WebSVN – Applications.wikini – Diff – /trunk/api.php

 <?php
-/* encoding: iso-8859-1
+/*
-wakka.php
+$Id: wakka.php 864 2007-11-28 12:44:52Z nepote $
 Copyright (c) 2002, Hendrik Mans <hendrik@mans.de>
-Copyright  2003 Carlo Zottmann
+Copyright 2003 Carlo Zottmann
-Copyright 2002, 2003 David DELON
+Copyright 2002, 2003, 2005 David DELON
-Copyright 2002, 2003, 2004 Charles NÉPOTE
+Copyright 2002, 2003, 2004, 2006 Charles N?POTE
 Copyright 2002, 2003 Patrick PAUL
-Copyright 2003 Éric DELORD
+Copyright 2003 Eric DELORD
-Copyright 2003 Éric FELDSTEIN
+Copyright 2003 Eric FELDSTEIN
-Copyright 2004 Jean-Christophe ANDRÉ
+Copyright 2004-2006 Jean-Christophe ANDR?
+Copyright 2005-2006 Didier LOISEAU
 All rights reserved.
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions
 are met:
 . Redistributions of source code must retain the above copyright
+// do not change this line, you fool. In fact, don't change anything! Ever!
+define("WAKKA_VERSION", "0.1.1");
+define("WIKINI_VERSION", "0.5.0");
-// do not change this line, you fool. In fact, don't change anything! Ever!
+require 'includes/constants.php';
-define("WAKKA_VERSION", "0.1.1");
+include 'includes/urlutils.inc.php';
 define("WIKINI_VERSION", "0.4.3");
 // start the compute time
 	var $parameter = array();
 	var $queryLog = array();
 	var $interWiki = array();
 	var $VERSION;
 	var $CookiePath = '/';
+	var $inclusions = array();
+	/**
+	 * an array containing all the actions that are implemented by an object
+	 * @access private
+	 */
+	var $actionObjects;
+	// LinkTrackink
+	var $isTrackingLinks = false;
+	var $linktable = array();
+	var $pageCache = array();
+	var $_groupsCache = array();
 	var $_actionsAclsCache = array();
 	// constructor
 	function Wiki($config)
 				$this->dblink = false;
+			}
+		}
 		$this->VERSION = WAKKA_VERSION;
-		//determine le chemin pour le cookie
+		// determine le chemin pour les cookies
 		$a = parse_url($this->GetConfigValue('base_url'));
+		$this->CookiePath = dirname($a['path']);
+		// Fixe la gestion des cookie sous les OS utilisant le \ comme s?parteur de chemin
+		$this->CookiePath = str_replace("\\","/",$this->CookiePath);
-		$this->CookiePath = dirname($a['path']);
+		// ajoute un '/' terminal sauf si on est ? la racine web
 		if ($this->CookiePath != '/') $this->CookiePath .= '/';
 				"query"		=> $query,
 				"time"		=> $time);
+		}
 		return $result;
+	}
+	function LoadSingle($query) {
-	function LoadSingle($query) { if ($data = $this->LoadAll($query)) return $data[0]; }
+		if ($data = $this->LoadAll($query)) return $data[0];
+		return null;
+	}
 	function LoadAll($query)
+	{
-	$data=array();
+		$data=array();
-	if ($r = $this->Query($query))
+		if ($r = $this->Query($query))
+		{
+	}
+	// MISC
+	function GetMicroTime()
+	{
-	// MISC
+		list($usec, $sec) = explode(" ",microtime()); return ((float)$usec + (float)$sec);
 	function GetMicroTime() { list($usec, $sec) = explode(" ",microtime()); return ((float)$usec + (float)$sec); }
 	function IncludeBuffered($filename, $notfoundText = "", $vars = "", $path = "")
 	// VARIABLES
 	function GetPageTag() { return $this->tag; }
 	function GetPageTime() { return $this->page["time"]; }
 	function GetMethod() { return $this->method; }
-	function GetConfigValue($name) { return $this->config[$name]; }
+	function GetConfigValue($name) { return isset($this->config[$name]) ? trim($this->config[$name]) : ''; }
 	function GetWakkaName() { return $this->GetConfigValue("wakka_name"); }
 	function GetWakkaVersion() { return $this->VERSION; }
+	function GetWikiNiVersion() { return WIKINI_VERSION; }
+	/**
+	 * Retrieves all the triples that match some criteria.
+	 * This allows to search triples by their approximate resource or property names.
+	 * The allowed operators are the sql LIKE and the sql =
+	 * @param string $resource The resource of the triples
+	 * @param string $property The property of the triple to retrieve or null
+	 * @param string $res_op The operator of comparison between the effective resource and $resource (default: 'LIKE')
+	 * @param string $prop_op The operator of comparison between the effective property and $property (default: '=')
+	 * @return array The list of all the triples that match the asked criteria
+	 */
+	function GetMatchingTriples($resource, $property = null, $res_op = 'LIKE', $prop_op = '=')
+	{
+		static $operators = array('=', 'LIKE'); // we might want to add other operators later
+		$res_op = strtoupper($res_op);
+		if (!in_array($res_op, $operators)) $res_op = '=';
+		$sql = 'SELECT * FROM ' . $this->GetConfigValue('table_prefix') . 'triples '
+			. 'WHERE resource ' . $res_op . ' "' . addslashes($resource) . '"';
+		if ($property !== null)
+		{
+			$prop_op = strtoupper($prop_op);
+			if (!in_array($prop_op, $operators)) $prop_op = '=';
+			$sql .= ' AND property ' . $prop_op . ' "' . addslashes($property) . '"';
+		}
+		return $this->LoadAll($sql);
+	}
+	/**
+	 * Retrieves all the values for a given couple (resource, property)
+	 * @param string $resource The resource of the triples
+	 * @param string $property The property of the triple to retrieve
+	 * @param string $re_prefix The prefix to add to $resource (defaults to THISWIKI_PREFIX)
+	 * @param string $prop_prefix The prefix to add to $property (defaults to WIKINI_VOC_PREFIX)
+	 * @return array An array of the retrieved values, in the form
+	 * array(
+	 * 	0 => array(id = 7 , 'value' => $value1),
+	 * 	1 => array(id = 34, 'value' => $value2),
+	 * 	...
+	 * )
+	 */
+	function GetAllTriplesValues($resource, $property, $re_prefix = THISWIKI_PREFIX, $prop_prefix = WIKINI_VOC_PREFIX)
+	{
+		$sql = 'SELECT id, value FROM ' . $this->GetConfigValue('table_prefix') . 'triples '
+			. 'WHERE resource = "' . addslashes($re_prefix . $resource) . '" '
+			. 'AND property = "' . addslashes($prop_prefix . $property) . '" ';
+		return $this->LoadAll($sql);
+	}
+	/**
+	 * Retrieves a single value for a given couple (resource, property)
+	 * @param string $resource The resource of the triples
+	 * @param string $property The property of the triple to retrieve
+	 * @param string $re_prefix The prefix to add to $resource (defaults to <tt>THISWIKI_PREFIX</tt>)
+	 * @param string $prop_prefix The prefix to add to $property (defaults to <tt>WIKINI_VOC_PREFIX</tt>)
+	 * @return string The value corresponding to ($resource, $property) or null if
+	 * there is no such couple in the triples table.
+	 */
+	function GetTripleValue($resource, $property, $re_prefix = THISWIKI_PREFIX, $prop_prefix = WIKINI_VOC_PREFIX)
+	{
+		$res = $this->GetAllTriplesValues($resource, $property, $re_prefix, $prop_prefix);
+		if ($res) return $res[0]['value'];
+		return null;
+	}
+	/**
+	 * Checks whether a triple exists or not
+	 * @param string $resource The resource of the triple to find
+	 * @param string $property The property of the triple to find
+	 * @param string $value The value of the triple to find
+	 * @param string $re_prefix The prefix to add to $resource (defaults to <tt>THISWIKI_PREFIX</tt>)
+	 * @param string $prop_prefix The prefix to add to $property (defaults to <tt>WIKINI_VOC_PREFIX</tt>)
+	 * @param int The id of the found triple or 0 if there is no such triple.
