function ajax_savepage($formatter, $options) { global $DBInfo; if ($_SERVER['REQUEST_METHOD'] != "POST" or !$DBInfo->security->writable($options)) { return ajax_invalid($formatter, $options); } $savetext = $options['savetext']; $datestamp = $options['datestamp']; $hash = $options['hash']; $savetext = preg_replace("/\r\n|\r/", "\n", $savetext); $savetext = _stripslashes($savetext); $section_savetext = ''; if (isset($options['section'])) { if ($formatter->page->exists()) { $sections = _get_sections($formatter->page->get_raw_body()); if ($sections[$options['section']]) { if (substr($savetext, -1) != "\n") { $savetext .= "\n"; } $sections[$options['section']] = $savetext; } $section_savetext = $savetext; $savetext = implode('', $sections); } } if ($savetext and $savetext[strlen($savetext) - 1] != "\n") { $savetext .= "\n"; } $new = md5($savetext); if ($formatter->page->exists()) { # check difference $body = $formatter->page->get_raw_body(); $body = preg_replace("/\r\n|\r/", "\n", $body); $orig = md5($body); # check datestamp if ($formatter->page->mtime() > $datestamp) { $options['msg'] = sprintf(_("Someone else saved the page while you edited %s"), $formatter->link_tag($formatter->page->urlname, "", _html_escape($options['page']))); print "false\n"; print $options['msg']; return; } else { if ($datestamp > time()) { print _("Invalid access"); print "false\n"; return; } } // check hash if (!empty($DBInfo->use_savepage_hash)) { $ticket = getTicket($datestamp . $DBInfo->user->id, $_SERVER['REMOTE_ADDR']); if ($hash != md5($ticket)) { print _("Invalid access"); print "false\n"; return; } } } else { $options['msg'] = _("Section edit is not valid for non-exists page."); print "false\n"; print $options['msg']; return; } if ($orig == $new) { $options['msg'] = sprintf(_("Go back or return to %s"), $formatter->link_tag($formatter->page->urlname, "", _html_escape($options['page']))); print "false\n"; print $options['msg']; return; } if ($DBInfo->spam_filter) { $text = $savetext; $fts = preg_split('/(\\||,)/', $DBInfo->spam_filter); foreach ($fts as $ft) { $text = $formatter->filter_repl($ft, $text, $options); } if ($text != $savetext) { $options['msg'] = _("Sorry, can not save page because some messages are blocked in this wiki."); print "false\n"; print $options['msg']; return; } } $comment = _stripslashes($options['comment']); $formatter->page->write($savetext); $retval = array(); $options['retval'] =& $retval; $ret = $DBInfo->savePage($formatter->page, $comment, $options); if ($ret != -1 and $DBInfo->notify and $options['minor'] != 1) { $options['noaction'] = 1; if (!function_exists('mail')) { $options['msg'] = sprintf(_("mail does not supported by default.")) . "<br />"; } else { $ret2 = wiki_notify($formatter, $options); if ($ret2) { $options['msg'] = sprintf(_("Sent notification mail.")) . "<br />"; } else { $options['msg'] = sprintf(_("No subscribers found.")) . "<br />"; } } } if ($ret == -1) { $options['msg'] .= sprintf(_("%s is not editable"), $formatter->link_tag($formatter->page->urlname, "", _html_escape($options['page']))); } else { $options['msg'] .= sprintf(_("%s is saved"), $formatter->link_tag($formatter->page->urlname, "?action=show", _html_escape($options['page']))); } print "true\n"; print $options['msg']; return; }
function ajax_repl($plugin, $options = '') { if (!function_exists('ajax_' . $plugin) and !function_exists('do_' . $plugin)) { $ff = getPlugin($plugin); if (!$ff) { return ajax_invalid($this, array('title' => _("Invalid ajax action."))); } include_once "plugin/{$ff}.php"; } if (!function_exists('ajax_' . $plugin)) { if (function_exists('do_' . $plugin)) { call_user_func('do_' . $plugin, $this, $options); return; } else { if (function_exists('macro_' . $plugin)) { echo call_user_func_array('macro_' . $plugin, array(&$this, '', $options)); return; } } return ajax_invalid($this, array('title' => _("Invalid ajax action."))); } return call_user_func('ajax_' . $plugin, $this, $options); }