function buildLink($wvActionId, $options, $caption) { $lttemp = false; if (isset($_POST["login"])) { if ($_POST["login"] == "1") { $lttemp = true; } } if ($lttemp == true) { //Check that the user is properly logged in $wvuserpasswdmd5ln = qry('user', 'user_password_md5', 'user_name', fv('wvUserName')); if (md5($_SESSION['wvUserPassword']) == $wvuserpasswdmd5ln) { $loginverifiedln = 1; $loginln = 1; } else { $loginverifiedln = 0; err(5); $loginbl = 0; } if ($loginverifiedln == 1) { } else { err(289); $loginln = 0; } } else { $loginln = 0; } $localeid = fv('locale'); if ($loginln == 0) { if ($options == '') { $separator = ''; $options = $options . '&locale=' . $localeid; $options = str_replace('&&', '&', $options); } else { $separator = '&'; $options = $options . 'locale=' . $localeid; $options = str_replace('&&', '&', $options); } $linkGenerated = itr(38) . $wvActionId . $separator . $options . itr(39) . $caption . itr(40); } else { if ($options == '') { $separator = ''; $options = $options . '&wvSession=' . session_id() . '&' . itr(63) . $localeid; $options = str_replace('&&', '&', $options . '&wvSession=' . session_id()); } else { $separator = itr(41); $options = $options . '&' . itr(62) . $localeid; $options = str_replace('&&', '&', $options); } $linkGenerated = str_replace('&&', '&', itr(42) . $wvActionId . str_replace(itr(54), itr(43), str_replace('=', itr(44), $options)) . itr(1083) . $caption . itr(1084)); } return $linkGenerated; }
private function sqlParameter($isADD, &$data, $name, &$field, &$EnumPrunecache, $isSerialized = false, $kA = '', $wS = '') { $output = false; $encapsulation = $isSerialized ? '' : '"'; switch ($field[CONS_XML_TIPO]) { case CONS_TIPO_INT: if (isset($data[$name]) && $data[$name] !== "" && is_numeric($data[$name])) { $output = $data[$name]; } else { if ($isADD && isset($field[CONS_XML_DEFAULT])) { $output = $field[CONS_XML_DEFAULT]; } } break; case CONS_TIPO_LINK: if ($field[CONS_XML_LINKTYPE] == CONS_TIPO_INT || $field[CONS_XML_LINKTYPE] == CONS_TIPO_FLOAT) { $encapsulation = ''; } if (isset($data[$name]) && ($data[$name] !== '' && $data[$name] !== 0 || !isset($field[CONS_XML_MANDATORY]))) { # non-mandatory links accept 0 values, otherwise 0 is not acceptable if ((!$isADD && isset($field[CONS_XML_IGNORENEDIT]) || $isADD) && ($data[$name] === 0 || $data[$name] === '')) { break; } else { if (($field[CONS_XML_LINKTYPE] == CONS_TIPO_INT || $field[CONS_XML_LINKTYPE] == CONS_TIPO_FLOAT) && ($data[$name] === '' || !is_numeric($data[$name]))) { $data[$name] = 0; } else { if ($field[CONS_XML_LINKTYPE] == CONS_TIPO_VC && $data[$name] != '') { if ($field[CONS_XML_SPECIAL] == "ucase") { $data[$name] = strtoupper($data[$name]); } if ($field[CONS_XML_SPECIAL] == "lcase") { $data[$name] = strtolower($data[$name]); } } } } # if this is a parent, check if this won't create a cyclic parenting if ($data[$name] !== 0 && $data[$name] !== '' && $field[CONS_XML_MODULE] == $this->name && $this->options[CONS_MODULE_PARENT] == $name) { if (!$isADD && $data[$name] == $data[$this->keys[0]]) { $data[$name] = 0; $this->parent->errorControl->raise(128, $name, $this->name, "Parent=Self"); if (isset($field[CONS_XML_MANDATORY])) { return false; } } else { $antiCicle = $isADD ? array() : array($data[$this->keys[0]]); $idP = isset($data[$name]) ? $data[$name] : 0; if ($idP == null) { $idP = 0; } while ($idP !