"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "src/class/wacko.php" between
wacko.6.1.18.zip and wacko.6.1.19.zip

About: WackoWiki is a multilingual Wiki-engine that supports WYTIWYG-editing, page rights (ACLs), design themes (skins), file upload, email notification and much more.

wacko.php  (wacko.6.1.18):wacko.php  (wacko.6.1.19)
<?php <?php
if (!defined('IN_WACKO')) if (!defined('IN_WACKO'))
{ {
exit; exit;
} }
// engine class // engine class
class Wacko class Wacko
{ {
public const EXT = [
'audio' => ['m4a', 'mp3', 'ogg', 'opus'],
'bitmap' => ['avif', 'gif', 'jpeg', 'jpe', 'jpg',
'jxl', 'png', 'webp'],
'drawing' => ['svg'],
'video' => ['mp4', 'ogv', 'webm'],
];
public const PATTERN = [
'USER_NAME' => '[\p{L}\p{Nd}\.\-]+',
'USER_NAME_P' => '\p{L}\p{Nd}\.\-',
'TAG' => '[\p{L}\p{M}\p{Nd}\.\-\/]',
'TAG_P' => '\p{L}\p{M}\p{Nd}\.\-\/',
'UPPER' => '[\p{Lu}]',
'UPPERNUM' => '[\p{Lu}\p{Nd}]',
'LOWER' => '[\p{Ll}\/]',
'ALPHA' => '[\p{L}\_\-\/]',
'ALPHANUM' => '[\p{L}\p{M}\p{Nd}\_\-\/]',
'ALPHANUM_P' => '\p{L}\p{M}\p{Nd}\_\-\/',
'AUDIO' => 'm4a|mp3|ogg|opus',
'BITMAP' => 'avif|gif|jp(?:eg|e|g)|jxl|png|svg|web
p',
'DRAWING' => 'svg',
'VIDEO' => 'mp4|ogv|webm',
];
private array $acl = []; private array $acl = [];
private array $acl_cache = []; private array $acl_cache = [];
private array $file_cache = []; private array $file_cache = [];
private array $page_cache = []; private array $page_cache = [];
private int $parent_size; private int $parent_size;
private array $rev_delta; private array $rev_delta;
private bool $format_safe = true; // for htmlspecia lchars() in pre_link private bool $format_safe = true; // for htmlspecia lchars() in pre_link
private array $search_engines = ['aport', 'archiver', 'baidu', 'bing', 'bot', 'crawl', 'duckduckgo', 'google', 'rambler', 'search', 'slurp', 'spider', 'yandex']; private array $search_engines = ['aport', 'archiver', 'baidu', 'bing', 'bot', 'crawl', 'duckduckgo', 'google', 'rambler', 'search', 'slurp', 'spider', 'yandex'];
public $charset; public $charset;
skipping to change at line 40 skipping to change at line 66
public bool $forum = false; public bool $forum = false;
public bool $canonical = false; public bool $canonical = false;
public bool $static_feed = false; // disables secti on edit link in post_wacko public bool $static_feed = false; // disables secti on edit link in post_wacko
public $categories; public $categories;
public $watch = []; public $watch = [];
public bool $is_watched = false; public bool $is_watched = false;
public bool $hide_revisions = false; public bool $hide_revisions = false;
public array $context = []; // page context, used for correct processing of inclusions public array $context = []; // page context, used for correct processing of inclusions
public $current_context = 0; // current contex t level public $current_context = 0; // current contex t level
public $header_count = 0; public $header_count = 0;
public $section_count = 0; public $section_count = 0;
public $section_tag = null;
public $comment_id = null; public $comment_id = null;
public bool $new_comment = false;
public string $page_meta = 'page_id, owner_id, user_id, ta g, created, modified, edit_note, minor_edit, latest, handler, comment_on_id, pag e_lang, title, keywords, description'; public string $page_meta = 'page_id, owner_id, user_id, ta g, created, modified, edit_note, minor_edit, latest, handler, comment_on_id, pag e_lang, title, keywords, description';
public array $first_inclusion = []; // for backlinks public array $first_inclusion = []; // for backlinks
public array $toc_context = []; public array $toc_context = [];
public $body_toc = null; public $body_toc = null;
public array $category_cache = []; public array $category_cache = [];
public array $owner_id_cache = []; public array $owner_id_cache = [];
public array $page_id_cache = []; public array $page_id_cache = [];
public array $page_tag_cache = []; public array $page_tag_cache = [];
public array $wanted_cache = []; public array $wanted_cache = [];
skipping to change at line 316 skipping to change at line 346
{ {
$allowed_list = $this->db->upload_allowed_exts; $allowed_list = $this->db->upload_allowed_exts;
$banned_list = $this->db->upload_banned_exts; $banned_list = $this->db->upload_banned_exts;
// get extension // get extension
$file_extension = pathinfo($file_name, PATHINFO_EXTENSION); $file_extension = pathinfo($file_name, PATHINFO_EXTENSION);
// check against disallowed files // check against disallowed files
if (!Ut::is_blank($banned_list)) if (!Ut::is_blank($banned_list))
{ {
$banned_exts = explode('|', $banned_list); $banned_exts = $this->get_filetype_list($banned_list);
foreach ($banned_exts as $extension) foreach ($banned_exts as $extension)
{ {
if (0 == strcasecmp($extension, $file_extension)) if (0 == strcasecmp($extension, $file_extension))
{ {
return false; return false;
} }
} }
} }
// if the allowed list is not populated then the file must be all owed // if the allowed list is not populated then the file must be all owed
if (Ut::is_blank($allowed_list)) if (Ut::is_blank($allowed_list))
{ {
return true; return true;
} }
// check against allowed files // check against allowed files
$allowed_exts = explode('|', $allowed_list); $allowed_exts = $this->get_filetype_list($allowed_list);
foreach ($allowed_exts as $extension) foreach ($allowed_exts as $extension)
{ {
if (0 == strcasecmp($extension, $file_extension)) if (0 == strcasecmp($extension, $file_extension))
{ {
return true; return true;
} }
} }
return false; return false;
} }
function get_filetype_list($filetyp_string)
{
return array_map(
function($types) {
return strtolower(trim($types));
},
explode(',', $filetyp_string));
}
function get_extensions_from_mime_type($mime): array
{
$mime = strtolower($mime);
$exts = $this->http->mime_types();
foreach($exts as $ext => $type)
{
if ($type == $mime)
{
$_exts[] = $ext;
}
}
return $_exts ?? [];
}
/**
* Checks if the MIME type of the uploaded file matches the file extensio
n.