+	 */
+	function TripleExists($resource, $property, $value, $re_prefix = THISWIKI_PREFIX, $prop_prefix = WIKINI_VOC_PREFIX)
+	{
+		$sql = 'SELECT id FROM ' . $this->GetConfigValue('table_prefix') . 'triples '
+			. 'WHERE resource = "' . addslashes($re_prefix . $resource) . '" '
+			. 'AND property = "' . addslashes($prop_prefix . $property) . '" '
+			. 'AND value = "' . addslashes($value) . '"';
+		$res = $this->LoadSingle($sql);
+		if (!$res) return 0;
+		return $res['id'];
+	}
+	/**
+	 * Inserts a new triple ($resource, $property, $value) in the triples' table
+	 * @param string $resource The resource of the triple to insert
+	 * @param string $property The property of the triple to insert
+	 * @param string $value The value of the triple to insert
+	 * @param string $re_prefix The prefix to add to $resource (defaults to <tt>THISWIKI_PREFIX</tt>)
+	 * @param string $prop_prefix The prefix to add to $property (defaults to <tt>WIKINI_VOC_PREFIX</tt>)
+	 * @return int An error code: 0 (success), 1 (failure) or 3 (already exists)
+	 */
+	function InsertTriple($resource, $property, $value, $re_prefix = THISWIKI_PREFIX, $prop_prefix = WIKINI_VOC_PREFIX)
+	{
+		if ($this->TripleExists($resource, $property, $value, $re_prefix, $prop_prefix))
+		{
+			return 3;
+		}
+		$sql = 'INSERT INTO ' . $this->GetConfigValue('table_prefix') . 'triples (resource, property, value)'
+			. 'VALUES ("' . addslashes($re_prefix . $resource) . '", "'
+				. addslashes($prop_prefix . $property) . '", "'
+				. addslashes($value) . '")';
+		return $this->Query($sql) ? 0 : 1;
+	}
+	/**
+	 * Updates a triple ($resource, $property, $value) in the triples' table
+	 * @param string $resource The resource of the triple to update
+	 * @param string $property The property of the triple to update
+	 * @param string $oldvalue The old value of the triple to update
+	 * @param string $newvalue The new value of the triple to update
+	 * @param string $re_prefix The prefix to add to $resource (defaults to <tt>THISWIKI_PREFIX</tt>)
+	 * @param string $prop_prefix The prefix to add to $property (defaults to <tt>WIKINI_VOC_PREFIX</tt>)
+	 * @return int An error code: 0 (succ?s), 1 (?chec),
+	 * 		2 ($resource, $property, $oldvalue does not exist)
+	 * 		or 3 ($resource, $property, $newvalue already exists)
+	 */
+	function UpdateTriple($resource, $property, $oldvalue, $newvalue, $re_prefix = THISWIKI_PREFIX, $prop_prefix = WIKINI_VOC_PREFIX)
+	{
+		$id = $this->TripleExists($resource, $property, $oldvalue, $re_prefix, $prop_prefix);
+		if (!$id) return 2;
+		if ($this->TripleExists($resource, $property, $newvalue, $re_prefix, $prop_prefix))
+		{
+			return 3;
+		}
+		$sql = 'UPDATE ' . $this->GetConfigValue('table_prefix') . 'triples '
+			. 'SET value = "' . addslashes($newvalue) . '" '
+			. 'WHERE id = ' . $id;
+		return $this->Query($sql) ? 0 : 1;
+	}
+	/**
+	 * Deletes a triple ($resource, $property, $value) from the triples' table
+	 * @param string $resource The resource of the triple to delete
+	 * @param string $property The property of the triple to delete
+	 * @param string $value The value of the triple to delete. If set to <tt>null</tt>,
+	 * deletes all the triples corresponding to ($resource, $property). (defaults to <tt>null</tt>)
+	 * @param string $re_prefix The prefix to add to $resource (defaults to <tt>THISWIKI_PREFIX</tt>)
+	 * @param string $prop_prefix The prefix to add to $property (defaults to <tt>WIKINI_VOC_PREFIX</tt>)
+	 */
+	function DeleteTriple($resource, $property, $value = null, $re_prefix = THISWIKI_PREFIX, $prop_prefix = WIKINI_VOC_PREFIX)
+	{
+		$sql = 'DELETE FROM ' . $this->GetConfigValue('table_prefix') . 'triples '
+			. 'WHERE resource = "' . addslashes($re_prefix . $resource) . '" '
+			. 'AND property = "' . addslashes($prop_prefix . $property) . '" ';
+		if ($value !== null) $sql .= 'AND value = "' . addslashes($value) . '"';
+		$this->Query($sql);
+	}
+	// inclusions
+	/**
+	 * Enr?gistre une nouvelle inclusion dans la pile d'inclusions.
+	 *
+	 * @param string $pageTag Le nom de la page qui va ?tre inclue
+	 * @return int Le nombre d'?l?ments dans la pile
+	 */
+	function RegisterInclusion($pageTag)
+	{
+		return array_unshift($this->inclusions, strtolower(trim($pageTag)));
+	}
+	/**
+	 * Retire le dernier ?l?ment de la pile d'inclusions.
+	 *
+	 * @return string Le nom de la page dont l'inclusion devrait se terminer.
+	 * null s'il n'y a plus d'inclusion dans la pile.
+	 */
+	function UnregisterLastInclusion()
+	{
+		return array_shift($this->inclusions);
+	}
+	/**
+	 * Renvoie le nom de la page en cours d'inclusion.
+	 *
+	 * @example // dans le cas d'une action comme l'ActionEcrivezMoi
+	 * if($inc = $this->CurrentInclusion() && strtolower($this->GetPageTag()) != $inc)
+	 * 	echo 'Cette action ne peut ?tre appel?e depuis une page inclue';
+	 * @return string Le nom (tag) de la page (en minuscules)
+	 * false si la pile est vide.
+	 */
+	function GetCurrentInclusion()
+	{
+		return isset($this->inclusions[0]) ? $this->inclusions[0]: false ;
+	}
+	/**
+	 * V?rifie si on est ? l'int?rieur d'une inclusion par $pageTag (sans tenir compte de la casse)
+	 *
+	 * @param string $pageTag Le nom de la page ? v?rifier
+	 * @return bool True si on est ? l'int?rieur d'une inclusion par $pageTag (false sinon)
+	 */
+	function IsIncludedBy($pageTag)
+	{
+		return in_array(strtolower($pageTag), $this->inclusions);
+	}
+	/**
+	 *
+	 * @return array La pile d'inclusions
+	 * L'?l?ment 0 sera la derni?re inclusion, l'?l?ment 1 sera son parent et ainsi de suite.
+	 */
+	function GetAllInclusions()
+	{
+		return $this->inclusions;
+	}
+	/**
+	 * Remplace la pile des inclusions par une nouvelle pile (par d?faut une pile vide)
+	 * Permet de formatter une page sans tenir compte des inclusions pr?c?dentes.
+	 *
+	 * @param array $ La nouvelle pile d'inclusions.
+	 * L'?l?ment 0 doit repr?senter la derni?re inclusion, l'?l?ment 1 son parent et ainsi de suite.
+	 * @return array L'ancienne pile d'inclusions, avec les noms des pages en minuscules.
+	 */
+	function SetInclusions($pile = array())
+	{
+		$temp = $this->inclusions;
-	function GetWikiNiVersion() { return WIKINI_VERSION; }
+		$this->inclusions = $pile;
+		return $temp;
+	}
+	// PAGES
+	function LoadPage($tag, $time = "", $cache = 1)
+	{
+		// retrieve from cache
-	// PAGES
+		if (!$time && $cache && (($cachedPage = $this->GetCachedPage($tag)) !== false))
+		{
+			$page = $cachedPage;
+		}
-	function LoadPage($tag, $time = "", $cache = 1) {
+		else // load page
+		{
-		// retrieve from cache
+			$sql = "SELECT * FROM ".$this->config["table_prefix"]."pages"
-		if (!$time && $cache && ($cachedPage = $this->GetCachedPage($tag))) { $page = $cachedPage;}
+				. " WHERE tag = '".mysql_real_escape_string($tag)."' AND "
+				. ($time ? "time = '".mysql_real_escape_string($time)."'" : "latest = 'Y'") . " LIMIT 1";
-		// load page
+			$page = $this->LoadSingle($sql);
-		if (!isset($page)) $page = $this->LoadSingle("select * from ".$this->config["table_prefix"]."pages where tag = '".mysql_escape_string($tag)."' ".($time ? "and time = '".mysql_escape_string($time)."'" : "and latest = 'Y'")." limit 1");
+			// cache result
+			if (!$time) $this->CachePage($page, $tag);
+		}
+		return $page;
+	}
+	/**
+	 * Retrieves the cached version of a page.
+	 *
+	 * Notice that this method null or false, use
+	 * 	$this->GetCachedPage($tag) === false
+	 * to check if a page is not in the cache.
+	 * @return mixed The cached version of a page:
-		// cache result
+	 * 	- the page DB line if the page exists and is in cache
+	 * 	- null if the cache knows that the page does not exists
+	 * 	- false is the cache does not know the page
+	 */
+	function GetCachedPage($tag) {return (array_key_exists($tag, $this->pageCache) ? $this->pageCache[$tag] : false); }
+	/**
+	 * Caches a page's DB line.
