___|_| .__/ + * %help% |_| + */ case "help": $title = "Help - $sitename"; $content = "

$sitename Help

@@ -747,14 +763,14 @@ switch($_GET["action"]) exit(renderpage($title, $content)); break; - /* - * _ _ - * | | ___ __ _(_)_ __ - * | |/ _ \ / _` | | '_ \ - * | | (_) | (_| | | | | | - * |_|\___/ \__, |_|_| |_| - * |___/ %login% - */ + /* + * _ _ + * | | ___ __ _(_)_ __ + * | |/ _ \ / _` | | '_ \ + * | | (_) | (_| | | | | | + * |_|\___/ \__, |_|_| |_| + * |___/ %login% + */ case "login": $title = "Login to $sitename"; $content = "

Login to $sitename

\n"; @@ -770,14 +786,14 @@ switch($_GET["action"]) exit(renderpage($title, $content)); break; - /* - * _ _ _ _ - * ___| |__ ___ ___| | _| | ___ __ _(_)_ __ - * / __| '_ \ / _ \/ __| |/ / |/ _ \ / _` | | '_ \ - * | (__| | | | __/ (__| <| | (_) | (_| | | | | | - * \___|_| |_|\___|\___|_|\_\_|\___/ \__, |_|_| |_| - * %checklogin% |___/ - */ + /* + * _ _ _ _ + * ___| |__ ___ ___| | _| | ___ __ _(_)_ __ + * / __| '_ \ / _ \/ __| |/ / |/ _ \ / _` | | '_ \ + * | (__| | | | __/ (__| <| | (_) | (_| | | | | | + * \___|_| |_|\___|\___|_|\_\_|\___/ \__, |_|_| |_| + * %checklogin% |___/ + */ case "checklogin": if(isset($_POST["user"]) and isset($_POST["pass"])) { @@ -813,14 +829,14 @@ switch($_GET["action"]) } break; - /* - * _ _ - * | | ___ __ _ ___ _ _| |_ - * | |/ _ \ / _` |/ _ \| | | | __| - * | | (_) | (_| | (_) | |_| | |_ - * |_|\___/ \__, |\___/ \__,_|\__| - * |___/ %logout% - */ + /* + * _ _ + * | | ___ __ _ ___ _ _| |_ + * | |/ _ \ / _` |/ _ \| | | | __| + * | | (_) | (_| | (_) | |_| | |_ + * |_|\___/ \__, |\___/ \__,_|\__| + * |___/ %logout% + */ case "logout": $isloggedin = false; unset($user); @@ -831,14 +847,14 @@ switch($_GET["action"])

Logout Successful. You can login again here.

")); break; - /* - * _ _ _ - * ___ _ __ ___ __| (_) |_ ___ - * / __| '__/ _ \/ _` | | __/ __| - * | (__| | | __/ (_| | | |_\__ \ - * \___|_| \___|\__,_|_|\__|___/ - * %credits% - */ + /* + * _ _ _ + * ___ _ __ ___ __| (_) |_ ___ + * / __| '__/ _ \/ _` | | __/ __| + * | (__| | | __/ (_| | | |_\__ \ + * \___|_| \___|\__,_|_|\__|___/ + * %credits% + */ case "credits": $title = "Credits - $sitename"; $content = "

$sitename credits

@@ -848,14 +864,14 @@ switch($_GET["action"]) exit(renderpage($title, $content)); break; - /* - * _ _ - * | |__ __ _ ___| |__ - * | '_ \ / _` / __| '_ \ - * | | | | (_| \__ \ | | | - * |_| |_|\__,_|___/_| |_| - * %hash% - */ + /* + * _ _ + * | |__ __ _ ___| |__ + * | '_ \ / _` / __| '_ \ + * | | | | (_| \__ \ | | | + * |_| |_|\__,_|___/_| |_| + * %hash% + */ case "hash": if(!isset($_GET["string"])) { @@ -869,39 +885,39 @@ switch($_GET["action"]) } break; - /* - * _ - * __ _(_) _____ __ - * \ \ / / |/ _ \ \ /\ / / - * \ V /| | __/\ V V / - * \_/ |_|\___| \_/\_/ - * %view% - */ + /* + * _ + * __ _(_) _____ __ + * \ \ / / |/ _ \ \ /\ / / + * \ V /| | __/\ V V / + * \_/ |_|\___| \_/\_/ + * %view% + */ case "view": default: //check to make sure that the page exists - if(!isset($pageindex->$page)) + if(!isset($pageindex->$page)) { if($editing) { //editing is enabled, redirect to the editing page http_response_code(307); //temporary redirect - header("location: index.php?action=edit&newpage=yes&page=" . rawurlencode($page)); + header("location: index.php?action=edit&newpage=yes&page=" . rawurlencode($page)); exit(); } else { //editing is disabled, show an error message http_response_code(404); - exit(renderpage("$page - 404 - $sitename", "

$page does not exist.

Since editing is currently disabled on this wiki, you may not create this page. If you feel that this page should exist, try contacting this wiki's Administrator.

")); + exit(renderpage("$page - 404 - $sitename", "

$page does not exist.

Since editing is currently disabled on this wiki, you may not create this page. If you feel that this page should exist, try contacting this wiki's Administrator.

")); } } - $title = "$page - $sitename"; - $content = "

$page

"; + $title = "$page - $sitename"; + $content = "

$page

"; $slimdown_start = microtime(true); - $content .= Slimdown::render(file_get_contents("$page.md")); + $content .= Slimdown::render(file_get_contents("$page.md")); $content .= "\n\t\n";