Commit 5c22e1c1 authored by mose's avatar mose

Instant-Auto-Merge from BRANCH-1-9 to HEAD

parent c0a9ee62
This diff is collapsed.
......@@ -21,6 +21,7 @@ tiki/temp/topic.*
tiki/templates_c
tiki/templates_c/*%%*
tiki/templates_c/??
tiki/templates_c/??menu*
tiki/templates_c/_smarty_cached_paths
tiki/templates_c/cleancache.cmd
tiki/templates_c/preferences.php
......
......@@ -3,7 +3,6 @@ static
templates_c
var
.project
.htaccess
phpmyadmin
tiki-emptycache.php
project.index
<FilesMatch "\.(bak|inc|lib|sh|tpl|sql)$">
order deny,allow
deny from all
</FilesMatch>
\ No newline at end of file
......@@ -38,7 +38,7 @@ Step one: unpack the archive
Unpack the Tiki files to the document root of where you want Tiki installed, e.g. /var/www/tiki/
To unpack the bz2 file, use:
tar xjf tikiwiki-1.9.rc3.tar.bz2
tar xjf tikiwiki-1.9.dr4.tar.bz2
Step two: run setup.sh to set permissions
......
<?php
// $Header: /cvsroot/tikiwiki/tiki/article_image.php,v 1.11 2005-01-01 00:16:15 damosoft Exp $
// $Header: /cvsroot/tikiwiki/tiki/article_image.php,v 1.12 2005-01-22 22:54:52 mose Exp $
// Copyright (c) 2002-2005, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
// Licensed under the GNU LESSER GENERAL PUBLIC LICENSE. See license.txt for details.
# $Header: /cvsroot/tikiwiki/tiki/article_image.php,v 1.11 2005-01-01 00:16:15 damosoft Exp $
# $Header: /cvsroot/tikiwiki/tiki/article_image.php,v 1.12 2005-01-22 22:54:52 mose Exp $
// application to display an image from the database with
// option to resize the image dynamically creating a thumbnail on the fly.
if (!isset($_REQUEST["id"])) {
die;
}
include_once ('lib/init/initlib.php');
include_once ('db/tiki-db.php');
include_once ('tiki-setup_base.php');
$topiccachefile = "temp";
if ($tikidomain) { $topiccachefile.= "/$tikidomain"; }
......@@ -27,8 +28,6 @@ if (is_file($topiccachefile) and (!isset($_REQUEST["reload"]))) {
readfile($topiccachefile);
die();
} else {
include_once ('lib/tikilib.php');
$tikilib = new Tikilib($dbTiki);
$data = $tikilib->get_article_image($_REQUEST["id"]);
$type = $data["image_type"];
$data = $data["image_data"];
......
<FilesMatch "*">
order deny,allow
deny from all
</FilesMatch>
\ No newline at end of file
TikiWiki Changelog
------------------
$Header: /cvsroot/tikiwiki/tiki/changelog.txt,v 1.164 2004-09-08 19:51:49 mose Exp $
$Header: /cvsroot/tikiwiki/tiki/changelog.txt,v 1.165 2005-01-22 22:54:52 mose Exp $
All developers are invited to add relevant changes in that file as they
apply them to the CVS source. You can optionally include an identifer
......@@ -199,6 +199,34 @@ Version 1.9
* [NEW] plugin ATTACH to list attachements on a wiki page
* [MOD] Avoid sending user back to registration page on first login
Version 1.8.5 - Polaris -
<http://tikiwiki.org/ReleaseProcess185>
* [FIX] Header redirections now die; afterwards to prevent other code being
executed.
* [FIX] More Path Disclosure fixes
* [FIX] Remove the old password from being displayed on the tiki-change_password
routine.
* [NEW] Tiki security admin, a control panel to check internal tiki security
settings and tiki files integrity.
* [NEW] Added .htaccess files to most directories to disallow direct access
* [FIX] Remove file from temp after upload
* [FIX] More secure map uploads
* [MOD] Latest ADODB for MySQL 4.1 support
* [FIX] Wiki renaming fixes and enhancements
* [NEW] moves custom permissions and user watches.
* [FIX] Email notifications and theme control objects.
* [FIX] WikiSyntax : Definition list "eats" character
* [FIX] version in the diff of a wiki page changed notification to the previous
message not the current"
* [FIX] forum post notification with the right url
* [FIX] monthview on year change
* [FIX] fixed content disclosure through user watches.
* [FIX] filename check in map editing code.
* [FIX] REQUEST variable sanitation now works.
* [FIX] fixed the check on filename uploaded on wiki pages
* [FIX] fixed check of filename for upload_image
* [FIX] fixed the article submission image id sanity
Version 1.8.4 - Polaris -
<http://tikiwiki.org/ReleaseProcess184>
* [FIX] individual wiki page permissions could be bypassed
......