-		if (!$time) $this->CachePage($page);
+	 *
+	 * @param array $page The page (full) DB line or null if the page does not exists
+	 * @param string $pageTag The tag of the page to cache. Defaults to $page['tag'] but is mendatory when $page === null
+	 */
+	function CachePage($page, $pageTag = null) {
+		if ($pageTag === null)
+		{
-		return $page;
+			$pageTag = $page["tag"];
-	}
+		}
-	function GetCachedPage($tag) {return (isset($this->pageCache[$tag]) ? $this->pageCache[$tag] : ''); }
+		$this->pageCache[$pageTag] = $page;
-	function CachePage($page) { $this->pageCache[$page["tag"]] = $page; }
+	}
 	function SetPage($page) { $this->page = $page; if ($this->page["tag"]) $this->tag = $this->page["tag"]; }
+	function LoadPageById($id) { return $this->LoadSingle("select * from ".$this->config["table_prefix"]."pages where id = '".mysql_real_escape_string($id)."' limit 1"); }
-	function LoadPageById($id) { return $this->LoadSingle("select * from ".$this->config["table_prefix"]."pages where id = '".mysql_escape_string($id)."' limit 1"); }
+	function LoadRevisions($page) { return $this->LoadAll("select * from ".$this->config["table_prefix"]."pages where tag = '".mysql_real_escape_string($page)."' order by time desc"); }
-	function LoadRevisions($page) { return $this->LoadAll("select * from ".$this->config["table_prefix"]."pages where tag = '".mysql_escape_string($page)."' order by time desc"); }
+	function LoadPagesLinkingTo($tag) { return $this->LoadAll("select from_tag as tag from ".$this->config["table_prefix"]."links where to_tag = '".mysql_real_escape_string($tag)."' order by tag"); }
-	function LoadPagesLinkingTo($tag) { return $this->LoadAll("select from_tag as tag from ".$this->config["table_prefix"]."links where to_tag = '".mysql_escape_string($tag)."' order by tag"); }
+	function LoadRecentlyChanged($limit=50)
 	function LoadRecentlyChanged($limit=50) {
 		$limit= (int) $limit;
-		if ($pages = $this->LoadAll("select tag, time, user, owner from ".$this->config["table_prefix"]."pages where latest = 'Y' and comment_on = '' order by time desc limit $limit"))
+		if ($pages = $this->LoadAll("select id, tag, time, user, owner from ".$this->config["table_prefix"]."pages where latest = 'Y' and comment_on = '' order by time desc limit $limit"))
+		{
 			foreach ($pages as $page)
+			{
 				$this->CachePage($page);
+			}
 			return $pages;
 		}
 	}
 	function LoadAllPages() { return $this->LoadAll("select * from ".$this->config["table_prefix"]."pages where latest = 'Y' order by tag"); }
-	function FullTextSearch($phrase) { return $this->LoadAll("select * from ".$this->config["table_prefix"]."pages where latest = 'Y' and match(tag, body) against('".mysql_escape_string($phrase)."')"); }
-	function LoadWantedPages() { return $this->LoadAll("select distinct ".$this->config["table_prefix"]."links.to_tag as tag,count(".$this->config["table_prefix"]."links.from_tag) as count from ".$this->config["table_prefix"]."links left join ".$this->config["table_prefix"]."pages on ".$this->config["table_prefix"]."links.to_tag = ".$this->config["table_prefix"]."pages.tag where ".$this->config["table_prefix"]."pages.tag is NULL group by tag order by count desc"); }
+	function FullTextSearch($phrase) { return $this->LoadAll("select * from ".$this->config["table_prefix"]."pages where latest = 'Y' and match(tag, body) against('".mysql_real_escape_string($phrase)."')"); }
-	function LoadOrphanedPages() { return $this->LoadAll("select distinct tag from ".$this->config["table_prefix"]."pages left join ".$this->config["table_prefix"]."links on ".$this->config["table_prefix"]."pages.tag = ".$this->config["table_prefix"]."links.to_tag where ".$this->config["table_prefix"]."links.to_tag is NULL and ".$this->config["table_prefix"]."pages.comment_on = '' order by tag"); }
+	function LoadWantedPages() {
-	function IsOrphanedPage($tag) { return $this->LoadAll("select distinct tag from ".$this->config["table_prefix"]."pages left join ".$this->config["table_prefix"]."links on ".$this->config["table_prefix"]."pages.tag = ".$this->config["table_prefix"]."links.to_tag where ".$this->config["table_prefix"]."links.to_tag is NULL and ".$this->config["table_prefix"]."pages.comment_on ='' and tag='".mysql_escape_string($tag)."'"); }
+		$p = $this->config["table_prefix"];
-	function DeleteOrphanedPage($tag) {
-		$this->Query("delete from ".$this->config["table_prefix"]."pages where tag='".mysql_escape_string($tag)."' ");
+		$r = "SELECT ${p}links.to_tag AS tag, COUNT(${p}links.from_tag) AS count "
+			. "FROM ${p}links LEFT JOIN ${p}pages ON ${p}links.to_tag = ${p}pages.tag "
-		$this->Query("delete from ".$this->config["table_prefix"]."links where from_tag='".mysql_escape_string($tag)."' ");
+			. "WHERE ${p}pages.tag IS NULL GROUP BY ${p}links.to_tag ORDER BY count DESC, tag ASC";
+		return $this->LoadAll($r);
+	}
+	function LoadOrphanedPages() { return $this->LoadAll("select distinct tag from ".$this->config["table_prefix"]."pages as p left join ".$this->config["table_prefix"]."links as l on p.tag = l.to_tag where l.to_tag is NULL and p.comment_on = '' and p.latest = 'Y' order by tag"); }
+	function IsOrphanedPage($tag) { return $this->LoadAll("select distinct tag from ".$this->config['table_prefix']."pages as p left join ".$this->config['table_prefix']."links as l on p.tag = l.to_tag where l.to_tag is NULL and p.latest = 'Y' and tag = '".mysql_real_escape_string($tag)."'"); }
+	function DeleteOrphanedPage($tag) {
+		$p = $this->config["table_prefix"];
+		$this->Query("DELETE FROM ${p}pages WHERE tag='".mysql_real_escape_string($tag)."' OR comment_on='".mysql_real_escape_string($tag)."'");
+		$this->Query("DELETE FROM ${p}links WHERE from_tag='".mysql_real_escape_string($tag)."' ");
+		$this->Query("DELETE FROM ${p}acls WHERE page_tag='".mysql_real_escape_string($tag)."' ");
+		$this->Query("DELETE FROM ${p}referrers WHERE page_tag='".mysql_real_escape_string($tag)."' ");
+	}
+	/**
+	 * SavePage
+	 * Sauvegarde un contenu dans une page donn?e
+	 *
+	 * @param string $body Contenu ? sauvegarder dans la page
+	 * @param string $tag Nom de la page
+	 * @param string $comment_on Indication si c'est un commentaire
+	 * @param boolean $bypass_acls Indication si on bypasse les droits d'?criture
-		$this->Query("delete from ".$this->config["table_prefix"]."acls where page_tag='".mysql_escape_string($tag)."' ");
+	 * @return int Code d'erreur : 0 (succ?s), 1 (l'utilisateur n'a pas les droits)
-		$this->Query("delete from ".$this->config["table_prefix"]."referrers where page_tag='".mysql_escape_string($tag)."' ");
+	 */
-	}
+	function SavePage($tag, $body, $comment_on = "", $bypass_acls = false)
+	{
-	function SavePage($tag, $body, $comment_on = "") {
 		// get current user
 		$user = $this->GetUserName();
-		//die($tag);
+		// check bypass of rights or write privilege
 		$rights = $bypass_acls || ($comment_on ? $this->HasAccess("comment", $comment_on) : $this->HasAccess("write", $tag));
 		// TODO: check write privilege
-		if ($this->HasAccess("write", $tag))
+		if ($rights)
+		{
 			// is page new?
 			if (!$oldPage = $this->LoadPage($tag))
 			{
 				// create default write acl. store empty write ACL for comments.
-				$this->SaveAcl($tag, "write", ($comment_on ? "" : $this->GetConfigValue("default_write_acl")));
+				$this->SaveAcl($tag, "write", ($comment_on ? $user : $this->GetConfigValue("default_write_acl")));
 				// create default read acl
-				// create default read acl
+				$this->SaveAcl($tag, "read", $this->GetConfigValue("default_read_acl"));
 				$this->SaveAcl($tag, "read", $this->GetConfigValue("default_read_acl"));
 				// create default comment acl.
-				// create default comment acl.
+				$this->SaveAcl($tag, "comment", ($comment_on ? "" : $this->GetConfigValue("default_comment_acl")));
+				// current user is owner; if user is logged in! otherwise, no owner.
+				if ($this->GetUser()) $owner = $user;
-				$this->SaveAcl($tag, "comment", $this->GetConfigValue("default_comment_acl"));
+				else $owner = '';
+			}
-				// current user is owner; if user is logged in! otherwise, no owner.
+			else
 				if ($this->GetUser()) $owner = $user;
 				// aha! page isn't new. keep owner!
-			else
+				$owner = $oldPage["owner"];
-			{
-				// aha! page isn't new. keep owner!
+				// ...and comment_on, eventualy?
-				$owner = $oldPage["owner"];
+				if ($comment_on == '') $comment_on = $oldPage['comment_on'];
 			}
+			// set all other revisions to old
+			$this->Query("update ".$this->config["table_prefix"]."pages set latest = 'N' where tag = '".mysql_real_escape_string($tag)."'");
-			// set all other revisions to old
+			// add new revision
+			$this->Query("insert into ".$this->config["table_prefix"]."pages set ".
-			$this->Query("update ".$this->config["table_prefix"]."pages set latest = 'N' where tag = '".mysql_Escape_string($tag)."'");
+				"tag = '".mysql_real_escape_string($tag)."', ".
+				($comment_on ? "comment_on = '".mysql_real_escape_string($comment_on)."', " : "").
+				"time = now(), ".
+				"owner = '".mysql_real_escape_string($owner)."', ".
+				"user = '".mysql_real_escape_string($user)."', ".
+				"latest = 'Y', ".
+				"body = '".mysql_real_escape_string(chop($body))."'");
+			unset($this->pageCache[$tag]);
+			return 0;
+		}
+		else return 1;
+	}
+	/**
+	 * AppendContentToPage
+	 * Ajoute du contenu ? la fin d'une page
+	 *
+	 * @param string $content Contenu ? ajouter ? la page
+	 * @param string $page Nom de la page
+	 * @param boolean $bypass_acls Boul?en pour savoir s'il faut bypasser les ACLs
+	 * @return int Code d'erreur : 0 (succ?s), 1 (pas de contenu sp?cifi?)
+	 */
+	function AppendContentToPage($content, $page, $bypass_acls = false)
+	{
+		// Si un contenu est sp?cifi?
+		if (isset($content))
+		{
+			// -- D?termine quelle est la page :
+			//    -- pass?e en param?tre (que se passe-t'il si elle n'existe pas ?)
+			//    -- ou la page en cours par d?faut
+			$page = isset($page) ? $page : $this->GetPageTag();
+			// -- Chargement de la page
+			$result = $this->LoadPage($page);
+			$body = $result['body'];
+			// -- Ajout du contenu ? la fin de la page
+			$body .= $content;
+			// -- Sauvegarde de la page
+			// TODO : que se passe-t-il si la page est pleine ou si l'utilisateur n'a pas les droits ?
+			$this->SavePage($page, $body, "", $bypass_acls);
+			// now we render it internally so we can write the updated link table.
+			$this->ClearLinkTable();
+			$this->StartLinkTracking();
+			$temp = $this->SetInclusions();
+			$this->RegisterInclusion($this->GetPageTag()); // on simule totalement un affichage normal
+			$this->Format($body);
+			$this->SetInclusions($temp);
+			if($user = $this->GetUser())
+			{
+				$this->TrackLinkTo($user['name']);
+			}
+			if($owner = $this->GetPageOwner())
+			{
+				$this->TrackLinkTo($owner);
+			}
+			$this->StopLinkTracking();
+			$this->WriteLinkTable();
+			$this->ClearLinkTable();/**/
+			// Retourne 0 seulement si tout c'est bien pass?
+			return 0;
+		}
+		else return 1;
+	}
+	/**
+	 * LogAdministrativeAction($user, $content, $page = "")
+	 *
+	 * @param string $user Utilisateur
+	 * @param string $content Contenu de l'enregistrement
+	 * @param string $page Page de log
+	 *
+	 * @return int Code d'erreur : 0 (succ?s), 1 (pas de contenu sp?cifi?)
+	 */
+	function LogAdministrativeAction($user, $content, $page = "")
+	{
+		$order   = array("\r\n", "\n", "\r");
 		$replace = '\\n';
-			// add new revision
+		$content = str_replace($order, $replace, $content);
-			$this->Query("insert into ".$this->config["table_prefix"]."pages set ".
+		$contentToAppend = "\n" . date("Y-m-d H:i:s") . " . . . . " . $user . " . . . . " . $content . "\n";
+		$page = $page ? $page : "LogDesActionsAdministratives" . date("Ymd");
+		return $this->AppendContentToPage($contentToAppend, $page, true);
-				"tag = '".mysql_escape_string($tag)."', ".