== 0) { $idP = $this->parent->dbo->fetch("SELECT {$name} FROM " . $this->dbname . " WHERE " . $this->keys[0] . "={$idP}"); if ($idP == NULL) { $idP = 0; } if (in_array($idP, $antiCicle)) { break; } // cicle! $antiCicle[] = $idP; } unset($antiCicle); if ($idP !== 0) { # did not reach root $this->parent->errorControl->raise(128, $name, $this->name, "Initial parent was = " . $data[$name]); $data[$name] = 0; if (isset($field[CONS_XML_MANDATORY])) { return false; } } } } $output = $encapsulation . $data[$name] . $encapsulation; } else { if ($isADD && isset($field[CONS_XML_DEFAULT])) { if ($field[CONS_XML_DEFAULT] == "%UID%" && defined("CONS_AUTH_USERMODULE") && $field[CONS_XML_MODULE] == CONS_AUTH_USERMODULE && $_SESSION[CONS_SESSION_ACCESS_LEVEL] > 0 && isset($_SESSION[CONS_SESSION_ACCESS_USER]['id'])) { $output = $encapsulation . $_SESSION[CONS_SESSION_ACCESS_USER]['id'] . $encapsulation; } else { if ($field[CONS_XML_DEFAULT] != "%UID%") { $output = $encapsulation . $field[CONS_XML_DEFAULT] . $encapsulation; } } } } break; case CONS_TIPO_FLOAT: if (isset($data[$name]) && $data[$name] !== "") { $data[$name] = fv($data[$name]); if (is_numeric($data[$name])) { $output = str_replace(",", ".", $data[$name]); } else { if ($isADD && isset($field[CONS_XML_DEFAULT])) { $output = $field[CONS_XML_DEFAULT]; } } } else { if ($isADD && isset($field[CONS_XML_DEFAULT])) { $output = $field[CONS_XML_DEFAULT]; } } break; case CONS_TIPO_VC: if (isset($data[$name])) { if (!isset($field[CONS_XML_SPECIAL]) || $field[CONS_XML_SPECIAL] != "urla") { if (!isset($field[CONS_XML_CUSTOM])) { $data[$name] = cleanString($data[$name], isset($field[CONS_XML_HTML]), $_SESSION[CONS_SESSION_ACCESS_LEVEL] == 100, $this->parent->dbo); } else { if (!$isSerialized) { $data[$name] = addslashes_EX($data[$name], isset($field[CONS_XML_HTML]), $this->parent->dbo); } } } if (isset($field[CONS_XML_SPECIAL])) { if ($field[CONS_XML_SPECIAL] == "urla") { if (!isset($data[$name]) || $data[$name] == '') { $source = isset($field[CONS_XML_SOURCE]) ? $field[CONS_XML_SOURCE] : "{" . $this->title . "}"; $tp = new CKTemplate($this->parent->template); $tp->tbreak($source); $data[$name] = $tp->techo($data); unset($tp); } $data[$name] = str_replace(">", "", str_replace("<", "", str_replace(""", "", str_replace("'", "", $data[$name])))); $data[$name] = removeSimbols($data[$name], true, false, CONS_FLATTENURL); } if ($field[CONS_XML_SPECIAL] == "login" && $data[$name] != "") { if (!preg_match('/^([A-Za-z0-9_\\-\\.@]){4,20}$/', $data[$name])) { $data[$name] = ""; $this->parent->errorControl->raise(129, $name, $this->name); break; } } if ($field[CONS_XML_SPECIAL] == "mail" && $data[$name] != "") { if (!isMail($data[$name])) { $data[$name] = ""; $this->parent->errorControl->raise(130, $name, $this->name); break; } } if ($field[CONS_XML_SPECIAL] == "ucase" && $data[$name] != "") { $data[$name] = strtoupper($data[$name]); $data[$name] = addslashes_EX($data[$name], isset($field[CONS_XML_HTML]), $this->parent->dbo); } if ($field[CONS_XML_SPECIAL] == "lcase" && $data[$name] != "") { $data[$name] = strtolower($data[$name]); $data[$name] = addslashes_EX($data[$name], isset($field[CONS_XML_HTML]), $this->parent->dbo); } if ($field[CONS_XML_SPECIAL] == "path" && $data[$name] != "") { if (!preg_match('/^([A-Za-z0-9_\\/\\-]*)$/', $data[$name])) { $data[$name] = ""; $this->parent->errorControl->raise(131, $name, $this->name); break; } } if ($field[CONS_XML_SPECIAL] == "onlinevideo" && $data[$name] != "") { if (!preg_match('/^([A-Za-z0-9_\\-]){8,20}$/', $data[$name])) { $data[$name] = ""; $this->parent->errorControl->raise(132, $name, $this->name); break; } } if ($field[CONS_XML_SPECIAL] == "time" && $data[$name] != "") { if (!preg_match('/^([0-9]){1,2}(:)([0-9]){1,2}$/', $data[$name])) { $data[$name] = ""; $this->parent->errorControl->raise(133, $name, $this->name); break; } else { $data[$name] = explode(":", $data[$name]); $data[$name][0] = (strlen($data[$name][0]) == 1 ? "0" : "") . $data[$name][0]; $data[$name][1] = (strlen($data[$name][1]) == 1 ? "0" : "") . $data[$name][1]; $data[$name] = $data[$name][0] . ":" . $data[$name][1]; } } } if (!$isADD && isset($field[CONS_XML_IGNORENEDIT]) && $data[$name] == "") { break; } else { if ($isADD && (!isset($data[$name]) || $data[$name] == '') && isset($field[CONS_XML_DEFAULT])) { $data[$name] = $field[CONS_XML_DEFAULT]; } } $output = $encapsulation . $data[$name] . $encapsulation; } break; case CONS_TIPO_TEXT: if (isset($data[$name])) { # WYSIWYG garbage ... if (isset($field[CONS_XML_HTML]) && !isset($field[CONS_XML_CUSTOM])) { $data[$name] = str_replace(" ", " ", trim($data[$name])); if (isset($field[CONS_XML_SIMPLEEDITFORCE]) && $data[$name] != '') { if (!defined('C_XHTML_AUTOTAB')) { include CONS_PATH_INCLUDE . "xmlHandler.php"; } $data[$name] = parseHTML($data[$name], true); if ($data[$name] === false) { $this->parent->errorControl->raise(190, $name, $this->name); $data[$name] = ''; break; } } if ($this->invalidHTML($data[$name])) { # external editors garbage that can break HTML $this->parent->errorControl->raise(135, $name, $this->name); } } if (!isset($field[CONS_XML_CUSTOM])) { $data[$name] = cleanString($data[$name], isset($field[CONS_XML_HTML]), $_SESSION[CONS_SESSION_ACCESS_LEVEL] == 100, $this->parent->dbo); } else { if (!$isSerialized) { $data[$name] = addslashes_EX($data[$name], true, $this->parent->dbo); } } if (!$isADD && isset($field[CONS_XML_IGNORENEDIT]) && $data[$name] == "") { break; } $output = $encapsulation . $data[$name] . $encapsulation; } else { if ($isADD && isset($field[CONS_XML_DEFAULT])) { $output = $encapsulation . $field[CONS_XML_DEFAULT] . $encapsulation; } } break; case CONS_TIPO_DATETIME: case CONS_TIPO_DATE: if (!isset($data[$name]) || $data[$name] == '') { if (!$isADD && isset($field[CONS_XML_UPDATESTAMP])) { $output = "NOW()"; $data[$name] = date("Y-m-d") . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " " . date("H:i:s") : ""); // might be used by friendly url or such break; } else { if ($isADD && (isset($field[CONS_XML_TIMESTAMP]) || isset($field[CONS_XML_UPDATESTAMP]))) { $output = "NOW()"; $data[$name] = date("Y-m-d") . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " " . date("H:i:s") : ""); // might be used by friendly url or such break; } } } if (!isset($data[$name]) && isset($data[$name . "_day"])) { # date came into separated fields, merge them $theDate = $this->parent->intlControl->mergeDate($data, $name . "_"); if (!