<?php
// $Header: /cvsroot/tikiwiki/tiki/comments.php,v 1.46 2005-01-01 00:16:15 damosoft Exp $
// $Header: /cvsroot/tikiwiki/tiki/comments.php,v 1.47 2005-01-22 22:54:52 mose Exp $
// Copyright (c) 2002-2005, Luis Argerich, Garland Foster, Eduardo Polidor, et. al.
// All Rights Reserved. See copyright.txt for details and a complete list of authors.
......@@ -72,7 +72,7 @@ if (!isset($_REQUEST['comments_threshold'])) {
$smarty->assign('comments_threshold', $_REQUEST['comments_threshold']);
// This sets up comments father as the father
$comments_parsed = parse_url(httpPrefix().$_SERVER["REQUEST_URI"]);
$comments_parsed = parse_url($tikilib->httpPrefix().$_SERVER["REQUEST_URI"]);
/*
print "<pre>";
print_r( $comments_parsed );
......@@ -85,7 +85,7 @@ if (!isset($comments_parsed["query"])) {
}
parse_str($comments_parsed["query"], $comments_query);
$comments_father = httpPrefix(). $comments_parsed["path"];
$comments_father = $tikilib->httpPrefix(). $comments_parsed["path"];
$comments_complete_father = $comments_father;
/*
......@@ -142,6 +142,8 @@ if (!isset($_REQUEST[$comments_object_var])) {
$comments_objectId = $comments_prefix_var . $_REQUEST["$comments_object_var"];
$message_id = '';
$in_reply_to = '';
// Process a post form here
if ($tiki_p_post_comments == 'y') {
if (isset($_REQUEST["comments_postComment"])) {
......@@ -175,7 +177,7 @@ if ($tiki_p_post_comments == 'y') {
$parent_id = $_REQUEST["comments_parentId"];
}
$commentslib->post_new_comment($comments_objectId, $parent_id,
$qId = $commentslib->post_new_comment($comments_objectId, $parent_id,
$user,
$_REQUEST["comments_title"],
$_REQUEST["comments_data"],
......@@ -185,16 +187,73 @@ if ($tiki_p_post_comments == 'y') {
$_REQUEST["comments_reply_threadId"] = 0;
$smarty->assign("comments_reply_threadId", 0); // without the flag
} else {
$qId = $_REQUEST["comments_threadId"];
if ($tiki_p_edit_comments == 'y') {
$commentslib->update_comment($_REQUEST["comments_threadId"], $_REQUEST["comments_title"],
$_REQUEST["comment_rating"], $_REQUEST["comments_data"]);
}
}
$object = explode(':', $comments_objectId );
if( $object[0] == 'forum' )
{
// Deal with attachment
if (($forum_info['att'] == 'att_all'
|| ($forum_info['att'] == 'att_admin' && $tiki_p_admin_forum == 'y')
|| ($forum_info['att'] == 'att_perm' && $tiki_p_forum_attach == 'y'))
&& isset($_FILES['userfile1']) && is_uploaded_file($_FILES['userfile1']['tmp_name'])){
$fp = fopen($_FILES['userfile1']['tmp_name'], "rb");
$data = '';
$fhash = '';
if ($forum_info['att_store'] == 'dir') {
$name = $_FILES['userfile1']['name'];
$fhash = md5(uniqid('.'));
// Just in case the directory doesn't have the trailing slash
if (substr($forum_info['att_store_dir'], strlen($forum_info['att_store_dir']) - 1, 1) == '\\') {
$forum_info['att_store_dir'] = substr($forum_info['att_store_dir'],
0, strlen($forum_info['att_store_dir']) - 1). '/';
} elseif (
substr($forum_info['att_store_dir'], strlen($forum_info['att_store_dir']) - 1, 1) != '/') {
$forum_info['att_store_dir'] .= '/';
}
@$fw = fopen($forum_info['att_store_dir'] . $fhash, "wb");
if (!$fw) {
$smarty->assign('msg', tra('Cannot write to this file:'). $fhash);
$smarty->display("error.tpl");
die;
}
}
while (!feof($fp)) {
if ($forum_info['att_store'] == 'db') {
$data .= fread($fp, 8192 * 16);
} else {
$data = fread($fp, 8192 * 16);
fwrite($fw, $data);
}
}
fclose ($fp);
if ($forum_info['att_store'] == 'dir') {
fclose ($fw);
$data = '';
}
$size = $_FILES['userfile1']['size'];
$name = $_FILES['userfile1']['name'];
$type = $_FILES['userfile1']['type'];
if ($size > $forum_info['att_max_size']) {
$smarty->assign('msg', tra('Cannot upload this file maximum upload size exceeded'));
$smarty->display("error.tpl");
die;
}
$commentslib->attach_file($qId, 0, $name, $type, $size, $data,
$fhash, $forum_info['att_store_dir'], $_REQUEST['forumId']);
} /* attachment */
// Deal with mail notifications.
