Comparing revisions for WikkaBlog2
- [9834] 2005-07-05 17:28:29 by CatIvan (unregistered user) [add my diagnostic/solution to comment access bug]
- [17809] 2007-12-12 10:25:33 by JavaWoman (unregistered user) [prevent function references looking as page links]
Additions:
// Bad Word Filter For Comments - parameter set at top....
mysql_query($query);
}
$blogrow['topic'] = stripslashes($blogrow['topic']);
$printtext = (stripslashes($blogrow['message']));
$row['comment'] = stripslashes($row['comment']);
if (!($_POST['message'] == "blog entry")) {
$blog_timestamp = date("Y-m-d H:i:s",mktime());
$_POST[message] = addslashes($_POST[message]);
$_POST[topic] = addslashes($_POST[topic]);
mysql_query($query);
}
$row['topic'] = stripslashes($row['topic']);
$printtext = (stripslashes($row['message']));
if($scroll_num!=0)
$total_records=0;
if($records_per_page<=0)
$records_per_page=$this->total_records;
$this->records_per_page=$records_per_page;
if(!$this->is_first_page()&& $this->show_first_last)
echo ' <a href="'.$this->page_name.'&page=0'.$this->qry_str.'" '.$link_para.'>'.$user_link.'</a> ';
elseif($this->show_first_last && $this->show_disabled_links)
echo $user_link;
if(!$this->is_last_page()&& $this->show_first_last)
echo ' <a href="'.$this->page_name.'&page='.($this->total_page-1).$this->qry_str.'" '.$link_para.'>'.$user_link.'</a> ';
elseif($this->show_first_last && $this->show_disabled_links)
echo $user_link;
if(!$this->is_last_page()&& $this->show_prev_next)
echo ' <a href="'.$this->page_name.'&page='.($this->page+1).$this->qry_str.'" '.$link_para.'>'.$user_link.'</a> ';
elseif($this->show_prev_next && $this->show_disabled_links)
echo $user_link." ";
if(!$this->is_first_page()&& $this->show_prev_next)
echo ' <a href="'.$this->page_name.'&page='.($this->page-1).$this->qry_str.'" '.$link_para.'>'.$user_link.'</a> ';
elseif($this->show_prev_next && $this->show_disabled_links)
echo " ".$user_link;
if($this->page>$this->scroll_page &&$this->show_scroll_prev_next)
echo ' <a href="'.$this->page_name.'&page='.($this->page-$this->scroll_page).$this->qry_str.'" '.$link_para.'>'.$user_link.'</a> ';
elseif($this->show_scroll_prev_next && $this->show_disabled_links)
echo $user_link;
if($this->total_page>$this->page+$this->scroll_page &&$this->show_scroll_prev_next)
echo ' <a href="'.$this->page_name.'&page='.($this->page+$this->scroll_page).$this->qry_str.'" '.$link_para.'>'.$user_link.'</a> ';
elseif($this->show_scroll_prev_next && $this->show_disabled_links)
echo $user_link;
$j=0;
if($this->page>($scroll_page/2))
$j=$this->page-intval($scroll_page/2);
if($j+$scroll_page>$this->total_page)
$j=$this->total_page-$scroll_page;
if($j<0)
for(;$i<$j+$scroll_page && $i<$this->total_records;$i++)
{
if($i==$this->page)
echo ($i+1);
else
echo ' <a href="'.$this->page_name.'&page='.$i.$this->qry_str.'" '.$link_para.'>'.($i+1).'</a> ';
}
$this->page=$_REQUEST['page'];
if(!is_numeric($this->page))
$this->page=0;
$this->start=$this->page*$this->records_per_page;
$this->total_page=@intval($this->total_records/$this->records_per_page);
if($this->total_records%$this->records_per_page!=0)
$this->total_page++;
$this->calculate();
return $qry." LIMIT $this->start,$this->records_per_page";
The blog.php action on this page can use a "bad word function" that should be placed **in** the wakka.php file in the wiki root directory. The following code needs to be placed in the wakka.php file (just after the microtime function which starts "function getmicrotime" and ends with a "}". This code is placed immediately after the "}".
http://gmbowen.educ.unb.ca/wikitest/wikkablog1.jpg
http://gmbowen.educ.unb.ca/wikitest/wikkablog2.jpg
~& (moved from WikkaBugs) This is about WikkaBlog2. --- I find that noone is allowed to post blog comments (i.e. not the wikka page std comments). All ACLs are '*'; I even blanked all, or have the page owned by nobody, and still no rights; I suppose HasAccess('comment') fails. (see [[http://cativan.com/VisitingIdeas this page]]) -- CatIvan
my fix: in blog.pgp, line 112 "if ( /*$user = $this->GetUser() &&*/ $this->HasAccess('comment'))" -- the 1st test condition fails for anonymous users; it seems to me the 2nd statement (ACL based) is sufficient.