$theDate == false || ($theDate == "0000-00-00" || $theDate == "0000-00-00 00:00:00") && isset($field[CONS_XML_IGNORENEDIT])) { break; } # empty date can be ignored, or corrupt date $output = $encapsulation . $theDate . $encapsulation; } else { # came in mySQL format or i18n fromat if (isset($data[$name]) && $data[$name] != "") { $data[$name] = trim($data[$name]); $theDate = $data[$name]; $theDate = $this->parent->intlControl->dateToSql($theDate, $field[CONS_XML_TIPO] == CONS_TIPO_DATETIME); // handles any format of human or sql date if ($theDate === false) { if (substr($data[$name], 0, 5) == "NOW()") { $output = $data[$name]; $data[$name] = date("Y-m-d") . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " " . date("H:i:s") : ""); // might be used by friendly url or such } else { $this->parent->errorControl->raise(134, $name, $this->name); } } else { $output = $encapsulation . $theDate . $encapsulation; $data[$name] = $theDate; // other fields might need it } } else { if (isset($data[$name])) { // blank if (!$isADD && isset($field[CONS_XML_IGNORENEDIT])) { break; } $output = isset($field[CONS_XML_MANDATORY]) && $field[CONS_XML_MANDATORY] ? $encapsulation . "0000-00-00" . ($field[CONS_XML_TIPO] == CONS_TIPO_DATETIME ? " 00:00:00" : "") . $encapsulation : 'NULL'; } } } break; case CONS_TIPO_ENUM: if (isset($data[$name])) { if ($data[$name] == "") { # enum does not accept empty values, this means it's a NON-MANDATORY enum comming empty = NULL $output = "NULL"; } else { $data[$name] = str_replace("\"", "", str_replace("'", "", $data[$name])); $output = $encapsulation . $data[$name] . $encapsulation; if (isset($field[CONS_XML_AUTOPRUNE])) { // possible prune //$EnumPrunecache preg_match("@ENUM \\(([^)]*)\\).*@", $field[CONS_XML_SQL], $regs); $enums = explode(",", $regs[1]); $pruneRecipient = ""; for ($ec = 0; $ec < count($enums); $ec++) { if (isset($field[CONS_XML_AUTOPRUNE][$ec]) && $field[CONS_XML_AUTOPRUNE][$ec] == '*') { $pruneRecipient = $enums[$ec]; } } for ($ec = 0; $ec < count($enums); $ec++) { if ("'" . $data[$name] . "'" == $enums[$ec]) { if (isset($field[CONS_XML_AUTOPRUNE][$ec]) && $field[CONS_XML_AUTOPRUNE][$ec] != '0' && $field[CONS_XML_AUTOPRUNE][$ec] != '*') { $EnumPrunecache[] = array($name, $field[CONS_XML_AUTOPRUNE][$ec], $pruneRecipient); } break; // for } } } } } else { if ($isADD && isset($field[CONS_XML_DEFAULT])) { $output = $encapsulation . $field[CONS_XML_DEFAULT] . $encapsulation; } } break; case CONS_TIPO_OPTIONS: # must come as a string of 0 and 1 if (isset($data[$name]) && strlen($data[$name]) >= count($field[CONS_XML_OPTIONS])) { # test if they are all 0 and 1! $ok = true; for ($c = 0; $c < strlen($data[$name]); $c++) { if ($data[$name][$c] != "0" && $data[$name][$c] != "1") { $ok = false; break; } } if ($ok) { $output = $encapsulation . $data[$name] . ($isADD ? '0000' : '') . $encapsulation; } } break; case CONS_TIPO_UPLOAD: if (!$isADD) { # upload on add happens AFTER the SQL include, so if it fails, we don't even bother processing upload if (isset($data[$name . "_delete"]) || isset($_FILES[$name]) && $_FILES[$name]['error'] == 0) { // delete ou update $ids = ""; foreach ($this->keys as $key) { $ids .= $data[$key] . "_"; } $ids = substr($ids, 0, strlen($ids) - 1); $this->deleteUploads($data, $name, $ids); } $upOk = $this->prepareUpload($name, $kA, $data); $upvalue = $upOk == '0' ? 'y' : 'n'; if ($upOk != 0 && $upOk != 4) { # notification for the upload (4 = nothing sent, 0 = sent and ok) $this->parent->errorControl->raise(200 + $upOk, $upOk, $this->name, $name); } if ($upOk != 4) { $output = $encapsulation . $upvalue . $encapsulation; } else { // no change, but take this oportunity and check if the file exists! $upvalue = 'n'; $path = CONS_FMANAGER . $this->name . "/"; if (is_dir($path)) { if (isset($this->fields[$name][CONS_XML_FILEPATH])) { $path .