*
* @param string $mime The MIME type of the uploaded fil
e
* @param string $extension The filename extension that the f
ile is to be served with
*
* @return bool
*/
function verify_extension($mime, $extension): ?bool
{
$exts = $this->get_extensions_from_mime_type($mime);
if (!$exts)
{
return null; // unknown MIME type
}
return in_array(strtolower($extension), $exts);
}
/**
* Checks if the file type is part of MIME map.
*
* @param string $extension
*
* @return bool
*/
function validate_extension($extension): bool
{
$exts = array_keys($this->http->mime_types());
if (in_array($extension, $exts))
{
return true;
}
return false; // unknown file type
}
function get_max_upload_size()
{
return min(
$this->db->upload_max_size,
Ut::shorthand_to_int(ini_get('upload_max_filesize')),
Ut::shorthand_to_int(ini_get('post_max_size'))
);
}
function upload_quota($user_id = null) function upload_quota($user_id = null)
{ {
// get used upload quota // get used upload quota
$files = $this->db->load_single( $files = $this->db->load_single(
"SELECT SUM(file_size) AS used_quota " . "SELECT SUM(file_size) AS used_quota " .
"FROM " . $this->prefix . "file " . "FROM " . $this->prefix . "file " .
($user_id ($user_id
? "WHERE user_id = " . (int) $user_id . " " ? "WHERE user_id = " . (int) $user_id . " "
: "") . : "") .
"LIMIT 1"); "LIMIT 1");
skipping to change at line 565 skipping to change at line 668
// substitutes $this->user_lang in _t() function // substitutes $this->user_lang in _t() function
$this->notify_lang = $get_translation ? $lang : null; $this->notify_lang = $get_translation ? $lang : null;
return $old_lang; return $old_lang;
} }
/** /**
* loads translation files * loads translation files
* *
* 1. lang/wacko.xy.php * 1. lang/wacko.<lang>.php
* 2. lang/wacko.all.php * 2. lang/wacko.all.php
* 3. lang/custom.xy.php * 3. lang/custom.<lang>.php
* 4. admin/lang/ap.xy.php * 4. admin/lang/ap.<lang>.php
* 5. theme/lang/xyz/wacko.xy.php * 5. theme/<theme>/lang/wacko.<lang>.php
* 6. theme/lang/xyz/wacko.all.php * 6. theme/<theme>/lang/wacko.all.php
* *
* @param string $lang * @param string $lang
* @param bool $update * @param bool $update
* *
* @return void * @return void
*/ */
function load_translation($lang, $update = false): void function load_translation($lang, $update = false): void
{ {
if ($lang && (!isset($this->translations[$lang]) || $update)) if ($lang && (!isset($this->translations[$lang]) || $update))
{ {
// 1. wacko.xy.php $wacko_translation[] // 1. wacko.<lang>.php $wacko_translation[]
$wacko_translation = []; $wacko_translation = [];
$lang_file = Ut::join_path(LANG_DIR, 'wacko.' . $lang . ' .php'); $lang_file = Ut::join_path(LANG_DIR, 'wacko.' . $lang . ' .php');
if (@file_exists($lang_file)) if (@file_exists($lang_file))
{ {
include $lang_file; include $lang_file;
} }
// 2. wacko.all.php $wacko_all_resource[] // 2. wacko.all.php $wacko_all_resource[]
if (!isset($this->translations['all'])) if (!isset($this->translations['all']))
skipping to change at line 606 skipping to change at line 709
if (@file_exists($lang_file)) if (@file_exists($lang_file))
{ {
include $lang_file; include $lang_file;
} }
// stored in object required for merge with all l anguage files, // stored in object required for merge with all l anguage files,
// but not with multi-languages off // but not with multi-languages off
$this->translations['all'] = & $wacko_all_resourc e; $this->translations['all'] = & $wacko_all_resourc e;
} }
// 3. custom.xy.php $custom_translation[] // 3. custom.<lang>.php $custom_translation[]
$custom_translation = []; $custom_translation = [];
$lang_file = Ut::join_path(LANG_DIR, 'custom.' . $lang . '.php'); $lang_file = Ut::join_path(LANG_DIR, 'custom.' . $lang . '.php');
if (@file_exists($lang_file)) if (@file_exists($lang_file))
{ {
include $lang_file; include $lang_file;
} }
$ap_translation = []; $ap_translation = [];
$theme_translation = []; $theme_translation = [];
$theme_translation0 = []; $theme_translation0 = [];
if ($this->db->ap_mode) if ($this->db->ap_mode)
{ {
// 4. ap.xy.php $ap_translation[] // 4. ap.<lang>.php $ap_translation[]
$lang_file = 'admin/lang/ap.' . $lang . '.php'; $lang_file = 'admin/lang/ap.' . $lang . '.php';
} }
else else
{ {
// 5. theme lang files $theme_translation[] // 5. theme lang files $theme_translation[]
$lang_file = Ut::join_path(THEME_DIR, $this->db-> theme, 'lang/wacko.' . $lang . '.php'); $lang_file = Ut::join_path(THEME_DIR, $this->db-> theme, 'lang/wacko.' . $lang . '.php');
if (@file_exists($lang_file)) if (@file_exists($lang_file))
{ {
include $lang_file; include $lang_file;
skipping to change at line 659 skipping to change at line 762
$custom_translation, $custom_translation,
$ap_translation, $ap_translation,
$theme_translation0, $theme_translation0,
$theme_translation); $theme_translation);
$this->load_lang($lang); $this->load_lang($lang);
} }
} }
/** /**
* Loads language file from lang/lang.<lang>.php. * Loads language scheme.