+	}
-				($comment_on ? "comment_on = '".mysql_escape_string($comment_on)."', " : "").
-				"time = now(), ".
+	/**
-				"owner = '".mysql_escape_string($owner)."', ".
+	 * Make the purge of page versions that are older than the last version older than 3 "pages_purge_time"
+	 * This method permits to allways keep a version that is older than that period.
-				"user = '".mysql_escape_string($user)."', ".
+	 */
-				"latest = 'Y', ".
+	function PurgePages() {
-				"body = '".mysql_escape_string(chop($body))."'");
+		if ($days = $this->GetConfigValue("pages_purge_time")) { // is purge active ?
+			// let's search which pages versions we have to remove
+			// this is necessary beacause even MySQL does not handel multi-tables deletes before version 4.0
+			$wnPages = $this->GetConfigValue('table_prefix') . 'pages';
+			$sql = 'SELECT DISTINCT a.id FROM ' . $wnPages . ' a,' . $wnPages . ' b WHERE a.latest = \'N\' AND a.time < date_sub(now(), INTERVAL \'' . addslashes($days) . '\' DAY) AND a.tag = b.tag AND a.time < b.time AND b.time < date_sub(now(), INTERVAL \'' . addslashes($days) . '\' DAY)';
 			$ids = $this->LoadAll($sql);
-	function PurgePages() {
+			if (count($ids)) { // there are some versions to remove from DB
-		if ($days = $this->GetConfigValue("pages_purge_time")) {
+				// let's build one big request, that's better...
+				$sql = 'DELETE FROM ' . $wnPages . ' WHERE id IN (';
+				foreach($ids as $key => $line){
+					$sql .= ($key ? ', ':'') . $line['id']; // NB.: id is an int, no need of quotes
+				}
+				$sql .= ')';
-			// Selection of pages which can be deleted
+				// ... and send it !
-			$pages = $this->LoadAll("select distinct tag, time from ".$this->config["table_prefix"]."pages where time < date_sub(now(), interval '".mysql_escape_string($days)."' day) and latest = 'N' order by time asc");
+				$this->Query($sql);
+			}
+		}
+	}
-			foreach ($pages as $page) {
+	// COOKIES
-				// Deletion if there are more than 2 versions avalaible (TODO : parameter ?)
+	function SetSessionCookie($name, $value)
 				$tags=$this->LoadAll("select distinct tag from ".$this->config["table_prefix"]."pages where tag = '".mysql_escape_string($page[tag])."' group by tag having count(*) > 2 order by tag");
+	{
 		if (!$tag = trim($tag)) $tag = $this->tag;
 		return $tag.($method ? "/".$method : "");
+	}
 	// returns the full url to a page/method.
-	function Href($method = "", $tag = "", $params = "")
+	function Href($method = "", $tag = "", $params = "", $htmlspchars = true)
+	{
 		$href = $this->config["base_url"].$this->MiniHref($method, $tag);
 		if ($params)
+		{
-			$href .= ($this->config["rewrite_mode"] ? "?" : "&amp;").$params;
+			$href .= ($this->config["rewrite_mode"] ? "?" : ($htmlspchars ? "&amp;" : '&')).$params;
+		}
 		return $href;
+	}
-	function Link($tag, $method = "", $text = "", $track = 1) {
+	function Link($tag, $method = "", $text = "", $track = 1)
-		$tag=htmlspecialchars($tag); //avoid xss
-		$text=htmlspecialchars($text); //paranoiac again
+	{
-		if (!$text) $text = $tag;
+		$displayText = $text ? $text : $tag;
 		// is this an interwiki link?
-		if (preg_match("/^([A-Z][A-Z,a-z]+)[:]([A-Z,a-z,0-9]*)$/s", $tag, $matches))
+		if (preg_match('/^' . WN_INTERWIKI_CAPTURE . '$/', $tag, $matches))
+		{
-			$tag = $this->GetInterWikiUrl($matches[1], $matches[2]);
+			if ($tagInterWiki = $this->GetInterWikiUrl($matches[1], $matches[2])) {
-			return "<a href=\"$tag\">$text (interwiki)</a>";
+				return '<a href="'.htmlspecialchars($tagInterWiki).'">'
+					.htmlspecialchars($displayText).' (interwiki)</a>';
+			}
+			else return '<a href="'.htmlspecialchars($tag).'">'
+				.htmlspecialchars($displayText).' (interwiki inconnu)</a>';
+		}
 		// is this a full link? ie, does it contain non alpha-numeric characters?
 		// Note : [:alnum:] is equivalent [0-9A-Za-z]
-		//        [^[:alnum:]] means : some caracters other than [0-9A-Za-z]
+		//		  [^[:alnum:]] means : some caracters other than [0-9A-Za-z]
 		// For example : "www.adress.com", "mailto:adress@domain.com", "http://www.adress.com"
 		else if (preg_match("/[^[:alnum:]]/", $tag))
+		{
-			// check for email addresses
+			// check for various modifications to perform on $tag
-			if (preg_match("/^.+\@.+$/", $tag))
+			if (preg_match("/^[\w.-]+\@[\w.-]+$/", $tag))
+			{ // email addresses
+				$tag = 'mailto:'.$tag;
-			{
+			}
+			// Note : in Perl regexp, (?: ... ) is a non-catching cluster
+			else if (preg_match('/^[[:alnum:]][[:alnum:].-]*(?:\/|$)/', $tag))
+			{ // protocol-less URLs
-				$tag = "mailto:".$tag;
+				$tag = 'http://'.$tag;
+			}
+			// Finally, block script schemes (see RFC 3986 about
+			// schemes) and allow relative link & protocol-full URLs
+			else if (preg_match('/^[a-z0-9.+-]*script[a-z0-9.+-]*:/i', $tag)
+				|| !(preg_match('/^\.?\.?\//', $tag)
+					|| preg_match('/^[a-z0-9.+-]+:\/\//i', $tag)))
+			{
+				// If does't fit, we can't qualify $tag as an URL.
+				// There is a high risk that $tag is just XSS (bad
+				// javascript: code) or anything nasty. So we must not
+				// produce any link at all.
+				return htmlspecialchars($tag.($text ? ' '.$text : ''));
+			}
-			// check for protocol-less URLs
+			// Important: Here, we know that $tag is not something bad
-			else if (!preg_match("/:\/\//", $tag))
+			// and that we must produce a link with it
-			{
-				$tag = "http://".$tag;	//Very important for xss (avoid javascript:() hacking)
-			}
-			// is this an inline image (text!=tag and url ends png,gif,jpeg)
+			// An inline image? (text!=tag and url ends by png,gif,jpeg)
-			if ($text!=$tag and preg_match("/.(gif|jpeg|png|jpg)$/i",$tag))
+			if ($text and preg_match("/\.(gif|jpeg|png|jpg)$/i",$tag))
+			{
-				return "<img src=\"$tag\" alt=\"$text\" />";
+				return '<img src="'.htmlspecialchars($tag)
+					.'" alt="'.htmlspecialchars($displayText).'"/>';
+			}
 			else
+			{
+				// Even if we know $tag is harmless, we MUST encode it
+				// in HTML with htmlspecialchars() before echoing it.
+				// This is not about being paranoiac. This is about
+				// being compliant to the HTML standard.
-				return "<a href=\"$tag\">$text</a>";
+				return '<a href="'.htmlspecialchars($tag).'">'
+					.htmlspecialchars($displayText).'</a>';
+			}
+		}
 		else
+		{
 			// it's a Wiki link!
-			if (isset($_SESSION["linktracking"]) && $track) $this->TrackLinkTo($tag);
+			if (!empty($track)) $this->TrackLinkTo($tag);
+			if ($this->LoadPage($tag))
+				return '<a href="'.htmlspecialchars($this->href($method, $tag)).'">'
+					.htmlspecialchars($displayText).'</a>';
+			else
+				return '<span class="missingpage">'.htmlspecialchars($displayText)
-			return ($this->LoadPage($tag) ? "<a href=\"".$this->href($method, $tag)."\">".$text."</a>" : "<span class=\"missingpage\">".$text."</span><a href=\"".$this->href("edit", $tag)."\">?</a>");
+				.'</span><a href="'.htmlspecialchars($this->href("edit", $tag)).'">?</a>';
+		}
+	}
 	function ComposeLinkToPage($tag, $method = "", $text = "", $track = 1) {
 		if (!$text) $text = $tag;
-		$text = htmlentities($text);
+		$text = htmlspecialchars($text);
-		if (isset($_SESSION["linktracking"]) && $track)
+		if ($track)
 			$this->TrackLinkTo($tag);
 		return '<a href="'.$this->href($method, $tag).'">'.$text.'</a>';
+	}
+	function IsWikiName($text) {
-	// function PregPageLink($matches) { return $this->Link($matches[1]); }
+		return preg_match('/^' . WN_CAMEL_CASE . '$/', $text);
+	}
+	// LinkTracking management
+	/**
-	function IsWikiName($text) { return preg_match("/^[A-Z][a-z]+[A-Z,0-9][A-Z,a-z,0-9]*$/", $text); }
+	 * Tracks the link to a given page (only if the LinkTracking is activated)
+	 * @param string $tag The tag (name) of the page to track a link to.