= $this->fields[$name][CONS_XML_FILEPATH]; if ($path[strlen($path) - 1] != "/") { $path .= "/"; } if (!is_dir($path)) { safe_mkdir($path); } } # prepares filename with item keys $filename = $path . $name . "_"; foreach ($this->keys as $key) { $filename .= $data[$key] . "_"; } $filename .= "1"; $upvalue = locateAnyFile($filename, $ext, isset($this->fields[$name][CONS_XML_FILETYPES]) ? $this->fields[$name][CONS_XML_FILETYPES] : '') ? 'y' : 'n'; } $output = $encapsulation . $upvalue . $encapsulation; } } break; case CONS_TIPO_ARRAY: if (isset($data[$name])) { if (is_array($data[$name])) { $output = $data[$name]; } else { # came in serialized (JSON or php) if ($data[$name][0] == '[') { # JSON $output = @json_decode($data[$name]); } else { $output = @unserialize($data[$name]); } # we will serialize the whole thing if ($output === false) { $this->parent->errorControl->raise(189, $name, $this->name); $output = ""; } } } break; case CONS_TIPO_SERIALIZED: if (isset($data[$name])) { // came raw data, we store as is, YOU should serialize raw data $data[$name] = addslashes_EX($data[$name], true); if (isset($field[CONS_XML_IGNORENEDIT]) && $data[$name] == "") { break; } $output = $encapsulation . $data[$name] . $encapsulation; } else { if ($this->fields[$name][CONS_XML_SERIALIZED] > 1) { // set to WRITE or ALL // note: we ADD fields, never replace, because we should allow partial edits, thus we need to read the original data first $sql = "SELECT {$name} FROM " . $this->dbname . " WHERE {$wS}"; $serialized = $this->parent->dbo->fetch($sql); if ($serialized === false) { $serialized = array(); } else { $serialized = @unserialize($serialized); } $serializedFields = 0; foreach ($this->fields[$name][CONS_XML_SERIALIZEDMODEL] as $exname => &$exfield) { if (isset($data[$name . "_" . $exname])) { $outfield = $this->sqlParameter(true, $data, $name . "_" . $exname, $exfield, $EnumPrunecache, true); if ($outfield !== false && $outfield != 'NULL') { $serialized[$exname] = $outfield; } # we don't need to store NULL like in sql } } $output = $encapsulation . addslashes_EX(serialize($serialized), true, $this->parent->dbo) . $encapsulation; } } break; } # switch return $output; }
<?php /* VERIFYING ACTION APPROVAL */ $axnAuthPriv = qry('operation', 'operation_permission_required', 'operation_id', fv('a')); if ($login == 0) { $userAuth = 0; } else { $userAuth = qry('user', 'user_authorisation_type', 'user_name', fv('wvUserName')); } if ($userAuth >= $axnAuthPriv) { $userpermissionverified = 1; if (strpos('node', $wvActionId) === true || strpos('Node', $wvActionId) === true) { //TODO checkPermissions($nodeId); if ($userPermissionRead == 1 || $userPermissionWrite == 2 && $wvActionIdCheck == 'viewNode' || $userPermissionWrite == 2 && $wvActionIdCheck == 'editNode') { $nodepermerr == 1; } else { $nodepermerr == 0; echo SELECT; } } else { //This is not a node action $nodepermerr = 0; } } else { $userpermissionverified = 0; } /* END ACTION APPROVAL */