* *
* @param string $lang Language code * @param string $lang Language code
*/ */
function load_lang($lang): void function load_lang($lang): void
{ {
if ($lang && !isset($this->languages[$lang])) if ($lang && !isset($this->languages[$lang]))
{ {
$lang_file = Ut::join_path(LANG_DIR, 'lang.' . $lang . '. $scheme = [];
php'); $scheme = $this->
$wacko_language = []; translations[$lang]['lang_scheme'];
require $lang_file; $scheme['LANG'] = $lang;
$wacko_language['LANG'] = $lang;
$wacko_language['USER_NAME'] = '[\p{L}\p{Nd}\.\-]+';
$wacko_language['USER_NAME_P'] = '\p{L}\p{Nd}\.\-';
$wacko_language['TAG'] = '[\p{L}\p{M}\p{
Nd}\.\-\/]';
$wacko_language['TAG_P'] = '\p{L}\p{M}\p{N
d}\.\-\/';
$wacko_language['UPPER'] = '[\p{Lu}]';
$wacko_language['UPPERNUM'] = '[\p{Lu}\p{Nd}]
';
$wacko_language['LOWER'] = '[\p{Ll}\/]';
$wacko_language['ALPHA'] = '[\p{L}\_\-\/]'
;
$wacko_language['ALPHANUM'] = '[\p{L}\p{M}\p{
Nd}\_\-\/]';
$wacko_language['ALPHANUM_P'] = '\p{L}\p{M}\p{Nd}\_\-\/
';
$this->languages[$lang] = $wacko_language ; $this->languages[$lang] = $scheme;
} }
} }
function known_language($lang, $subset = true): bool function known_language($lang, $subset = true): bool
{ {
return array_key_exists($lang, $this->http->available_languages($ subset)); return array_key_exists($lang, $this->http->available_languages($ subset));
} }
function validate_language($lang, $subset = true): string function validate_language($lang, $subset = true): string
{ {
skipping to change at line 954 skipping to change at line 1042
{ {
$what_p = 'p.*, u.user_name, o.user_name AS owner_name'; $what_p = 'p.*, u.user_name, o.user_name AS owner_name';
$what_r = 'p.page_id, p.owner_id, p.user_id , p.tag, p.title, p.created, p.modified, p.version_id, ' . $what_r = 'p.page_id, p.owner_id, p.user_id , p.tag, p.title, p.created, p.modified, p.version_id, ' .
'p.body, p.body_r, p.form atting, p.edit_note, p.minor_edit, p.page_size, p.reviewed, p.reviewed_time, ' . 'p.body, p.body_r, p.form atting, p.edit_note, p.minor_edit, p.page_size, p.reviewed, p.reviewed_time, ' .
'p.reviewer_id, p.ip, p.l atest, p.deleted, p.handler, p.comment_on_id, p.page_lang, ' . 'p.reviewer_id, p.ip, p.l atest, p.deleted, p.handler, p.comment_on_id, p.page_lang, ' .
'p.description, p.keyword s, s.revisions , s.footer_comments, s.footer_files, s.hide_toc, ' . 'p.description, p.keyword s, s.revisions , s.footer_comments, s.footer_files, s.hide_toc, ' .
's.hide_index, s.tree_lev el, s.allow_rawhtml, s.disable_safehtml, s.typografica, s.noindex, s.theme, ' . 's.hide_index, s.tree_lev el, s.allow_rawhtml, s.disable_safehtml, s.typografica, s.noindex, s.theme, ' .
'u.user_name, o.user_name AS owner_name'; 'u.user_name, o.user_name AS owner_name';
} }
if ($page_id || !preg_match('/[^' . $this->lang['TAG_P'] . ']/u', $tag)) if ($page_id || !preg_match('/[^' . self::PATTERN['TAG_P' ] . ']/u', $tag))
{ {
$page = $this->db->load_single( $page = $this->db->load_single(
"SELECT " . $what_p . " " . "SELECT " . $what_p . " " .
"FROM " . $this->prefix . "page p " . "FROM " . $this->prefix . "page p " .
"LEFT JOIN " . $this->prefix . "u ser o ON (p.owner_id = o.user_id) " . "LEFT JOIN " . $this->prefix . "u ser o ON (p.owner_id = o.user_id) " .
"LEFT JOIN " . $this->prefix . "u ser u ON (p.user_id = u.user_id) " . "LEFT JOIN " . $this->prefix . "u ser u ON (p.user_id = u.user_id) " .
"WHERE " . "WHERE " .
($page_id ($page_id
? "page_id = " . (int) $ page_id . " " ? "page_id = " . (int) $ page_id . " "
: "tag = " . $this->db->q ($tag) . " ") . : "tag = " . $this->db->q ($tag) . " ") .
skipping to change at line 1739 skipping to change at line 1827
* @param bool $cache * @param bool $cache
*/ */
function preload_categories($object_ids, $type_id = OBJECT_PAGE, $cache = true): void function preload_categories($object_ids, $type_id = OBJECT_PAGE, $cache = true): void
{ {
if (empty($object_ids)) if (empty($object_ids))
{ {
return; return;
} }
$cache_ids = []; $cache_ids = [];
sort($object_ids);
if ($categories = $this->db->load_all( if ($categories = $this->db->load_all(
"SELECT ca.object_id, ca.object_type_id, c.category_id, c .category, c.category_lang " . "SELECT ca.object_id, ca.object_type_id, c.category_id, c .category, c.category_lang " .
"FROM " . $this->prefix . "category c " . "FROM " . $this->prefix . "category c " .
"INNER JOIN " . $this->prefix . "category_assignm ent ca ON (c.category_id = ca.category_id) " . "INNER JOIN " . $this->prefix . "category_assignm ent ca ON (c.category_id = ca.category_id) " .
"WHERE ca.object_id IN (" . $this->ids_string($object_ids ) . ") " . "WHERE ca.object_id IN (" . $this->ids_string($object_ids ) . ") " .