+	 */
+	function TrackLinkTo($tag) {
-	function TrackLinkTo($tag) { $_SESSION["linktable"][] = $tag; }
+		if ($this->LinkTracking()) $this->linktable[] = $tag;
+	}
+	/**
+	 * @return array The current link tracking table
+	 */
-	function GetLinkTable() { return $_SESSION["linktable"]; }
+	function GetLinkTable() { return $this->linktable; }
+	/**
+	 * Clears the link tracking table
+	 */
-	function ClearLinkTable() { $_SESSION["linktable"] = array(); }
+	function ClearLinkTable() { $this->linktable = array(); }
+	/**
+	 * Starts the LinkTracking
+	 * @return bool The previous state of the link tracking
+	 */
-	function StartLinkTracking() { $_SESSION["linktracking"] = 1; }
+	function StartLinkTracking() {
+		return $this->LinkTracking(true);
+	}
+	/**
+	 * Stops the LinkTracking
+	 * @return bool The previous state of the link tracking
+	 */
+	function StopLinkTracking() {
+		return $this->LinkTracking(false);
+	}
+	/**
+	 * Sets and/or retrieve the state of the LinkTracking
+	 * @param bool $newStatus The new status of the LinkTracking
+	 * (defaults to <tt>null</tt> which lets it unchanged)
+	 * @return bool The previous state of the link tracking
+	 */
-	function StopLinkTracking() { $_SESSION["linktracking"] = 0; }
+	function LinkTracking($newStatus = null)
+	{
+		$old = $this->isTrackingLinks;
+		if ($newStatus !== null) $this->isTrackingLinks = $newStatus;
+		return $old;
+	}
 	function WriteLinkTable() {
 		// delete old link table
-		$this->Query("delete from ".$this->config["table_prefix"]."links where from_tag = '".mysql_escape_string($this->GetPageTag())."'");
+		$this->Query("delete from ".$this->config["table_prefix"]."links where from_tag = '".mysql_real_escape_string($this->GetPageTag())."'");
 		if ($linktable = $this->GetLinkTable())
+		{
-			$from_tag = mysql_escape_string($this->GetPageTag());
+			$from_tag = mysql_real_escape_string($this->GetPageTag());
 			foreach ($linktable as $to_tag)
+			{
 				$lower_to_tag = strtolower($to_tag);
-				if (!$written[$lower_to_tag])
+				if (!isset($written[$lower_to_tag]))
+				{
-					$this->Query("insert into ".$this->config["table_prefix"]."links set from_tag = '".$from_tag."', to_tag = '".mysql_escape_string($to_tag)."'");
+					$this->Query("insert into ".$this->config["table_prefix"]."links set from_tag = '".$from_tag."', to_tag = '".mysql_real_escape_string($to_tag)."'");
 					$written[$lower_to_tag] = 1;
+				}
+			}
+		}
+	}
-	function Header() { return $this->Action($this->GetConfigValue("header_action"), 1); }
-	function Footer() { return $this->Action($this->GetConfigValue("footer_action"), 1); }
+	function Header() {
+		$action = $this->GetConfigValue("header_action");
+		if (($actionObj = &$this->GetActionObject($action)) && is_object($actionObj))
+		{
+			return $actionObj->GenerateHeader();
+		}
+		return $this->Action($action, 1);
+	}
+	function Footer() {
+		$action = $this->GetConfigValue("footer_action");
+		if (($actionObj = &$this->GetActionObject($action)) && is_object($actionObj))
+		{
+			return $actionObj->GenerateFooter();
+		}
 		return $this->Action($action, 1);
+	}
-	// FORMS
-	function FormOpen($method = "", $tag = "", $formMethod = "post") {
-	/* Debut de la modif ACeditor */
-	// ACEditor: id=\"ACEditor\" name=\"ACEditor\" ci-dessous le if a été ajouté (initialement, seule la ligne du else existait)
-	// si l'url se termine par edit (expression régulière edit$), on est en mode édition et dans ce cas on donne les id et name au formulaire
-	// Sinon surtout pas car ça marche plus dans la mesure ou plusieurs formulaires auraient ces ID et name et dans ce cas
-	// il semble que le dernier soit considéré, c'est à dire pas le bon :o(
 		if (ereg('edit$', $this->href($method, $tag))) {
-			$result = "<form id=\"ACEditor\" name=\"ACEditor\" action=\"".$this->href($method, $tag)."\" method=\"".$formMethod."\">\n";
-		} else {
-		$result = "<form action=\"".$this->href($method, $tag)."\" method=\"".$formMethod."\">\n";
 	// FORMS
 	function FormOpen($method = "", $tag = "", $formMethod = "post") {
-/* fin de la modif ACeditor */
+		$result = "<form action=\"".$this->href($method, $tag)."\" method=\"".$formMethod."\">\n";
 		if (!$this->config["rewrite_mode"]) $result .= "<input type=\"hidden\" name=\"wiki\" value=\"".$this->MiniHref($method, $tag)."\" />\n";
 		return $result;
+				}
+			}
+		}
+	}
 	function AddInterWiki($name, $url) {
-		$this->interWiki[$name] = $url;
+		$this->interWiki[strtolower($name)] = $url;
+	}
-	function GetInterWikiUrl($name, $tag) {
+	function GetInterWikiUrl($name, $tag)
-		if (isset($this->interWiki[$name]))
+	{
-			return $this->interWiki[$name].$tag;
+		if (isset($this->interWiki[strtolower($name)])) return $this->interWiki[strtolower($name)].$tag;
-		} else {
+		else return FALSE;
-		return 'http://'.$tag; //avoid xss by putting http:// in front of JavaScript:()
-		}
+	}
 		if (!$referrer = trim($referrer) AND isset($_SERVER["HTTP_REFERER"])) $referrer = $_SERVER["HTTP_REFERER"];
 		// check if it's coming from another site
 		if ($referrer && !preg_match("/^".preg_quote($this->GetConfigValue("base_url"), "/")."/", $referrer))
+		{
+			// avoid XSS (with urls like "javascript:alert()" and co)
+			// by forcing http/https prefix
+			// NB.: this does NOT exempt to htmlspecialchars() the collected URIs !
+			if (!preg_match('`^https?://`', $referrer)) return;
 			$this->Query("insert into ".$this->config["table_prefix"]."referrers set ".
-				"page_tag = '".mysql_escape_string($tag)."', ".
+				"page_tag = '".mysql_real_escape_string($tag)."', ".
-				"referrer = '".mysql_escape_string($referrer)."', ".
+				"referrer = '".mysql_real_escape_string($referrer)."', ".
 				"time = now()");
+		}
+	}
 	function LoadReferrers($tag = "") {
-		return $this->LoadAll("select referrer, count(referrer) as num from ".$this->config["table_prefix"]."referrers ".($tag = trim($tag) ? "where page_tag = '".mysql_escape_string($tag)."'" : "")." group by referrer order by num desc");
+		return $this->LoadAll("select referrer, count(referrer) as num from ".$this->config["table_prefix"]."referrers ".($tag = trim($tag) ? "where page_tag = '".mysql_real_escape_string($tag)."'" : "")." group by referrer order by num desc");
+	}
 	function PurgeReferrers() {
 		if ($days = $this->GetConfigValue("referrers_purge_time")) {
-			$this->Query("delete from ".$this->config["table_prefix"]."referrers where time < date_sub(now(), interval '".mysql_escape_string($days)."' day)");
+			$this->Query("delete from ".$this->config["table_prefix"]."referrers where time < date_sub(now(), interval '".mysql_real_escape_string($days)."' day)");
+		}
+	}
+	// PLUGINS
+	/**
+	 * Exacutes an "action" module and returns the generated output
+	 * @param string $action The name of the action and its eventual parameters,
-	// PLUGINS
+	 * as it appears in the page between "{{" and "}}"
+	 * @param boolean $forceLinkTracking By default, the link tracking will be disabled
+	 * during the call of an action. Set this value to <code>true</code> to allow it.
+	 * @param array $vars An array of additionnal parameters to give to the action, in the form
+	 * array( 'param' => 'value').
+	 * This allows you to call Action() internally, setting $action to the name of the action
-	function Action($action, $forceLinkTracking = 0)
+	 * you want to call and it's parameters in an array, wich is more efficient than
 	 * the pattern-matching algorithm used to extract the parameters from $action.
+	 * @return The output generated by the action.
-		$action = trim($action); $vars=array();
+	 */
-		// stupid attributes check
+	function Action($action, $forceLinkTracking = 0, $vars = array())
+	{
+		$cmd = trim($action);
+		// extract $action and $vars_temp ("raw" attributes)
-		if ((stristr($action, "=\"")) || (stristr($action, "/")))
+		if (!preg_match("/^([a-zA-Z-0-9]+)\/?(.*)$/", $cmd, $matches))
 		{
+			return '<i>Action invalide &quot;' . htmlspecialchars($cmd) . '&quot;</i>';
+		}
-			// extract $action and $vars_temp ("raw" attributes)
+		list(, $action, $vars_temp) = $matches;
+		$vars[$vars_temp] = $vars_temp; // usefull for {{action/vars_temp}}
-			preg_match("/^([A-Za-z0-9]*)\/?(.*)$/", $action, $matches);
+		// now that we have the action's name, we can check if the user satisfies the ACLs
+		if (!$this->CheckModuleACL($action, 'action'))
 			list(, $action, $vars_temp) = $matches;
-			// match all attributes (key and value)
+			return 'Erreur: vous n\'avez pas acc&egrave;s &agrave; l\'action ' . $action . '.';
 			$this->parameter[$vars_temp]=$vars_temp;
 			preg_match_all("/([A-Za-z0-9]*)=\"(.*)\"/U", $vars_temp, $matches);
 		// match all attributes (key and value)
 		// prepare an array for extract() to work with (in $this->IncludeBuffered())
-		if (is_array($matches))
-			{
-				for ($a = 0; $a < count($matches[1]); $a++)
+		if (preg_match_all("/([a-zA-Z0-9]*)=\"(.*)\"/U", $vars_temp, $matches))
+		{
+			for ($a = 0; $a < count($matches[1]); $a++)
 					$vars[$matches[1][$a]] = $matches[2][$a];
+				$vars[$matches[1][$a]] = $matches[2][$a];
+			}
+		}
-					$this->parameter[$matches[1][$a]]=$matches[2][$a];
+		if (!$forceLinkTracking) $this->StopLinkTracking();
+		if ($actionObj = &$this->GetActionObject($action))
+		{
+			if (is_object($actionObj))
-				}
+			{
+				$result = $actionObj->PerformAction($vars, $cmd);
+			}
-			}
+			else // $actionObj is an error message
+			{
+				$result = $actionObj;
+			}
+		}
+		else // $actionObj == null (not found, no error message)
+		{
-		if (!$forceLinkTracking) $this->StopLinkTracking();
+			$this->parameter = &$vars;
-		$result = $this->IncludeBuffered(strtolower($action).".php", "<i>Action inconnue \"$action\"</i>", $vars, $this->config["action_path"]);
+			$result = $this->IncludeBuffered(strtolower($action).".php", "<i>Action inconnue &quot;$action&quot;</i>", $vars, $this->config["action_path"]);
+			unset($this->parameter);
+		}
+		$this->StartLinkTracking(); // shouldn't we restore the previous status ?
