diff options
| author | lupo49 <post@lupo49.de> | 2011-11-12 16:22:44 +0100 |
|---|---|---|
| committer | lupo49 <post@lupo49.de> | 2011-11-12 16:22:44 +0100 |
| commit | fe9851b94f1bfe4014cf48043b4609def611a3ee (patch) | |
| tree | 2362c48e0526f2254bb80a70db107b3032736a80 /lib/exe | |
| parent | 1614eb9180008daaf518e6271b82222219efc008 (diff) | |
| parent | 2c961e6163b23ef3f1d93b1b0c23b214f3aeb358 (diff) | |
| download | rpg-fe9851b94f1bfe4014cf48043b4609def611a3ee.tar.gz rpg-fe9851b94f1bfe4014cf48043b4609def611a3ee.tar.bz2 | |
Merge remote branch 'upstream/master'
Diffstat (limited to 'lib/exe')
| -rw-r--r-- | lib/exe/ajax.php | 3 | ||||
| -rw-r--r-- | lib/exe/css.php | 3 | ||||
| -rw-r--r-- | lib/exe/js.php | 6 | ||||
| -rw-r--r-- | lib/exe/multipleUpload.swf | bin | 64561 -> 0 bytes | |||
| -rw-r--r-- | lib/exe/xmlrpc.php | 30 |
5 files changed, 31 insertions, 11 deletions
diff --git a/lib/exe/ajax.php b/lib/exe/ajax.php index d4ef8dc11..f8d62cb57 100644 --- a/lib/exe/ajax.php +++ b/lib/exe/ajax.php @@ -281,7 +281,8 @@ function ajax_mediaupload(){ } $result = array('error' => $msg['msg'], 'ns' => $NS); } - echo htmlspecialchars(json_encode($result), ENT_NOQUOTES); + $json = new JSON; + echo htmlspecialchars($json->encode($result), ENT_NOQUOTES); } function dir_delete($path) { diff --git a/lib/exe/css.php b/lib/exe/css.php index 81f47d8fa..d54e2e46c 100644 --- a/lib/exe/css.php +++ b/lib/exe/css.php @@ -319,7 +319,8 @@ function css_compress($css){ // strip whitespaces $css = preg_replace('![\r\n\t ]+!',' ',$css); - $css = preg_replace('/ ?([:;,{}\/]) ?/','\\1',$css); + $css = preg_replace('/ ?([;,{}\/]) ?/','\\1',$css); + $css = preg_replace('/ ?: /',':',$css); // shorten colors $css = preg_replace("/#([0-9a-fA-F]{1})\\1([0-9a-fA-F]{1})\\2([0-9a-fA-F]{1})\\3/", "#\\1\\2\\3",$css); diff --git a/lib/exe/js.php b/lib/exe/js.php index 33f8c695d..b7f2fd222 100644 --- a/lib/exe/js.php +++ b/lib/exe/js.php @@ -88,6 +88,7 @@ function js_out(){ // add some global variables print "var DOKU_BASE = '".DOKU_BASE."';"; print "var DOKU_TPL = '".DOKU_TPL."';"; + // FIXME: Move those to JSINFO print "var DOKU_UHN = ".((int) useHeading('navigation')).";"; print "var DOKU_UHC = ".((int) useHeading('content')).";"; @@ -106,10 +107,7 @@ function js_out(){ echo "\n\n/* XXXXXXXXXX end of " . str_replace(DOKU_INC, '', $file) . " XXXXXXXXXX */\n\n"; } - // init stuff - js_runonstart("addEvent(document,'click',closePopups)"); - js_runonstart("initToolbar('tool__bar','wiki__text',toolbar)"); if($conf['locktime'] != 0){ js_runonstart("dw_locktimer.init(".($conf['locktime'] - 60).",".$conf['usedraft'].")"); } @@ -220,7 +218,7 @@ function js_escape($string){ * @author Andreas Gohr <andi@splitbrain.org> */ function js_runonstart($func){ - echo "addInitEvent(function(){ $func; });".NL; + echo "jQuery(function(){ $func; });".NL; } /** diff --git a/lib/exe/multipleUpload.swf b/lib/exe/multipleUpload.swf Binary files differdeleted file mode 100644 index 888aab045..000000000 --- a/lib/exe/multipleUpload.swf +++ /dev/null diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php index 8b572d213..e5e3298ae 100644 --- a/lib/exe/xmlrpc.php +++ b/lib/exe/xmlrpc.php @@ -7,7 +7,7 @@ if(isset($HTTP_RAW_POST_DATA)) $HTTP_RAW_POST_DATA = trim($HTTP_RAW_POST_DATA); /** * Increased whenever the API is changed */ -define('DOKU_XMLRPC_API_VERSION',5); +define('DOKU_XMLRPC_API_VERSION', 6); require_once(DOKU_INC.'inc/init.php'); session_write_close(); //close session @@ -53,6 +53,11 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { */ function call($methodname, $args){ if(!in_array($methodname,$this->public_methods) && !$this->checkAuth()){ + if (!isset($_SERVER['REMOTE_USER'])) { + header('HTTP/1.1 401 Unauthorized'); + } else { + header('HTTP/1.1 403 Forbidden'); + } return new IXR_Error(-32603, 'server error. not authorized to call method "'.$methodname.'".'); } return parent::call($methodname, $args); @@ -579,8 +584,12 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { // save temporary file @unlink($ftmp); - $buff = base64_decode($file); - io_saveFile($ftmp, $buff); + if (preg_match('/^[A-Za-z0-9\+\/]*={0,2}$/', $file) === 1) { + // DEPRECATED: Double-decode file if it still looks like base64 + // after first decoding (which is done by the library) + $file = base64_decode($file); + } + io_saveFile($ftmp, $file); $res = media_save(array('name' => $ftmp), $id, $params['ow'], $auth, 'rename'); if (is_array($res)) { @@ -853,11 +862,22 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer { global $auth; if(!$conf['useacl']) return 0; if(!$auth) return 0; + + @session_start(); // reopen session for login if($auth->canDo('external')){ - return $auth->trustExternal($user,$pass,false); + $ok = $auth->trustExternal($user,$pass,false); }else{ - return auth_login($user,$pass,false,true); + $evdata = array( + 'user' => $user, + 'password' => $pass, + 'sticky' => false, + 'silent' => true, + ); + $ok = trigger_event('AUTH_LOGIN_CHECK', $evdata, 'auth_login_wrapper'); } + session_write_close(); // we're done with the session + + return $ok; } |