($type_id ($type_id
? "AND ca.object_type_id = " . (int) $type_id . " " ? "AND ca.object_type_id = " . (int) $type_id . " "
: "AND ca.object_type_id = " . (int) $type_id . " " ) // TODO: explode array IN : "AND ca.object_type_id = " . (int) $type_id . " " ) // TODO: explode array IN
, $cache)) , $cache))
skipping to change at line 3212 skipping to change at line 3301
* @param string $tag Page tag * @param string $tag Page tag
* *
* @return string * @return string
*/ */
function underscore_url($tag): ?string function underscore_url($tag): ?string
{ {
// TODO: - is now allowed in tags, but we do not want Wiki-_Word // TODO: - is now allowed in tags, but we do not want Wiki-_Word
if ($this->db->urls_underscores) if ($this->db->urls_underscores)
{ {
$patterns =[ $patterns =[
['(' . $this->lang['ALPHANUM'] . ')(' . $this->la ['(' . self::PATTERN['ALPHANUM'] . ')(' . self::P
ng['UPPERNUM'] . ')', ATTERN['UPPERNUM'] . ')',
'\\1¶\\2'], '\\1¶\\2'],
['(' . $this->lang['UPPERNUM'] . ')(' . $this->la ['(' . self::PATTERN['UPPERNUM'] . ')(' . self::P
ng['UPPERNUM'] . ')', ATTERN['UPPERNUM'] . ')',
'\\1¶\\2'], '\\1¶\\2'],
['(' . $this->lang['UPPER'] . ')¶(?=' . $this->la ['(' . self::PATTERN['UPPER'] . ')¶(?=' . self::P
ng['UPPER'] . '¶' . $this->lang['UPPERNUM'] . ')', '\\1'], ATTERN['UPPER'] . '¶' . self::PATTERN['UPPERNUM'] . ')', '\\1'],
['(' . $this->lang['UPPER'] . ')¶(?=' . $this->la ['(' . self::PATTERN['UPPER'] . ')¶(?=' . self::P
ng['UPPER'] . '¶\/)', ATTERN['UPPER'] . '¶\/)',
'\\1'], '\\1'],
['(' . $this->lang['UPPERNUM'] . ')¶(' . $this->l ['(' . self::PATTERN['UPPERNUM'] . ')¶(' . self::
ang['UPPERNUM'] . ')($|\b)', ' PATTERN['UPPERNUM'] . ')($|\b)',
\\1\\2'], '\\1\\2'],
['\/¶(' . $this->lang['UPPERNUM'] . ')', ['\/¶(' . self::PATTERN['UPPERNUM'] . ')',
'/\\1'], '/\\1'],
['¶', '_'], ['¶', '_'],
]; ];
foreach ($patterns as $pattern) foreach ($patterns as $pattern)
{ {
$tag = preg_replace('/' . $pattern[0] . '/u', $pa ttern[1], $tag); $tag = preg_replace('/' . $pattern[0] . '/u', $pa ttern[1], $tag);
} }
} }
return $tag; return $tag;
skipping to change at line 3419 skipping to change at line 3508
* *
* @param string $tag Link * @param string $tag Link
* @param string $text Link text * @param string $text Link text
* @param bool $track Track this link. Optional, defaul t is TRUE * @param bool $track Track this link. Optional, defaul t is TRUE
* @param int $media_url * @param int $media_url
* *
* @return string Wrapped link * @return string Wrapped link
*/ */
function pre_link($tag, $text = '', $track = true, $media_url = 0): strin g function pre_link($tag, $text = '', $track = true, $media_url = 0): strin g
{ {
if (preg_match('/^[\!\.' . $this->lang['ALPHANUM_P'] . ']+$/u', $ tag)) if (preg_match('/^[\!\.' . self::PATTERN['ALPHANUM_P'] . ']+$/u', $tag))
{ {
if ($track && $this->link_tracking()) if ($track && $this->link_tracking())
{ {
// it's a Wiki link! // it's a Wiki link!
$this->track_link($this->unwrap_link($tag), LINK_ PAGE); $this->track_link($this->unwrap_link($tag), LINK_ PAGE);
} }
} }
$text = str_replace('%20', ' ', $text); $text = str_replace('%20', ' ', $text);
$tag = str_replace(' ', '%20', $tag); $tag = str_replace(' ', '%20', $tag);
skipping to change at line 3511 skipping to change at line 3600
$track = $this->link_tracking(); $track = $this->link_tracking();
} }
if (!$safe) if (!$safe)
{ {
$text = htmlspecialchars($text, ENT_NOQUOTES, HTML_ENTI TIES_CHARSET); $text = htmlspecialchars($text, ENT_NOQUOTES, HTML_ENTI TIES_CHARSET);
$title = htmlspecialchars($title, ENT_NOQUOTES, HTML_ENT ITIES_CHARSET); $title = htmlspecialchars($title, ENT_NOQUOTES, HTML_ENT ITIES_CHARSET);
} }
// external media file // external media file
if (preg_match('/^(http|https|ftp):\/\/([^\\s\"<>]+)\.((m4a|mp3|o gg|opus)|(avif|gif|jpg|jpe|jpeg|jxl|png|svg|webp)|(mp4|ogv|webm))$/ui', preg_rep lace('/<\/?nobr>/u', '', $text), $matches)) if (preg_match('/^(http|https|ftp):\/\/([^\\s\"<>]+)\.((' . self: :PATTERN['AUDIO'] . ')|(' . self::PATTERN['BITMAP'] . '|' . self::PATTERN['DRAWI NG'] . ')|(' . self::PATTERN['VIDEO'] . '))$/ui', preg_replace('/<\/?nobr>/u', ' ', $text), $matches))
{ {
// remove typografica glue // remove typografica glue
$link = $text = preg_replace('/(<|\&lt\;)\/?span( class\= \"nobr\")?(>|\&gt\;)/u', '', $text); $link = $text = preg_replace('/(<|\&lt\;)\/?span( class\= \"nobr\")?(>|\&gt\;)/u', '', $text);
// audio // audio
if ($matches[4]) if ($matches[4])
{ {
$audio_link = $link; $audio_link = $link;
} }
// image // image
skipping to change at line 3572 skipping to change at line 3661
$class = ''; $class = '';
$tpl = 'jabber'; $tpl = 'jabber';
} }
// HTML anchor #... // HTML anchor #...
else if (str_starts_with($tag, '#')) else if (str_starts_with($tag, '#'))
{ {
$href = $tag; $href = $tag;
$tpl = 'anchor'; $tpl = 'anchor';
} }
// external image // external image
else if (preg_match('/^(http|https|ftp|file):\/\/([^\\s\"<>]+)\.( avif|gif|jpg|jpe|jpeg|jxl|png|svg|webp)$/ui', $tag)) else if (preg_match('/^(http|https|ftp|file):\/\/([^\\s\"<>]+)\.( ' . self::PATTERN['BITMAP'] . '|' . self::PATTERN['DRAWING'] . ')$/ui', $tag))
{ {
// remove typografica glue // remove typografica glue
$text = preg_replace('/(<|\&lt\;)\/?span( class\=\"nobr \")?(>|\&gt\;)/u', '', $text); $text = preg_replace('/(<|\&lt\;)\/?span( class\=\"nobr \")?(>|\&gt\;)/u', '', $text);
if ($text == $tag || (!$text && ($scale || $media_class)) ) if ($text == $tag || (!$text && ($scale || $media_class)) )
{ {
return $this->image_link(str_replace('&', '&amp;' , str_replace('&amp;', '&', $tag)), $media_class, null, $text, $text, $scale); return $this->image_link(str_replace('&', '&amp;' , str_replace('&amp;', '&', $tag)), $media_class, null, $text, $text, $scale);
} }
else else
{ {
skipping to change at line 3661 skipping to change at line 3750
// tracking file link // tracking file link
if ($track && isset($file_data['file_id'] )) if ($track && isset($file_data['file_id'] ))
{ {
$this->track_link($file_data['fil e_id'], LINK_FILE); $this->track_link($file_data['fil e_id'], LINK_FILE);