} //ACTION newCharacterCategoryExecute if ($wvActionId == 'newCharacterCategoryExecute') { $sqlquery = 'INSERT INTO `character_category` ( `dce_id` , `dce_category` , `dce_name` , `dce_html` , `dce_comment` , `dce_decomposition` , `dce_aka` , `dce_see_also` , `dce_comments` , `dce_mojikyo` , `dce_tron` , `dce_armscii8` , `dce_unicode` ) VALUES ( NULL , \'' . fv('characterCategory') . '\', \'' . fv('characterName') . '\', \'' . fv('characterHtml') . '\', NULL, \'' . fv('characterDecomposition') . '\', \'' . fv('characterAka') . '\', \'' . fv('characterSeeAlso') . '\', \'' . fv('characterComments') . '\', \'' . fv('characterMojikyo') . '\', \'' . fv('characterTron') . '\', \'' . fv('characterArmscii') . '\', \'' . fv('characterUnicode') . '\' );'; echo $sqlquery; mysql_query($sqlquery); $pageBody = itr(915) . mysql_insert_id() . itr(916); $pageTitle = itr(917); } else { } //ACTION nodeIndex (final action in action defs) if ($wvActionId == 'nodeIndex') { $nodeMin = 0; $nodeMaxArray = mysql_fetch_array(mysql_query('SELECT MAX(node_id) FROM `node`;')); $nodeMax = $nodeMaxArray['MAX(node_id)']; $start = fv('st'); $start = round($start); $end = $start + 9; if ($end > $nodeMax) { $end = $nodeMax; } $prevStart = $start - 10; if ($prevStart < $nodeMin) { $prevStart = $nodeMin; } $nextStart = $end + 1; if ($nextStart > $nodeMax) { $nextStart = $start; } if ($nextStart == $nodeMax) { $nextStart = $nodeMax;
function newNodeRevisionExecute() { if (fv('nodeDataUploadFlag')) { // echo 'Adding data…'; $tablenamenewdata = "data"; $next_incrementdata = 0; $qShowStatusdata = "SHOW TABLE STATUS LIKE '{$tablenamenewdata}'"; $qShowStatusResultdata = mysql_query($qShowStatusdata) or die("Query failed: " . mysql_error() . "<br/>" . $qShowStatusdata); $rowdata = mysql_fetch_assoc($qShowStatusResultdata); $next_incrementdata = $rowdata['Auto_increment']; mysql_query('INSERT INTO `data` (`data_id`, `data_current_revision`) VALUES (NULL, \'' . $next_incrementdata . '\');'); $addedDataId = mysql_insert_id(); // echo 'data number ' . $addedDataId . 'and data revision number '; $fileTempName = $_FILES['uploadeddata']['tmp_name']; mysql_query('INSERT INTO `data_revision` (`data_revision_id`, `data_revision_name`, `data_revision_length`, `data_revision_type`, `data_revision_node_id`, `data_revision_md5`, `data_revision_data_id`, `data_revision_node_edit_id`) VALUES (NULL, \'' . $HTTP_POST_FILES['uploadeddata']['name'] . '\', \'' . $HTTP_POST_FILES['uploadeddata']['size'] . '\', \'' . fv('dataType') . '\', \'nodeid\', \'' . md5_file($fileTempName) . '\', \'' . $addedDataId . '\', \'not yet known\');'); $targetULDirectory = 'weave/data/' . str_replace(0, '0/', str_replace(1, '1/', str_replace(2, '2/', str_replace(3, '3/', str_replace(4, '4/', str_replace(5, '5/', str_replace(6, '6/', str_replace(7, '7/', str_replace(8, '8/', str_replace(9, '9/', mysql_insert_id())))))))))); mkdir($targetULDirectory, 0700, true); /* $ck = mysql_insert_id(); $subdirs = array(); for ($i = 0;$i < strlen($ck);$i++) $subdirs[] = $ck[$i]; */ $addedDataRevisionId = mysql_insert_id(); // echo $addedDataRevisionId; $targetULDirectory = $targetULDirectory . $addedDataRevisionId . '.wdf'; // echo $targetULDirectory; move_uploaded_file($fileTempName, $targetULDirectory); } else { // echo 'not adding data. '; } $tablenamenewnode = "node_revision"; $next_incrementnode = 0; $qShowStatusnode = "SHOW TABLE STATUS LIKE '{$tablenamenewnode}'"; $qShowStatusResultnode = mysql_query($qShowStatusnode) or die("Query failed: " . mysql_error() . "<br/>" . $qShowStatusnode); $rownode = mysql_fetch_assoc($qShowStatusResultnode); $next_incrementnode_revision = $rownode['Auto_increment']; mysql_query('UPDATE `node` SET `node_current_revision` = \'' . $next_incrementnode_revision . '\' WHERE `node_id` =' . fv('nodeId') . ' LIMIT 1 ;'); //INSERT INTO `node` ( `node_id` , `node_current_revision` ) VALUES (' . fv('nodeId') . ', \'' . $next_incrementnode_revision . '\');'); $nodeEditedId = mysql_insert_id(); newintf($_POST['nodeDisplayTitle']); global $newIntfId; $nodeDisplayTitleIntfId = $newIntfId; newintf($_POST['nodeShortTitle']); global $newIntfId; $nodeShortTitleIntfId = $newIntfId; newintf($_POST['nodeTitle']); global $newIntfId; $nodeTitleIntfId = $newIntfId; newintf($_POST['nodeSource']); global $newIntfId; $nodeSourceIntfId = $newIntfId; newintf($_POST['nodeSortTitle']); global $newIntfId; $nodeSortTitleIntfId = $newIntfId; newintf($_POST['nodeDescription']); global $newIntfId; $nodeDescriptionIntfId = $newIntfId; newintf($_POST['nodeDisambiguationDescription']); global $newIntfId; $nodeDisambiguationDescriptionIntfId = $newIntfId; newintf($_POST['nodeComment']); global $newIntfId; $nodeCommentIntfId = $newIntfId; newintf($_POST['nodeShortDescription']); global $newIntfId; $nodeShortDescriptionIntfId = $newIntfId; $newNodeOwnerId = qry('user', 'user_id', 'user_name', mysql_real_escape_string($_POST['userName'])); $newNodeData = array("node_revision_type" => $_POST['nodeType'], "node_revision_display_title" => $nodeDisplayTitleIntfId, "node_revision_short_title" => $nodeShortTitleIntfId, "node_revision_title" => $nodeTitleIntfId, "node_revision_permissions" => $_POST['nodePermissions'], "node_revision_relationships" => $_POST['nodeRelationships'], "node_revision_source" => $nodeSourceIntfId, "node_revision_sort_title" => $nodeSortTitleIntfId, "node_revision_description" => $nodeDescriptionIntfId, "node_revision_disambiguation_description" => $nodeDisambiguationDescriptionIntfId, "node_revision_metadata" => $_POST['nodeMetadata'], "node_revision_comment" => $nodeCommentIntfId, "node_revision_short_description" => $nodeShortDescriptionIntfId, "node_revision_universe_status" => $_POST['nodeUniverseStatus'], "node_revision_owner" => $newNodeOwnerId, "node_revision_copyright_flag" => $_POST['nodeCopyrightFlag'], "node_revision_morality_flag" => $_POST['nodeMoralityFlag'], "node_revision_personal_flag" => $_POST['nodePersonalFlag'], "node_revision_data_id" => $addedDataId, "node_revision_node_id" => fv('nodeId'), "node_revision_minor_flag" => $_POST['nodeMinorFlag'], "node_revision_time" => getnow()); ins('node_revision', $newNodeData); $nodeRevisionAddedId = mysql_insert_id(); $nodeEditedId = fv('nodeId'); $user = new user(0, '', 0, fv('wvUserName'), 0, '', '', ''); $user->request_content('user_name', fv('wvUserName')); $newnodeeditids = $user->node_edit_ids . itr(1494) . $nodeRevisionAddedId; $user->set_variable('node_edit_ids', $newnodeeditids); return $nodeEditedId; }
function addLink($action, $options, $caption) { $lttemp = false; if (isset($_REQUEST["login"])) { if ($_REQUEST["login"] == "1") { $lttemp = true; } } if ($lttemp == true) { //Check that the user is properly logged in if ($this->checkLogin()) { $loginverifiedln = 1; $loginln = 1; } else { $loginverifiedln = 0; $this->fail("Login not verified: Password does not match stored check — Probably the password provided was incorrect."); $loginbl = 0; } if ($loginverifiedln == 1) { } else { $this->fail("Login error: could not authenticate."); $loginln = 0; } } else { $loginln = 0; } $localeid = fv('locale'); if ($loginln == 0) { if ($options == '') { $separator = ''; $options = $options . '&locale=' . $localeid; $options = str_replace('&&', '&', $options); } else { $separator = '&'; $options = $options . 