+		return $result;
+	}
+	/**
+	 * Finds the object corresponding to an action, if it exists.
+	 * @param string $name The name of an action (should be alphanumeric)
+	 * @return mixed
+	 * 	- null if the corresponding file was not found or the corresponding class didn't exist after inclusion
+	 *  - an error string if the corresponding file was found but an error append while loading it
+	 *  - the object corresponding to this action if no problem happend
+	 * To check the result, you should use is_object() on it.
+	 * You should always assign the result of this method by referrence
+	 * to avoid copying the object, which is the default beheviour in PHP4.
+	 * @example
+	 * $var = &$wiki->GetActionObject('actionname');
+	 * if (is_object($var))
+	 * {
+	 * 		// normal behaviour
+	 * }
+	 * elseif ($var) // $var is not an object but an error string
+	 * {
+	 * 		// threat error
+	 * }
+	 * else // action was not found
+	 * {
+	 * 		// rescue from inexising action or sth
+	 * }
+	 */
+	function &GetActionObject($name)
+	{
+		$name = strtolower($name);
+		$actionObj = null; // the generated object
+		if (!preg_match('/^[a-z0-9]+$/', $name)) // paranoiac
+		{
+			return $actionObj;
+		}
+		// already tried to load this object ? (may be null)
+		if (isset($this->actionObjects[$name]))
+		{
+			return $this->actionObjects[$name];
+		}
+		// object not loaded, try to load it
+		$filename = $name . '.class.php';
+		// load parent class for all action objects (only once)
+		require_once 'includes/action.class.php';
+		// include the action file, this should return an empty string
+		$result = $this->IncludeBuffered($filename, null, null, $this->GetConfigValue('action_path'));
+		if ($result) // the result was not an empty string, certainly an error message
+		{
+			$actionObj = $result;
+		}
+		elseif ($result !== false) // the result was empty but the file was found
+		{
+			$class = 'Action' . ucfirst($name);
+			if (class_exists($class))
+			{
+				$actionObj = new $class($this);
+				if (!is_a($actionObj, 'WikiniAction'))
+				{
+					die("Action invalide '$name': classe incorrecte");
+				}
+			}
+		}
+		$this->actionObjects[$name] = &$actionObj;
+		return $actionObj;
+	}
+	/**
+	 * Retrieves the list of existing actions
+	 * @return array An unordered array of all the available actions.
+	 */
+	function GetActionsList()
+	{
+		$action_path = $this->GetConfigValue('action_path');
+		$list = array();
+		if ($dh = opendir($action_path))
+		{
+			while (($file = readdir($dh)) !== false)
+			{
+				if (preg_match('/^([a-zA-Z-0-9]+)(.class)?.php$/', $file, $matches))
+				{
+					$list[] = $matches[1];
+				}
+			}
+		}
+		return $list;
+	}
+	/**
+	 * Retrieves the list of existing handlers
+	 * @return array An unordered array of all the available handlers.
+	 */
+	function GetHandlersList()
+	{
+		$handler_path = $this->GetConfigValue('handler_path') . '/page/';
+		$list = array();
+		if ($dh = opendir($handler_path))
+		{
+			while (($file = readdir($dh)) !== false)
+			{
+				if (preg_match('/^([a-zA-Z-0-9]+)(.class)?.php$/', $file, $matches))
+				{
+					$list[] = $matches[1];
+				}
 		$this->StartLinkTracking();
 		if (isset($parameter)) unset($this->parameter[$parameter]);
-		unset($this->parameter);
+		return $list;
 		return $result;
+	}
 	// USERS
-	function LoadUser($name, $password = 0) { return $this->LoadSingle("select * from ".$this->config["table_prefix"]."users where name = '".mysql_escape_string($name)."' ".($password === 0 ? "" : "and password = '".mysql_escape_string($password)."'")." limit 1"); }
-	function LoadUsers() { return $this->LoadAll("select * from ".$this->config["table_prefix"]."users order by name"); }
+	function LoadUser($name, $password = 0) { return $this->LoadSingle("select * from ".$this->config["table_prefix"]."users where name = '".mysql_real_escape_string($name)."' ".($password === 0 ? "" : "and password = '".mysql_real_escape_string($password)."'")." limit 1"); }
-	function GetUserName() { if ($user = $this->GetUser()) $name = $user["name"]; else if (!$name = gethostbyaddr($_SERVER["REMOTE_ADDR"])) $name = $_SERVER["REMOTE_ADDR"]; return $name; }
+	function LoadUsers() { return $this->LoadAll("select * from ".$this->config["table_prefix"]."users order by name"); }
-	function UserName() { /* deprecated! */ return $this->GetUserName(); }
+	function GetUserName() { if ($user = $this->GetUser()) $name = $user["name"]; else if (!$name = gethostbyaddr($_SERVER["REMOTE_ADDR"])) $name = $_SERVER["REMOTE_ADDR"]; return $name; }
 	function GetUser() { return (isset($_SESSION["user"]) ? $_SESSION["user"] : '');}
 	function SetUser($user, $remember=0) { $_SESSION["user"] = $user; $this->SetPersistentCookie("name", $user["name"], $remember); $this->SetPersistentCookie("password", $user["password"], $remember); $this->SetPersistentCookie("remember", $remember, $remember); }
-	function LogoutUser() { $_SESSION["user"] = ""; $this->DeleteCookie("name"); $this->DeleteCookie("password"); }
-	function UserWantsComments() { if (!$user = $this->GetUser()) return false; return ($user["show_comments"] == "Y"); }
+	function LogoutUser() { $_SESSION["user"] = ""; $this->DeleteCookie("name"); $this->DeleteCookie("password"); }
+	function UserWantsComments() { if (!$user = $this->GetUser()) return false; return ($user["show_comments"] == "Y"); }
+	function GetParameter($parameter, $default = '') { return (isset($this->parameter[$parameter]) ? $this->parameter[$parameter] : $default); }
+	// COMMENTS
+	/**
+	 * Charge les commentaires relatifs ? une page.
+	 *
+	 * @param string $tag Nom de la page. Ex : "PagePrincipale"
+	 * @return array Tableau contenant tous les commentaires et leurs
+	 * propri?t?s correspondantes.
+	 */
-	function GetParameter($parameter, $default = '') { return (isset($this->parameter[$parameter]) ? $this->parameter[$parameter] : $default); }
+	function LoadComments($tag)
+	{
+		return $this->LoadAll(
+			"select * " .
+			"from ".$this->config["table_prefix"]."pages " .
+			"where comment_on = '".mysql_real_escape_string($tag)."' " .
+			"and latest = 'Y' " .
+			"order by substring(tag, 8) + 0");
+	}
+	/**
+	 * Charge les derniers commentaires de toutes les pages.
+	 *
+	 * @param int $limit Nombre de commentaires charg?s.
+	 *                   0 par d?faut (ie tous les commentaires).
+	 * @return array Tableau contenant chaque commentaire et ses
+	 *               propri?t?s associ?es.
+	 * @todo Ajouter le param?tre $start pour permettre une pagination
+	 *       des commentaires : ->LoadRecentComments(10, 10)
+	 */
+	function LoadRecentComments($limit = 0)
+	{
+		// The part of the query which limit the number of comments
+		if(is_numeric($limit) && $limit > 0) $lim = " limit ".$limit;
+		else $lim = "";
+		// Query
+		return $this->LoadAll(
+			"select * " .
+			"from " . $this->config["table_prefix"] . "pages " .
+			"where comment_on != '' " .
+			"and latest = 'Y' " .
+			"order by time desc " .
+			$lim);
+	}
-	// COMMENTS
+	function LoadRecentlyCommented($limit = 50)
 	function LoadComments($tag) { return $this->LoadAll("select * from ".$this->config["table_prefix"]."pages where comment_on = '".mysql_escape_string($tag)."' and latest = 'Y' order by time"); }
-	function LoadRecentComments() { return $this->LoadAll("select * from ".$this->config["table_prefix"]."pages where comment_on != '' and latest = 'Y' order by time desc"); }
-	function LoadRecentlyCommented($limit = 50) {
-		// NOTE: this is really stupid. Maybe my SQL-Fu is too weak, but apparently there is no easier way to simply select
+		$pages = array();
 		//       all comment pages sorted by their first revision's (!) time. ugh!
 		// NOTE: this is really stupid. Maybe my SQL-Fu is too weak, but apparently there is no easier way to simply select
+		//       all comment pages sorted by their first revision's (!) time. ugh!
 		// load ids of the first revisions of latest comments. err, huh?
-		$pages=array();
+		// load ids of the first revisions of latest comments. err, huh?
-		$comments=array();
+		if ($ids = $this->LoadAll("select min(id) as id from ".$this->config["table_prefix"]."pages where comment_on != '' group by tag order by id desc"))
-		if ($ids = $this->LoadAll("select min(id) as id from ".$this->config["table_prefix"]."pages where comment_on != '' group by tag order by id desc"))
-		{
-			// load complete comments
+		{
-			foreach ($ids as $id)
+			// load complete comments
 			$num=0;
-				$comment = $this->LoadSingle("select * from ".$this->config["table_prefix"]."pages where id = '".$id["id"]."' limit 1");
+			foreach ($ids as $id)
 				$num=0;
-				if (!isset($comments[$comment["comment_on"]])) $comments[$comment["comment_on"]]='';
+				$comment = $this->LoadSingle("select * from ".$this->config["table_prefix"]."pages where id = '".$id["id"]."' limit 1");
 		if (!$tag = trim($tag)) $tag = $this->GetPageTag();
 		// check if user is owner
 		if ($this->GetPageOwner($tag) == $this->GetUserName()) return true;
+	}
+	/**
+	 * @param string $group The name of a group
+	 * @return string the ACL associated with the group $gname
+	 * @see UserIsInGroup to check if a user belongs to some group
+	 */
+	function GetGroupACL($group)
+	{
+		if (array_key_exists($group, $this->_groupsCache))
+		{
+			return $this->_groupsCache[$group];
+		}
+		return $this->_groupsCache[$group] = $this->GetTripleValue($group, WIKINI_VOC_ACLS, GROUP_PREFIX);
+	}
+	/**
+	 * Checks if a new group acl is not defined recursively
+	 * (this method expects that groups that are already defined are not themselves defined recursively...)