} }
} }
} }
else else
{ {
// 2a -> file:some.zip (local relative) // 2a -> file:some.zip (
// 2b -> file:/cluster/some.zip (local absolute) local relative)
// 2b -> file:/cluster/some.zip (local ab
solute)
$local_file = $file_array; $local_file = $file_array;
$_global = false; $_global = false;
$file_name = $local_file[count($local_file) - 1]; $file_name = $local_file[count($local_file) - 1];
unset($local_file[count($local_file) - 1]); unset($local_file[count($local_file) - 1]);
$_page_tag = implode('/', $local_file); $_page_tag = implode('/', $local_file);
if ($_page_tag == '') if ($_page_tag == '')
{ {
$_page_tag = '!/'; $_page_tag = '!/';
skipping to change at line 3725 skipping to change at line 3814
$title = Ut::html($file_data['fi le_description']) . ' (' . $this->binary_multiples($file_data['file_size'], fals e, true, true) . ')'; $title = Ut::html($file_data['fi le_description']) . ' (' . $this->binary_multiples($file_data['file_size'], fals e, true, true) . ')';
$alt = Ut::html($file_data['fi le_description']); $alt = Ut::html($file_data['fi le_description']);
$src = ''; $src = '';
$width = ''; $width = '';
$height = ''; $height = '';
$img_link = false; $img_link = false;
$icon = $this->_t('Icon.Outer') ; $icon = $this->_t('Icon.Outer') ;
$tpl = 'localfile'; $tpl = 'localfile';
// media it is // media it is
if ((in_array($file_data['file_ext'], ['m p4', 'ogv', 'webm', 'm4a', 'mp3', 'ogg', 'opus', 'avif', 'gif', 'jpg', 'jpe', 'j peg', 'jxl', 'png', 'svg', 'webp'])) && !$noimg) if (in_array($file_data['file_ext'], arra y_merge(self::EXT['audio'], self::EXT['bitmap'], self::EXT['drawing'], self::EXT ['video'])) && !$noimg)
{ {
if ($file_data['file_ext'] == 'sv g') if ($file_data['file_ext'] == 'sv g')
{ {
if ($param['width']) if ($param['width'])
{ {
$scale = ' width ="' . $param['width'] . '"'; $scale = ' width ="' . $param['width'] . '"';
} }
else else
{ {
$scale = ''; $scale = '';
skipping to change at line 3758 skipping to change at line 3847
$param['height'] = round(($param['width'] * $file_data['picture_h']) / $file_data['picture_w']); $param['height'] = round(($param['width'] * $file_data['picture_h']) / $file_data['picture_w']);
} }
if ($file_data['picture_w ']) if ($file_data['picture_w '])
{ {
// takes user pro vided values else original size // takes user pro vided values else original size
$width = $param[ 'width'] ?? $file_data['picture_w']; $width = $param[ 'width'] ?? $file_data['picture_w'];
$height = $param[ 'height'] ?? $file_data['picture_h']; $height = $param[ 'height'] ?? $file_data['picture_h'];
} }
if(in_array($file_data['f ile_ext'], ['mp4', 'ogv', 'webm'])) if (in_array($file_data[' file_ext'], self::EXT['video']))
{ {
$width = $param[ 'width'] ?? 800; // default width $width = $param[ 'width'] ?? 800; // default width
$height = 0; $height = 0;
} }
$scale = ' width="' . $w idth . '" height="' . $height . '"'; $scale = ' width="' . $w idth . '" height="' . $height . '"';
} }
// show image // show image
if(!$text) if(!$text)
skipping to change at line 3810 skipping to change at line 3899
} }
if($src && !$text) if($src && !$text)
{ {
$media_class = 'm edia-' . $param['align']; $media_class = 'm edia-' . $param['align'];
if ($file_data['p icture_w'] || $file_data['file_ext'] == 'svg') if ($file_data['p icture_w'] || $file_data['file_ext'] == 'svg')
{ {
$text = $this->image_link($src, $media_class, $aname, $title, $alt, $scale); $text = $this->image_link($src, $media_class, $aname, $title, $alt, $scale);
} }
else if (in_array ($file_data['file_ext'], ['mp4', 'ogv', 'webm'])) else if (in_array ($file_data['file_ext'], self::EXT['video']))
{ {
$tpl = ''; $tpl = '';
$text = $this->video_link($src, $media_class, $aname, $title, $scale); $text = $this->video_link($src, $media_class, $aname, $title, $scale);
} }
else if (in_array ($file_data['file_ext'], ['m4a' , 'mp3', 'ogg', 'opus'])) else if (in_array ($file_data['file_ext'], self::EXT['audio']))
{ {
$tpl = ''; $tpl = '';
$text = $this->audio_link($src, $media_class, $aname, $title); $text = $this->audio_link($src, $media_class, $aname, $title);
} }
// add clearfix // add clearfix
// l ink -> <a class="... clearfix" ...><img ...></a> // l ink -> <a class="... clearfix" ...><img ...></a>
// n olink -> <span class="clearfix"><img ...></span> // n olink -> <span class="clearfix"><img ...></span>
// c aption -> </figure><span class="clearfix"></span> // c aption -> </figure><span class="clearfix"></span>
if ($param['clear ']) if ($param['clear '])
skipping to change at line 3896 skipping to change at line 3985
} }
else else
{ {
$title = '404: /' . utf8_trim($page_tag, '/') . '/file' . ($this->db->rewrite_mode ? '?' : '&amp;') . 'get=' . $file_nam e; $title = '404: /' . utf8_trim($page_tag, '/') . '/file' . ($this->db->rewrite_mode ? '?' : '&amp;') . 'get=' . $file_nam e;
} }
} //forgot 'bout 403 } //forgot 'bout 403
unset($file_data); unset($file_data);
} }
// user link -> user:UserName // user link -> user:UserName
else if (preg_match('/^(user):(' . $this->lang['USER_NAME'] . ')? $/u', $tag, $matches)) else if (preg_match('/^(user):(' . self::PATTERN['USER_NAME'] . ' )?$/u', $tag, $matches))
{ {
$parts = explode('/', $matches[2]); $parts = explode('/', $matches[2]);
for ($i = 0; $i < count($parts); $i++) for ($i = 0; $i < count($parts); $i++)
{ {
$parts[$i] = str_replace('%23', '#', $parts[$i]); $parts[$i] = str_replace('%23', '#', $parts[$i]);
} }
$href = $this->href('', $this->db->users_page . '/', [' profile' => implode('/', $parts)]); $href = $this->href('', $this->db->users_page . '/', [' profile' => implode('/', $parts)]);
$class = 'user-link'; $class = 'user-link';
$icon = $this->_t('Icon.Outer'); $icon = $this->_t('Icon.Outer');
$tpl = 'userlink'; $tpl = 'userlink';
} }
// group link -> group:UserGroup // group link -> group:UserGroup
else if (preg_match('/^(group):(' . $this->lang['USER_NAME'] . ') ?$/u', $tag, $matches)) else if (preg_match('/^(group):(' . self::PATTERN['USER_NAME'] . ')?$/u', $tag, $matches))
{ {