'locale=' . $localeid; $options = str_replace('&&', '&', $options); } $linkGenerated = '<a href="ember.php?wintNeeded=emberWebView&wint=1&emAction=' . $action . $separator . $options . '">' . $caption . '</a>'; } else { if ($options == '') { $separator = ''; $options = $options . '&emSession=' . session_id() . '&locale=' . $localeid; $options = str_replace('&&', '&', $options . '&emSession=' . session_id()); } else { $separator = itr(41); $options = $options . '&locale=' . $localeid; $options = str_replace('&&', '&', $options); } $linkGenerated = str_replace('&&', '&', '<form action="ember.php" method="post"><input type="hidden" name="wint" value="1"><input type="hidden" name="wintNeeded" value="emberWebView"><input type="hidden" name="emAction" value="' . $action . str_replace('&', '"><input type="hidden" name="', str_replace('=', '" value="', $options)) . '"><input type="hidden" name="login" value="1"><button type="submit" class="t">' . $caption . '</button></form>'); } return $linkGenerated; }
/* PREFETCH PAGE PARAMETERS */ if (isset($_POST["login"])) { if ($_POST["login"] == "1") { global $login; //Check that the user is properly logged in $userPasswdMd5 = qry('user', 'user_password_md5', 'user_name', fv('wvUserName')); if (md5(fv('wvUserPassword')) == $userPasswdMd5) { $loginverified = 1; $login = 1; } else { $loginverified = 0; err(5); $login = 0; } if ($loginverified !== 1) { err(6); $login = 0; } } else { // itf(7); $login = 0; } } else { $login = 0; } //page title //Prepare data fv('nodeId'); $titleAttr = itr(21); /* END PAGE PARAMETERS */
<?php //DEFINE FUNCTIONS //Utility functions include 'd/r/wfs.utility.php'; //Database abstraction layer include 'd/r/wfs.dba.php'; //Get a parameter regardless of method include 'd/r/wf.fv.php'; //CDCE parser include 'd/r/wfs.dce.php'; //Define variables $wvActionId = qry('operation', 'operation_name', 'operation_id', fv('a')); $wvLocaleString = qry('locale', 'locale_suffix', 'locale_id', fv('locale')); //Page renderer functions include 'd/r/wfs.render.php'; //Error handling include 'd/r/wfs.errorhandling.php'; //Weave abstraction layer // structures include 'd/r/wfs.Weave_structures.php'; /* END FUNCTION DEFS */
$breadSeparator = itr(1135); if (!isset($nodeRevId)) { $nodeRevId = null; } if (!isset($disambigStr)) { $disambigStr = null; } $nodeBCTitle = $nodeId . itr(1150) . c(shorten(itr(qry('node_revision', 'node_revision_title', 'node_revision_id', $nodeRevId))) . $disambigStr); if (!strlen(fv('nodeId')) > 0) { $nodeNameTag = ""; } else { $nodeNameTag = itr(1136) . buildLink(6, '&nodeId=' . fv('nodeId') . '&', $nodeBCTitle); } if ($wvActionId == 'nodeView') { $actionlinkid = '19'; } else { $actionlinkid = fv('a'); } e(str_replace('&a=6&locale', '&a=19&locale', itr(1139) . buildLink(1, '', itr(1137)) . itr(1158) . $breadSeparator . itr(1158) . buildLink($actionlinkid, '', $wvActionDispName) . $nodeNameTag)); if (!isset($pageMenu)) { $pageMenu = null; } echo $pageMenu; itf(33); echo $pageTitle; itf(34); echo $pageBody; e(res('4.d2')); //Execute script //echo 'passed test'; /* END PAGE */