+	 * @param string $gname The name of the group
+	 * @param string $acl The new acl for that group
+	 * @return boolean True iff the new acl defines the group recursively
+	 */
+	function MakesGroupRecursive($gname, $acl, $origin = null, $checked = array())
+	{
+		$gname = strtolower($gname);
+		if ($origin === null)
+		{
+			$origin = $gname;
+		}
+		elseif ($gname === $origin)
+		{
+			return true;
+		}
+		foreach (explode("\n", $acl) as $line)
+		{
+			if (!$line) continue;
+			if ($line[0] == '!')
+			{
+				$line = substr($line, 1);
+			}
+			if (!$line) continue;
+			if ($line[0] == '@')
+			{
+				$line = substr($line, 1);
+				if (!in_array($line, $checked))
+				{
+					if ($this->MakesGroupRecursive($line, $this->GetGroupACL($line), $origin, $checked))
+					{
+						return true;
+					}
+				}
+			}
+		}
+		$checked[] = $gname;
+		return false;
+	}
+	/**
+	 * Sets a new ACL to a given group
+	 * @param string $gname The name of a group
+	 * @param string $acl The new ACL to associate with the group $gname
+	 * @return int 0 if successful, a triple error code or a specific error code:
+	 * 	1000 if the new value would define the group recursively
+	 * 	1001 if $gname is not named with alphanumeric chars
+	 * @see GetGroupACL
+	 */
+	function SetGroupACL($gname, $acl)
+	{
+		if (preg_match('/[^A-Za-z0-9]/', $gname))
+		{
+			return 1001;
+		}
+		$old = $this->GetGroupACL($gname);
+		if ($this->MakesGroupRecursive($gname, $acl))
+		{
+			return 1000;
+		}
+		$this->_groupsCache[$gname] = $acl;
+		if ($old === null)
+		{
+			return $this->InsertTriple($gname, WIKINI_VOC_ACLS, $acl, GROUP_PREFIX);
+		}
+		elseif ($old === $acl)
+		{
+			return 0; // nothing has changed
+		}
+		else
+		{
+			return $this->UpdateTriple($gname, WIKINI_VOC_ACLS, $old, $acl, GROUP_PREFIX);
+		}
+	}
+	/**
+	 * @return array The list of all group names
+	 */
+	function GetGroupsList()
+	{
+		$res = $this->GetMatchingTriples(GROUP_PREFIX . '%', WIKINI_VOC_ACLS_URI);
+		$prefix_len = strlen(GROUP_PREFIX);
+		$list = array();
+		foreach ($res as $line)
+		{
+			$list[] = substr($line['resource'], $prefix_len);
+		}
+		return $list;
+	}
+	/**
+	 * @param string $group The name of a group
+	 * @return boolean true iff the user is in the given $group
+	 */
+	function UserIsInGroup($group, $user = null, $admincheck = true)
+	{
+		return $this->CheckACL($this->GetGroupACL($group), $user, $admincheck);
+	}
+	/**
+	 * Checks if a given user is andministrator
+	 * @param string $user The name of the user (defaults to the current user if not given)
+	 * @return boolean true iff the user is an administrator
+	 */
+	function UserIsAdmin($user = null)
+	{
+		return $this->UserIsInGroup(ADMIN_GROUP, $user, false);
+	}
 	function GetPageOwner($tag = "", $time = "") { if (!$tag = trim($tag)) $tag = $this->GetPageTag(); if ($page = $this->LoadPage($tag, $time)) return $page["owner"]; }
 	function SetPageOwner($tag, $user) {
 		// check if user exists
 		if (!$this->LoadUser($user)) return;
 		// updated latest revision with new owner
-		$this->Query("update ".$this->config["table_prefix"]."pages set owner = '".mysql_escape_string($user)."' where tag = '".mysql_escape_string($tag)."' and latest = 'Y' limit 1");
+		$this->Query("update ".$this->config["table_prefix"]."pages set owner = '".mysql_real_escape_string($user)."' where tag = '".mysql_real_escape_string($tag)."' and latest = 'Y' limit 1");
 	}
 	function LoadAcl($tag, $privilege, $useDefaults = 1) {
-		if ((!$acl = $this->LoadSingle("select * from ".$this->config["table_prefix"]."acls where page_tag = '".mysql_escape_string($tag)."' and privilege = '".mysql_escape_string($privilege)."' limit 1")) && $useDefaults)
+		if ((!$acl = $this->LoadSingle("select * from ".$this->config["table_prefix"]."acls where page_tag = '".mysql_real_escape_string($tag)."' and privilege = '".mysql_real_escape_string($privilege)."' limit 1")) && $useDefaults)
+		{
 			$acl = array("page_tag" => $tag, "privilege" => $privilege, "list" => $this->GetConfigValue("default_".$privilege."_acl"));
+		}
 		return $acl;
 	}
 	function SaveAcl($tag, $privilege, $list) {
-		if ($this->LoadAcl($tag, $privilege, 0)) $this->Query("update ".$this->config["table_prefix"]."acls set list = '".mysql_escape_string(trim(str_replace("\r", "", $list)))."' where page_tag = '".mysql_escape_string($tag)."' and privilege = '".mysql_escape_string($privilege)."' limit 1");
+		if ($this->LoadAcl($tag, $privilege, 0)) $this->Query("update ".$this->config["table_prefix"]."acls set list = '".mysql_real_escape_string(trim(str_replace("\r", "", $list)))."' where page_tag = '".mysql_real_escape_string($tag)."' and privilege = '".mysql_real_escape_string($privilege)."' limit 1");
-		else $this->Query("insert into ".$this->config["table_prefix"]."acls set list = '".mysql_escape_string(trim(str_replace("\r", "", $list)))."', page_tag = '".mysql_escape_string($tag)."', privilege = '".mysql_escape_string($privilege)."'");
+		else $this->Query("insert into ".$this->config["table_prefix"]."acls set list = '".mysql_real_escape_string(trim(str_replace("\r", "", $list)))."', page_tag = '".mysql_real_escape_string($tag)."', privilege = '".mysql_real_escape_string($privilege)."'");
+	}
 	// returns true if $user (defaults to current user) has access to $privilege on $page_tag (defaults to current page)
 	function HasAccess($privilege, $tag = "", $user = "") {
+		// set defaults
+		if (!$tag = trim($tag)) $tag = $this->GetPageTag();
+		if (!$user)
+		{
-		// set defaults
+			// if current user is owner, return true. owner can do anything!
+			if ($this->UserIsOwner($tag)) return true;
+			$user = $this->GetUserName();
+		}
+		// TODO: we might want to check if a given $user (other than the current user)
-		if (!$tag = trim($tag)) $tag = $this->GetPageTag();
+		// has access to a given page. If the $user is the owner of that page,
-		if (!$user = $this->GetUserName());
+		// this method might give a wrong result (because we can't check that)
-		// load acl
-		$acl = $this->LoadAcl($tag, $privilege);
+		// load acl
+		$acl = $this->LoadAcl($tag, $privilege);
+		// fine fine... now go through acl
+		return $this->CheckACL($acl["list"], $user);
+	}
+	/**
+	 * Checks if some $user satisfies the given $acl
+	 * @param string $acl The acl to check, in the same format than for pages ACL's
+	 * @param string $user The name of the user that must satisfy the ACL. By default
+	 * the current remote user.
+	 * @return bool True if the $user satisfies the $acl, false otherwise
+	 */
+	function CheckACL($acl, $user = null, $admincheck = true)
+	{
+		if (!$user)
+		{
+			$user = $this->GetUserName();
+		}
+		if ($admincheck && $this->UserIsAdmin($user))
+		{
-		// if current user is owner, return true. owner can do anything!
+			return true;
 		if ($this->UserIsOwner($tag)) return true;
 		// fine fine... now go through acl
-		foreach (explode("\n", $acl["list"]) as $line)
+		foreach (explode("\n", $acl) as $line)
 			// if there's still anything left... lines with just a "!" don't count!
 			if ($line)
+			{
 				switch ($line[0])
+				{
-				// comments
+				case "#": // comments
-				case "#":
 					break;
-				// everyone
+				case "*": // everyone
-				case "*":
 					return !$negate;
-				// aha! a user entry.
+				case "+": // registered users
-				case "+":
 					if (!$this->LoadUser($user))
+					{
 						return $negate;
+					}
 					else
+					{
 						return !$negate;
+					}
+				case '@': // groups
+					$gname = substr($line, 1);
+					// paranoiac: avoid line = '@'
+					if ($gname && $this->UserIsInGroup($gname, $user, false /* we have allready checked if user was an admin */))
+					{
+						return !$negate;
+					}
-				default:
+					break;
+				default: // simple user entry
 					if ($line == $user)
+					{
 						return !$negate;
+					}
+				}
 		// tough luck.
 		return false;
+	}
+	/**
+	 * Loads the module ACL for a certain module
+	 * @param string $module The name of the module
+	 * @param string $module_type The type of module: 'action' or 'handler'
+	 * @return mixed The ACL for the given module or <tt>null</tt> if no such
+	 * ACL was found (which should probably be interpreted as '*').
+	 */
+	function GetModuleACL($module, $module_type)
+	{
+		$module = strtolower($module);
+		switch ($module_type)
+		{
+		case 'action':
+			if (array_key_exists($module, $this->_actionsAclsCache))
+			{
+				$acl = $this->_actionsAclsCache[$module];
+				break;
+			}
+			$this->_actionsAclsCache[$module] = $acl = $this->GetTripleValue($module, WIKINI_VOC_ACLS, WIKINI_VOC_ACTIONS_PREFIX);
+			if ($acl === null)
+			{
+				$action = &$this->GetActionObject($module);
+				if (is_object($action))
+				{
+					return $this->_actionsAclsCache[$module] = $action->GetDefaultACL();
+				}
+			}
+			break;
+		case 'handler':
+			$acl = $this->GetTripleValue($module, WIKINI_VOC_ACLS, WIKINI_VOC_HANDLERS_PREFIX);
+			break;
+		default:
+			return null; // TODO error msg ?