$parts = explode('/', $matches[2]); $parts = explode('/', $matches[2]);
for ($i = 0; $i < count($parts); $i++) for ($i = 0; $i < count($parts); $i++)
{ {
$parts[$i] = str_replace('%23', '#', $parts[$i]); $parts[$i] = str_replace('%23', '#', $parts[$i]);
} }
$href = $this->href('', $this->db->groups_page . '/', [ 'profile' => implode('/', $parts)]); $href = $this->href('', $this->db->groups_page . '/', [ 'profile' => implode('/', $parts)]);
$class = 'group-link'; $class = 'group-link';
$icon = $this->_t('Icon.Outer'); $icon = $this->_t('Icon.Outer');
$tpl = 'grouplink'; $tpl = 'grouplink';
} }
// interwiki -> wiki:page // interwiki -> wiki:page
else if (preg_match('/^([[:alnum:]]+):([' . $this->lang['ALPHANUM _P'] . '\(\)\.\+\&\=\#]*)$/u', $tag, $matches)) else if (preg_match('/^([[:alnum:]]+):([' . self::PATTERN['ALPHAN UM_P'] . '\(\)\.\+\&\=\#]*)$/u', $tag, $matches))
{ {
$parts = explode('/', $matches[2]); $parts = explode('/', $matches[2]);
for ($i = 0; $i < count($parts); $i++) for ($i = 0; $i < count($parts); $i++)
{ {
$parts[$i] = str_replace('%23', '#', rawurlencode ($parts[$i])); $parts[$i] = str_replace('%23', '#', rawurlencode ($parts[$i]));
} }
$href = $this->get_inter_wiki_url($matches[1], implode( '/', $parts)); $href = $this->get_inter_wiki_url($matches[1], implode( '/', $parts));
$class = 'iw-' . mb_strtolower($matches[1]); $class = 'iw-' . mb_strtolower($matches[1]);
$icon = $this->_t('Icon.Outer'); $icon = $this->_t('Icon.Outer');
$tpl = 'interwiki'; $tpl = 'interwiki';
} }
// wiki link // wiki link
else if (preg_match('/^([\!\.' . $this->lang['ALPHANUM_P'] . ']+) (\#[' . $this->lang['ALPHANUM_P'] . ']+)?$/u', $tag, $matches)) else if (preg_match('/^([\!\.' . self::PATTERN['ALPHANUM_P'] . '] +)(\#[' . self::PATTERN['ALPHANUM_P'] . ']+)?$/u', $tag, $matches))
{ {
$aname = ''; $aname = '';
$match = ''; $match = '';
$tag = $matches[1]; $tag = $matches[1];
$untag = $unwtag = $this->unwrap_l ink($tag); $untag = $unwtag = $this->unwrap_l ink($tag);
$regex_handlers = '/^(.*?)\/(' . $this->db->standard_hand lers . ')\/(.*)$/ui'; $regex_handlers = '/^(.*?)\/(' . $this->db->standard_hand lers . ')\/(.*)$/ui';
$ptag = $unwtag; $ptag = $unwtag;
$handler = null; $handler = null;
skipping to change at line 4446 skipping to change at line 4535
$text = $this->_t('Icon.UpLink') . mb_substr($tex t, 3); $text = $this->_t('Icon.UpLink') . mb_substr($tex t, 3);
} }
} }
return $text; return $text;
} }
function add_nbsps($text): string function add_nbsps($text): string
{ {
$patterns =[ $patterns =[
['(' . $this->lang['ALPHANUM'] . ')(' . $this->lang['UPPE ['(' . self::PATTERN['ALPHANUM'] . ')(' . self::PATTERN['
RNUM'] . ')', UPPERNUM'] . ')',
'\\1' . NBSP . '\\2'], '\\1' . NBSP . '\\2'],
['(' . $this->lang['UPPERNUM'] . ')(' . $this->lang['UPPE ['(' . self::PATTERN['UPPERNUM'] . ')(' . self::PATTERN['
RNUM'] . ')', UPPERNUM'] . ')',
'\\1' . NBSP . '\\2'], '\\1' . NBSP . '\\2'],
['(' . $this->lang['ALPHANUM'] . ')\/', ['(' . self::PATTERN['ALPHANUM'] . ')\/',
'\\1' . NBSP . '/'], '\\1' . NBSP . '/
['(' . $this->lang['UPPER'] . ')' . NBSP . '(?=' . $this- '],
>lang['UPPER'] . NBSP . $this->lang['UPPERNUM'] . ')', '\\1'], ['(' . self::PATTERN['UPPER'] . ')' . NBSP . '(?=' . self
['(' . $this->lang['UPPER'] . ')' . NBSP . '(?=' . $this- ::PATTERN['UPPER'] . NBSP . self::PATTERN['UPPERNUM'] . ')', '\\1'],
>lang['UPPER'] . NBSP . '\/)', ['(' . self::PATTERN['UPPER'] . ')' . NBSP . '(?=' . self
'\\1'], ::PATTERN['UPPER'] . NBSP . '\/)',
['\/(' . $this->lang['ALPHANUM'] . ')', '\\1'],
['\/(' . self::PATTERN['ALPHANUM'] . ')',
'\\1'],
['(' . $this->lang['UPPERNUM'] . ')' . NBSP . '(' . $this '\\1'],
->lang['UPPERNUM'] . ')($|\b)', ['(' . self::PATTERN['UPPERNUM'] . ')' . NBSP . '(' . sel
'\\1\\2'], f::PATTERN['UPPERNUM'] . ')($|\b)',
['(\d)(' . $this->lang['ALPHA'] . ')', '\\1\\2'],
['(\d)(' . self::PATTERN['ALPHA'] . ')',
'\\2'],
['(' . $this->lang['ALPHA'] . ')(\d)', '\\2'],
['(' . self::PATTERN['ALPHA'] . ')(\d)',
'\\2'],
'\\2'],
# ['(\d)' . NBSP . '(?=\d)', '\\1'], # ['(\d)' . NBSP . '(?=\d)', '\\1'],
['(\d)' . NBSP . '(?!' . $this->lang['ALPHA'] . ')', '\\1'], ['(\d)' . NBSP . '(?!' . self::PATTERN['ALPHA'] . ')', '\\1'],
]; ];
foreach ($patterns as $pattern) foreach ($patterns as $pattern)
{ {
$text = preg_replace('/' . $pattern[0] . '/u', $pattern[1 ], $text); $text = preg_replace('/' . $pattern[0] . '/u', $pattern[1 ], $text);
} }
return $text; return $text;
} }
skipping to change at line 4517 skipping to change at line 4606
{ {
if (!$tag) if (!$tag)
{ {
return; return;
} }
// normalizing tag name // normalizing tag name
$tag = Ut::normalize($tag); $tag = Ut::normalize($tag);
// remove invalid characters // remove invalid characters
$tag = preg_replace('/[^' . $this->lang['TAG_P'] . ']/u', '', $ta g); $tag = preg_replace('/[^' . self::PATTERN['TAG_P'] . ']/u', '', $ tag);
// remove starting/trailing slashes, spaces, and minimize multi-s lashes // remove starting/trailing slashes, spaces, and minimize multi-s lashes
$tag = preg_replace_callback('#^/+|/+$|(/{2,})|\s+#u', $tag = preg_replace_callback('#^/+|/+$|(/{2,})|\s+#u',
function ($x) function ($x)
{ {
return @$x[1]? '/' : ''; return @$x[1]? '/' : '';
}, $tag); }, $tag);
// allow full stop and hyphen-minus as part of the page tag, // allow full stop and hyphen-minus as part of the page tag,
// but ONLY as single character AND only between alphanumeric cha racters // but ONLY as single character AND only between alphanumeric cha racters
skipping to change at line 4561 skipping to change at line 4650
$tag = implode('/', $cluster); $tag = implode('/', $cluster);
} }
// returns error text, or null on OK // returns error text, or null on OK
// if old_tag specified - check also for already-namedness & already-exis tence // if old_tag specified - check also for already-namedness & already-exis tence
function sanitize_new_page_tag(&$tag, $old_tag = false): ?string function sanitize_new_page_tag(&$tag, $old_tag = false): ?string
{ {
$this->sanitize_page_tag($tag); $this->sanitize_page_tag($tag);
// - / ' _ . // - / ' _ .