mysql_query($query);
}
$blogrow['topic'] = stripslashes($blogrow['topic']);
$printtext = (stripslashes($blogrow['message']));
$row['comment'] = stripslashes($row['comment']);
if (!($_POST['message'] == "blog entry")) {
$blog_timestamp = date("Y-m-d H:i:s",mktime());
$_POST[message] = addslashes($_POST[message]);
$_POST[topic] = addslashes($_POST[topic]);
mysql_query($query);
}
$row['topic'] = stripslashes($row['topic']);
$printtext = (stripslashes($row['message']));
if($scroll_num!=0)
$total_records=0;
if($records_per_page<=0)
$records_per_page=$this->total_records;
$this->records_per_page=$records_per_page;
if(!$this->is_first_page()&& $this->show_first_last)
echo ' <a href="'.$this->page_name.'&page=0'.$this->qry_str.'" '.$link_para.'>'.$user_link.'</a> ';
elseif($this->show_first_last && $this->show_disabled_links)
echo $user_link;
if(!$this->is_last_page()&& $this->show_first_last)
echo ' <a href="'.$this->page_name.'&page='.($this->total_page-1).$this->qry_str.'" '.$link_para.'>'.$user_link.'</a> ';
elseif($this->show_first_last && $this->show_disabled_links)
echo $user_link;
if(!$this->is_last_page()&& $this->show_prev_next)
echo ' <a href="'.$this->page_name.'&page='.($this->page+1).$this->qry_str.'" '.$link_para.'>'.$user_link.'</a> ';
elseif($this->show_prev_next && $this->show_disabled_links)
echo $user_link." ";
if(!$this->is_first_page()&& $this->show_prev_next)
echo ' <a href="'.$this->page_name.'&page='.($this->page-1).$this->qry_str.'" '.$link_para.'>'.$user_link.'</a> ';
elseif($this->show_prev_next && $this->show_disabled_links)
echo " ".$user_link;
if($this->page>$this->scroll_page &&$this->show_scroll_prev_next)
echo ' <a href="'.$this->page_name.'&page='.($this->page-$this->scroll_page).$this->qry_str.'" '.$link_para.'>'.$user_link.'</a> ';
elseif($this->show_scroll_prev_next && $this->show_disabled_links)
echo $user_link;
if($this->total_page>$this->page+$this->scroll_page &&$this->show_scroll_prev_next)
echo ' <a href="'.$this->page_name.'&page='.($this->page+$this->scroll_page).$this->qry_str.'" '.$link_para.'>'.$user_link.'</a> ';
elseif($this->show_scroll_prev_next && $this->show_disabled_links)
echo $user_link;
$j=0;
if($this->page>($scroll_page/2))
$j=$this->page-intval($scroll_page/2);
if($j+$scroll_page>$this->total_page)
$j=$this->total_page-$scroll_page;
if($j<0)
for(;$i<$j+$scroll_page && $i<$this->total_records;$i++)
{
if($i==$this->page)
echo ($i+1);
else
echo ' <a href="'.$this->page_name.'&page='.$i.$this->qry_str.'" '.$link_para.'>'.($i+1).'</a> ';
}
$this->page=$_REQUEST['page'];
if(!is_numeric($this->page))
$this->page=0;
$this->start=$this->page*$this->records_per_page;
$this->total_page=@intval($this->total_records/$this->records_per_page);
if($this->total_records%$this->records_per_page!=0)
$this->total_page++;
$this->calculate();
return $qry." LIMIT $this->start,$this->records_per_page";
The blog.php action on this page can use a "bad word function" that should be placed **in** the wakka.php file in the wiki root directory. The following code needs to be placed in the wakka.php file (just after the microtime function which starts "function getmicrotime" and ends with a "}". This code is placed immediately after the "}".
http://gmbowen.educ.unb.ca/wikitest/wikkablog1.jpg
http://gmbowen.educ.unb.ca/wikitest/wikkablog2.jpg
~& (moved from WikkaBugs) This is about WikkaBlog2. --- I find that noone is allowed to post blog comments (i.e. not the wikka page std comments). All ACLs are '*'; I even blanked all, or have the page owned by nobody, and still no rights; I suppose HasAccess('comment') fails. (see [[http://cativan.com/VisitingIdeas this page]]) -- CatIvan
my fix: in blog.pgp, line 112 "if ( /*$user = $this->GetUser() &&*/ $this->HasAccess('comment'))" -- the 1st test condition fails for anonymous users; it seems to me the 2nd statement (ACL based) is sufficient.