+		}
+		return $acl === null ? '*' : $acl;
+	}
+	/**
+	 * Sets the $acl for a given $module
+	 * @param string $module The name of the module
+	 * @param string $module_type The type of module ('action' or 'handler')
+	 * @param string $acl The new ACL for that module
+	 * @return 0 on success, > 0 on error (see InsertTriple and UpdateTriple)
+	 */
+	function SetModuleACL($module, $module_type, $acl)
+	{
+		$module = strtolower($module);
+		$voc_prefix = $module_type == 'action' ? WIKINI_VOC_ACTIONS_PREFIX : WIKINI_VOC_HANDLERS_PREFIX;
+		$old = $this->GetTripleValue($module, WIKINI_VOC_ACLS, $voc_prefix);
+		if ($module_type == 'action')
+		{
+			$this->_actionsAclsCache[$module] = $acl;
+		}
+		if ($old === null)
+		{
+			return $this->InsertTriple($module, WIKINI_VOC_ACLS, $acl, $voc_prefix);
+		}
+		elseif ($old === $acl)
+		{
+			return 0; // nothing has changed
+		}
+		else
+		{
+			return $this->UpdateTriple($module, WIKINI_VOC_ACLS, $old, $acl, $voc_prefix);
+		}
+	}
+	/**
+	 * Checks if a $user satisfies the ACL to access a certain $module
+	 * @param string $module The name of the module to access
+	 * @param string $module_type The type of the module ('action' or 'handler')
+	 * @param string $user The name of the user. By default
+	 * the current remote user.
+	 * @return bool True if the $user has access to the given $module, false otherwise.
+	 */
+	function CheckModuleACL($module, $module_type, $user = null)
+	{
+		$acl = $this->GetModuleACL($module, $module_type);
+		if ($acl === null) return true; // undefined ACL means everybody has access
 		return $this->CheckACL($acl, $user);
+	}
 	// THE BIG EVIL NASTY ONE!
 	function Run($tag, $method = "") {
-		if(!($this->GetMicroTime()%3)) $this->Maintenance();
+		if(!($this->GetMicroTime()%9)) $this->Maintenance();
 		if ((!$this->GetUser() && isset($_COOKIE["name"])) && ($user = $this->LoadUser($_COOKIE["name"], $_COOKIE["password"]))) $this->SetUser($user, $_COOKIE["remember"]);
 		$this->SetPage($this->LoadPage($tag, (isset($_REQUEST["time"]) ? $_REQUEST["time"] :'')));
 		$this->LogReferrer();
+		//correction pour un support plus facile de nouveaux handlers
+		if ($this->CheckModuleACL($this->method, 'handler'))
-      //correction pour un support plus facile de nouveaux handlers
+		{
+			echo $this->Method($this->method);
+		}
+		else
+		{
+			echo 'Vous ne pouvez pas acc&eacute;der &agrave; cette page par le handler sp&eacute;cifi&eacute;.';
+		}
+		// action redirect: aucune redirection n'a eu lieu, effacer la liste des redirections pr?c?dentes
-      print($this->Method($this->method));
+		if(!empty($_SESSION['redirects'])) session_unregister('redirects');
+	}
 			else
 				$a[$k] = stripslashes($v);
+		}
+	}
+}
-set_magic_quotes_runtime(0);
+if (get_magic_quotes_runtime())
+{
+    // Deactivate
+    set_magic_quotes_runtime(false);
+}
 if (get_magic_quotes_gpc())
+{
 	magicQuotesSuck($_POST);
 	magicQuotesSuck($_GET);
 	magicQuotesSuck($_COOKIE);
+}
+// default configuration values
-// default configuration values
+$wakkaConfig= array();
-$wakkaConfig= array();
+$_rewrite_mode = detectRewriteMode();
 $wakkaDefaultConfig = array(
 	'wakka_version'		=> '',
 	'wikini_version'	=> '',
 	"mysql_user"		=> "wikini",
-	"mysql_password"		=> '',
+	"mysql_password"	=> '',
 	"table_prefix"		=> "wikini_",
 	"root_page"			=> "PagePrincipale",
 	"wakka_name"		=> "MonSiteWikiNi",
-	"base_url"			=> "http://".$_SERVER["SERVER_NAME"].($_SERVER["SERVER_PORT"] != 80 ? ":".$_SERVER["SERVER_PORT"] : "").$_SERVER["REQUEST_URI"].(preg_match("/".preg_quote("wakka.php")."$/", $_SERVER["REQUEST_URI"]) ? "?wiki=" : ""),
+	"base_url"			=> computeBaseURL($_rewrite_mode),
-	"rewrite_mode"		=> (preg_match("/".preg_quote("wakka.php")."$/", $_SERVER["REQUEST_URI"]) ? "0" : "1"),
+	"rewrite_mode"		=> $_rewrite_mode,
 	'meta_keywords'		=> '',
 	'meta_description'	=> '',
 	"action_path"		=> "actions",
 	"handler_path"		=> "handlers",
 	"header_action"		=> "header",
 	"referrers_purge_time"	=> 24,
 	"pages_purge_time"	=> 90,
 	"default_write_acl"	=> "*",
 	"default_read_acl"	=> "*",
 	"default_comment_acl"	=> "*",
-	"menu_page"	 	=> "PageMenu",
+	"preview_before_save"	=> 0,
-	"preview_before_save"	=> "0");
+	'allow_raw_html'	=> false);
+unset($_rewrite_mode);
 // load config
 if (!$configfile = GetEnv("WAKKA_CONFIG")) $configfile = "wakka.config.php";
 if (file_exists($configfile)) include($configfile);
 	if (file_exists("setup/".$installAction.".php")) include("setup/".$installAction.".php"); else echo "<i>Invalid action</i>" ;
 	include("setup/footer.php");
 	exit;
+}
+// Check if the server is configured to automatically compress the output
+if (!ini_get('zlib.output_compression') && !ini_get('zlib.output_handler'))
+{
+	// Check if we can use ob_gzhandler (requires the zlib extension)
+	if (function_exists('ob_gzhandler'))
+	{
+		// let ob_gzhandler do the dirty job
+		// NB.: this must be done BEFORE session_start() when session.use_trans_sid is on
+		ob_start('ob_gzhandler');
+	}
+	// else lets do the dirty job by ourselves...
+	elseif (!empty($_SERVER['HTTP_ACCEPT_ENCODING']) && strstr($_SERVER['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('gzencode'))
+	{
+		ob_start ('gzencode');
+		// Tell the browser the content is compressed with gzip
+		header ("Content-Encoding: gzip");
+	}
+}
 // configuration du cookie de session
-//determine le chemin pour le cookie
+// determine le chemin pour les cookies
+$a = parse_url($wakkaConfig['base_url']);
+$CookiePath = dirname($a['path']);
+// Fixe la gestion des cookie sous les OS utilisant le \ comme s?parteur de chemin
-$a = parse_url($wakkaConfig['base_url']);
+$CookiePath = str_replace("\\","/",$CookiePath);
-$CookiePath = dirname($a['path']);
+// ajoute un '/' terminal sauf si on est ? la racine web
 if ($CookiePath != '/') $CookiePath .= '/';
 $a = session_get_cookie_params();
 session_set_cookie_params($a['lifetime'],$CookiePath);
 unset($a);
 unset($CookiePath);
 // start session
 session_start();
+// fetch wakka location
+if (empty($_REQUEST['wiki']))
+{
+	// redirect to the root page
-// fetch wakka location
+	header('Location: ' . $wakkaConfig['base_url'] . $wakkaConfig['root_page']);
-if (!isset($_REQUEST["wiki"])) $_REQUEST["wiki"] = '';
+	exit;
+}
-$wiki = $_REQUEST["wiki"];
+$wiki = $_REQUEST['wiki'];
+// remove leading slash
+$wiki = preg_replace("/^\//", "", $wiki);
+// split into page/method, checking wiki name & method name (XSS proof)
+if (preg_match('`^' . WN_TAG_HANDLER_CAPTURE . '$`', $wiki, $matches))
+{
+	list(, $page, $method) = $matches;
+}
+elseif (preg_match('`^' . WN_PAGE_TAG . '$`', $wiki))
+{
+	$page = $wiki;
 // remove leading slash
-$wiki = preg_replace("/^\//", "", $wiki);
+else
+{
-// split into page/method
+	echo "<p>Le nom de la page est incorrect.</p>";
-if (preg_match("#^(.+?)/([A-Za-z0-9_]*)$#", $wiki, $matches)) list(, $page, $method) = $matches;
+	exit;
-else if (preg_match("#^(.*)$#", $wiki, $matches)) list(, $page) = $matches;
+}
+// create wiki object
+$wiki = new Wiki($wakkaConfig);
+// check for database access
+if (!$wiki->dblink)
+{
-// create wiki object
+	echo	"<p>Pour des raisons ind&eacute;pendantes de notre volont&eacute;, ".
-$wiki = new Wiki($wakkaConfig);
-// check for database access
-if (!$wiki->dblink)
-{
-	echo "<p>Pour des raisons ind&eacute;pendantes de notre volont&eacute;, le contenu de ce Wiki est temporairement inaccessible. Veuillez r&eacute;essayer ult&eacute;rieurement, merci de votre compr&eacute;hension.</p>";
-	exit;
-}
-function compress_output($output)
-{
-	return gzencode($output);
-}
-// Check if the browser supports gzip encoding, HTTP_ACCEPT_ENCODING
-if (strstr ($HTTP_SERVER_VARS['HTTP_ACCEPT_ENCODING'], 'gzip') && function_exists('gzencode') )
-{
-	// Start output buffering, and register compress_output() (see
+		"le contenu de ce Wiki est temporairement inaccessible. Veuillez ".
-	// below)
+		"r&eacute;essayer ult&eacute;rieurement, merci de votre ".
+		"compr&eacute;hension.</p>";
-//	ob_start ("compress_output");
+	// Log error (useful to find the buggy server in a load balancing platform)
 	trigger_error("WikiNi : DB connection failed");
-	// Tell the browser the content is compressed with gzip
+	exit;
 //	header ("Content-Encoding: gzip");
-}
 // go!

Subversion Repositories Applications.wikini

(root)/trunk/api.php – Rev 43 → 45