if (!preg_match('/^([' . $this->lang['TAG_P'] . ']+)$/u', $tag)) if (!preg_match('/^([' . self::PATTERN['TAG_P'] . ']+)$/u', $tag) )
{ {
return $this->_t('InvalidWikiName'); return $this->_t('InvalidWikiName');
} }
if ($result = $this->validate_reserved_words($tag)) if ($result = $this->validate_reserved_words($tag))
{ {
return Ut::perc_replace($this->_t('PageReservedWord'), '< code>' . $result .'</code>'); return Ut::perc_replace($this->_t('PageReservedWord'), '< code>' . $result .'</code>');
} }
if ($old_tag) if ($old_tag)
skipping to change at line 4626 skipping to change at line 4715
} }
else if (mb_strlen($user_name) < $this->db->username_chars_min) else if (mb_strlen($user_name) < $this->db->username_chars_min)
{ {
return Ut::perc_replace($this->_t('NameTooShort'), 0, $th is->db->username_chars_min) . ' '; return Ut::perc_replace($this->_t('NameTooShort'), 0, $th is->db->username_chars_min) . ' ';
} }
else if (mb_strlen($user_name) > $this->db->username_chars_max) else if (mb_strlen($user_name) > $this->db->username_chars_max)
{ {
return Ut::perc_replace($this->_t('NameTooLong'), 0, $thi s->db->username_chars_max) . ' '; return Ut::perc_replace($this->_t('NameTooLong'), 0, $thi s->db->username_chars_max) . ' ';
} }
// check if valid username (and disallow '/') // check if valid username (and disallow '/')
else if (!preg_match('/^(' . $this->lang['USER_NAME'] . ')$/u', $ user_name)) else if (!preg_match('/^(' . self::PATTERN['USER_NAME'] . ')$/u', $user_name))
{ {
return $this->_t('InvalidUserName') . ' '; return $this->_t('InvalidUserName') . ' ';
} }
// check if reserved word // check if reserved word
else if ($result = $this->validate_reserved_words($user_name)) else if ($result = $this->validate_reserved_words($user_name))
{ {
return Ut::perc_replace($this->_t('UserReservedWord'), '< code>' . $result . '</code>'); return Ut::perc_replace($this->_t('UserReservedWord'), '< code>' . $result . '</code>');
} }
// if username already exists // if username already exists
else if ($this->user_name_exists($user_name) && $create) else if ($this->user_name_exists($user_name) && $create)
skipping to change at line 4655 skipping to change at line 4744
/** /**
* Check if text is WikiName * Check if text is WikiName
* *
* @param string $text Tested text * @param string $text Tested text
* *
* @return bool * @return bool
*/ */
function is_wiki_name($text) function is_wiki_name($text)
{ {
return preg_match('/^' . $this->lang['UPPER'] . $this->lang['LOWE R'] . '+' . $this->lang['UPPERNUM'] . $this->lang['ALPHANUM'] . '*$/u', $text); return preg_match('/^' . self::PATTERN['UPPER'] . self::PATTERN[' LOWER'] . '+' . self::PATTERN['UPPERNUM'] . self::PATTERN['ALPHANUM'] . '*$/u', $text);
} }
// TRACK LINKS // TRACK LINKS
/** /**
* Link-tracking used to collect all links in processed text. * Link-tracking used to collect all links in processed text.
* *
* @param string $tag * @param string $tag
* @param int $link_type [LINK_PAGE|LINK_FILE] * @param int $link_type [LINK_PAGE|LINK_FILE]
* *
skipping to change at line 5422 skipping to change at line 5511
$body, $body,
$section_id, $section_id,
'replace', 'replace',
$new_section) $new_section)
); );
} }
// GROUPS // GROUPS
function load_usergroup($group_name, $group_id = 0) function load_usergroup($group_name, $group_id = 0)
{ {
$fiels_default = 'g.group_id, g.group_name, g.description, g.mod
erator_id, g.created, g.is_system, g.open, g.active, u.user_name AS moderator';
return $this->db->load_single( return $this->db->load_single(
"SELECT {$fiels_default} " . "SELECT g.group_id, g.group_name, g.description, g.modera tor_id, g.created, g.is_system, g.open, g.active, u.user_name AS moderator " .
"FROM " . $this->prefix . "usergroup g " . "FROM " . $this->prefix . "usergroup g " .
"LEFT JOIN " . $this->prefix . "user u ON (g.mode rator_id = u.user_id) " . "LEFT JOIN " . $this->prefix . "user u ON (g.mode rator_id = u.user_id) " .
"WHERE " . ( $group_id "WHERE " . ( $group_id
? "g.group_id = " . (int) $group_id . " " ? "g.group_id = " . (int) $group_id . " "
: "g.group_name = " . $this->db->q($group _name) . " ") . : "g.group_name = " . $this->db->q($group _name) . " ") .