Deletions:
mysql_query($query);
}
$blogrow['topic'] = stripslashes($blogrow['topic']);
$printtext = (stripslashes($blogrow['message']));
$row['comment'] = stripslashes($row['comment']);
if (!($_POST['message'] == "blog entry")) {
$blog_timestamp = date("Y-m-d H:i:s",mktime());
$_POST[message] = addslashes($_POST[message]);
$_POST[topic] = addslashes($_POST[topic]);
mysql_query($query);
}
$row['topic'] = stripslashes($row['topic']);
$printtext = (stripslashes($row['message']));
if($scroll_num!=0)
$total_records=0;
if($records_per_page<=0)
$records_per_page=$this->total_records;
$this->records_per_page=$records_per_page;
if(!$this->is_first_page()&& $this->show_first_last)
echo ' <a href="'.$this->page_name.'&page=0'.$this->qry_str.'" '.$link_para.'>'.$user_link.'</a> ';
elseif($this->show_first_last && $this->show_disabled_links)
echo $user_link;
if(!$this->is_last_page()&& $this->show_first_last)
echo ' <a href="'.$this->page_name.'&page='.($this->total_page-1).$this->qry_str.'" '.$link_para.'>'.$user_link.'</a> ';
elseif($this->show_first_last && $this->show_disabled_links)
echo $user_link;
if(!$this->is_last_page()&& $this->show_prev_next)
echo ' <a href="'.$this->page_name.'&page='.($this->page+1).$this->qry_str.'" '.$link_para.'>'.$user_link.'</a> ';
elseif($this->show_prev_next && $this->show_disabled_links)
echo $user_link." ";
if(!$this->is_first_page()&& $this->show_prev_next)
echo ' <a href="'.$this->page_name.'&page='.($this->page-1).$this->qry_str.'" '.$link_para.'>'.$user_link.'</a> ';
elseif($this->show_prev_next && $this->show_disabled_links)
echo " ".$user_link;
if($this->page>$this->scroll_page &&$this->show_scroll_prev_next)
echo ' <a href="'.$this->page_name.'&page='.($this->page-$this->scroll_page).$this->qry_str.'" '.$link_para.'>'.$user_link.'</a> ';
elseif($this->show_scroll_prev_next && $this->show_disabled_links)
echo $user_link;
if($this->total_page>$this->page+$this->scroll_page &&$this->show_scroll_prev_next)
echo ' <a href="'.$this->page_name.'&page='.($this->page+$this->scroll_page).$this->qry_str.'" '.$link_para.'>'.$user_link.'</a> ';
elseif($this->show_scroll_prev_next && $this->show_disabled_links)
echo $user_link;
$j=0;
if($this->page>($scroll_page/2))
$j=$this->page-intval($scroll_page/2);
if($j+$scroll_page>$this->total_page)
$j=$this->total_page-$scroll_page;
if($j<0)
for(;$i<$j+$scroll_page && $i<$this->total_records;$i++)
if($i==$this->page)
echo ($i+1);
else
echo ' <a href="'.$this->page_name.'&page='.$i.$this->qry_str.'" '.$link_para.'>'.($i+1).'</a> ';
$this->page=$_REQUEST['page'];
if(!is_numeric($this->page))
$this->page=0;
$this->start=$this->page*$this->records_per_page;
$this->total_page=@intval($this->total_records/$this->records_per_page);
if($this->total_records%$this->records_per_page!=0)
$this->total_page++;
$this->calculate();
return $qry." LIMIT $this->start,$this->records_per_page";
The blog.php action on this page can use a "bad word function" that should be placed **in** the wikka.php file in the wiki root directory. The following code needs to be placed in the wikka.php file (just after the microtime function which starts "function getmicrotime" and ends with a "}". This code is placed immediately after the "}".
http://gmbtst.msvu.ca/wikitest/wikkablog1.jpg
http://gmbtst.msvu.ca/wikitest/wikkablog2.jpg
~& Changed wakka.php to wikka.php in instructions for badword filter - JoelCant
~& (moved from WikkaBugs) This is about WikkaBlog2. --- I find that noone is allowed to post blog comments (i.e. not the wikka page std comments). All ACLs are '*'; I even blanked all, or have the page owned by nobody, and still no rights; I suppose ""HasAccess""('comment') fails. (see [[http://cativan.com/VisitingIdeas this page]]) -- CatIvan
~& Is this a good solution? in blog.pgp, line 112 "if ( /*$user = $this->""GetUser""() &&*/ $this->""HasAccess""('comment'))" -- the 1st test condition fails for anonymous users; it seems to me the 2nd statement (ACL based) is sufficient. -- CatIvan