"LIMIT 1"); "LIMIT 1");
} }
// USERS // USERS
// check whether defined username is already registered. // check whether defined username is already registered.
skipping to change at line 5675 skipping to change at line 5762
"WHERE " . "WHERE " .
"user_id = " . (int) $token['user _id'] . " " . "user_id = " . (int) $token['user _id'] . " " .
"LIMIT 1"); "LIMIT 1");
// re-create auth token on successful use, effect ively prolonging it expiration // re-create auth token on successful use, effect ively prolonging it expiration
$this->db->sql_query( $this->db->sql_query(
"DELETE "DELETE
FROM " . $this->prefix . "auth_token FROM " . $this->prefix . "auth_token
WHERE auth_token_id = " . (int) $token['a uth_token_id']); WHERE auth_token_id = " . (int) $token['a uth_token_id']);
if ($user = $this->load_user(0, $token['user_id'] )) if ($user = $this->load_user('', $token['user_id' ]))
{ {
$this->create_auth_token($user); $this->create_auth_token($user);
return $user; return $user;
} }
} }
// just purge stale auth token // just purge stale auth token
$this->sess->delete_cookie(AUTH_TOKEN); $this->sess->delete_cookie(AUTH_TOKEN);
} }
skipping to change at line 5997 skipping to change at line 6084
{ {
return (int) ($page['owner_id'] ?? null); return (int) ($page['owner_id'] ?? null);
} }
return null; return null;
} }
function set_page_owner($page_id, $user_id): void function set_page_owner($page_id, $user_id): void
{ {
// check if user exists // check if user exists
if (!$this->load_user(0, $user_id)) if (!$this->load_user('', $user_id))
{ {
return; return;
} }
// updated the latest revision with new owner // updated the latest revision with new owner
$this->db->sql_query( $this->db->sql_query(
"UPDATE " . $this->prefix . "page SET " . "UPDATE " . $this->prefix . "page SET " .
"owner_id = " . (int) $user_id . " " . "owner_id = " . (int) $user_id . " " .
"WHERE page_id = " . (int) $page_id . " " . "WHERE page_id = " . (int) $page_id . " " .
"LIMIT 1"); "LIMIT 1");
skipping to change at line 6034 skipping to change at line 6121
} }
// check for acl syntax errors // check for acl syntax errors
function validate_acl_syntax($list, $privilege): bool function validate_acl_syntax($list, $privilege): bool
{ {
$error = null; $error = null;
$lines = explode("\n", $list); $lines = explode("\n", $list);
foreach ($lines as $line) foreach ($lines as $line)
{ {
if (!( preg_match('/^([(\!)?' . $this->lang['USER_NAME_P' ] . ']*)$/u', $line) if (!( preg_match('/^([(\!)?' . self::PATTERN['USER_NAME_ P'] . ']*)$/u', $line)
|| preg_match('/^((\!)?[(\*|\$)])$/u', $line) )) || preg_match('/^((\!)?[(\*|\$)])$/u', $line) ))
{ {
$error .= '<code>' . $line . '</code><br>'; $error .= '<code>' . $line . '</code><br>';
} }
} }
if ($error) if ($error)
{ {
$this->set_message($this->_t('AclSyntaxError') . ': <code >' . $privilege . '</code><br>' . $error, 'error'); $this->set_message($this->_t('AclSyntaxError') . ': <code >' . $privilege . '</code><br>' . $error, 'error');
return false; return false;
skipping to change at line 6212 skipping to change at line 6299
foreach ($privileges as $privilege) foreach ($privileges as $privilege)
{ {
if (in_array($privilege, $default_privileges)) if (in_array($privilege, $default_privileges))
{ {
$q_privilege[] = $this->db->q($privilege ); $q_privilege[] = $this->db->q($privilege );
} }
} }
} }
$page_ids = array_unique($page_ids);
sort($page_ids); sort($page_ids);
if ($acls = $this->db->load_all( if ($acls = $this->db->load_all(
"SELECT page_id, privilege, list " . "SELECT page_id, privilege, list " .
"FROM " . $this->prefix . "acl " . "FROM " . $this->prefix . "acl " .
"WHERE page_id IN (" . $this->ids_string($page_ids) . ") " . "WHERE page_id IN (" . $this->ids_string($page_ids) . ") " .
($privileges ($privileges
? "AND privilege IN ( " . implode(", ", $ q_privilege) . " ) " ? "AND privilege IN ( " . implode(", ", $ q_privilege) . " ) "
: "") : "")
, true)) , true))
skipping to change at line 6543 skipping to change at line 6631
} }
while ($replaced > 0); while ($replaced > 0);
return $acl; return $acl;
} }
// check if user has the right to upload files // check if user has the right to upload files
function can_upload($global = false): bool function can_upload($global = false): bool
{ {
$user_name = GUEST;
$registered = false;
if ($this->get_user()) if ($this->get_user())
{ {
$user_name = mb_strtolower($this->get_user_n ame()); $user_name = mb_strtolower($this->get_user_n ame());
$registered = true; $registered = true;
} }
else
{
$user_name = GUEST;
$registered = false;
}
if ($registered) if ($registered)
{ {
if ($global) if ($global)
{ {
if ( $this->db->upload === true return
( $this->db->upload === true
|| $this->db->upload == 1 || $this->db->upload == 1
|| ($this->db->upload && $this->is_admin( ))
|| $this->check_acl($user_name, $this->db ->upload) || $this->check_acl($user_name, $this->db ->upload)
) );
{
return true;
}
else
{
return false;
}
} }
else else
{ {
if ( ( $this->db->upload === true return
|| $this->db->upload == 1 ( $this->db->upload === true
|| $this->check_acl($user_name, $ || $this->db->upload == 1
this->db->upload) ) || ($this->db->upload && $this->is_admin(
))
|| $this->check_acl($user_name, $this->db
->upload) )
&& ( $this->has_access('upload') && ( $this->has_access('upload')
&& $this->has_access('write') && $this->has_access('write')
&& $this->has_access('read') && $this->has_access('read')
|| $this->is_owner() || $this->is_owner()
|| $this->is_admin() ) || $this->is_admin() )
|| (isset($_POST['upload_to']) && || (isset($_POST['upload_to']) &&
$_POST['upload_to'] == 'global') // for action -> upload handler $_POST['upload_to'] == 'global' // for action -> upload handler
) );
{
return true;
}
else
{
return false;
}
} }
} }
else else
{ {
return false; return false;
} }
} }
function show_access_mode($page_id = null, $tag = '', $privilege = 'read '): string function show_access_mode($page_id = null, $tag = '', $privilege = 'read '): string
{ {
 End of changes. 49 change blocks. 
134 lines changed or deleted 212 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)