include_once('lib/notifications/notificationemaillib.php');
sendForumEmailNotification('forum_post_thread',
......@@ -220,14 +279,14 @@ if ($tiki_p_post_comments == 'y') {
$smarty->assign('mail_comment', $_REQUEST["comments_data"]);
$smarty->assign('mail_hash', $not['hash']);
$foo = parse_url($_SERVER["REQUEST_URI"]);
$machine = httpPrefix(). dirname( $foo["path"] );
$machine = $tikilib->httpPrefix(). dirname( $foo["path"] );
$smarty->assign('mail_machine', $machine);
$parts = explode('/', $foo['path']);
if (count($parts) > 1)
unset ($parts[count($parts) - 1]);
$smarty->assign('mail_machine_raw', httpPrefix(). implode('/', $parts));
$smarty->assign('mail_machine_raw', $tikilib->httpPrefix(). implode('/', $parts));
$mail = new TikiMail();
}
global $language;// TODO: optimise by grouping user by language
......
<FilesMatch "*">
order deny,allow
deny from all
</FilesMatch>
\ No newline at end of file
#!/bin/sh
# $Header: /cvsroot/tikiwiki/tiki/db/convertscripts/convertsqls.sh,v 1.6 2004-07-15 19:29:08 teedog Exp $
# $Header: /cvsroot/tikiwiki/tiki/db/convertscripts/convertsqls.sh,v 1.7 2005-01-22 22:55:00 mose Exp $
VERSION="1.10"
if [ -z $1 ]; then
echo "Usage: ./convertscript.sh <host>"
echo "Usage: ./convertscript.sh <host> <tikiversion>"
echo " where <host> is the virtualhost/root/ for your tiki"
echo " and <tikiversion> is the tikiwiki version (automatically set to $VERSION if omitted)"
exit 0
fi
TIKISERVER=$1
VERSION="1.10"
if [ "$2" ] ; then
VERSION=$2
fi
wget -O pgsql72..sql.tmp "http://$TIKISERVER/db/convertscripts/mysql3topgsql72.php?version=$VERSION"
cp ../tiki.sql ../tiki-$VERSION-mysql.sql
/* the scripts use mysql.sql */
wget -O pgsql72.sql.tmp "http://$TIKISERVER/db/convertscripts/mysql3topgsql72.php?version=$VERSION"
wget -O sybase.sql.tmp "http://$TIKISERVER/db/convertscripts/mysql3tosybase.php?version=$VERSION"
wget -O sqlite.sql.tmp "http://$TIKISERVER/db/convertscripts/mysql3tosqlite.php?version=$VERSION"
wget -O oci8.sql.tmp "http://$TIKISERVER/db/convertscripts/mysql3tooci8.php?version=$VERSION"
rm -f *.sql.tmp
rm -f ../tiki-$VERSION-*.sql
rm -f ../tiki-$VERSION-pgsql.sql ../tiki-$VERSION-sybase.sql ../tiki-$VERSION-sqlite.sql ../tiki-$VERSION-oci8.sql
cp ../tiki.sql ../tiki-$VERSION-mysql.sql
mv $VERSION.to_pgsql72.sql ../tiki-$VERSION-pgsql.sql
mv $VERSION.to_sybase.sql ../tiki-$VERSION-sybase.sql
mv $VERSION.to_sqlite.sql ../tiki-$VERSION-sqlite.sql
......
<?php
if (isset($_GET['version'])) {
$version = $_GET['version'];
$tikiversion='1.9';
if(!isset($_GET['version'])) {
echo "version not given. Using default $tikiversion.<br />";
} else {
$version = 'last';
if(preg_match('/\d\.\d/',$_GET['version'])) {
$tikiversion=$_GET['version'];
}
}
// read file
$file="../tiki.sql";
$file="../tiki-$tikiversion-mysql.sql";
@$fp = fopen($file,"r");
if(!$fp) echo "Error opening $file";
$data = '';
......@@ -25,7 +29,7 @@ $statements=preg_split("#(;\n)|(;\r\n)#",$data);
echo "<table>\n";
// step though statements
$fp=fopen($version.".to_oci8.sql","w");
$fp=fopen($tikiversion.".to_oci8.sql","w");
foreach ($statements as $statement)
{
echo "<tr><td><pre>\n";
......@@ -75,9 +79,9 @@ function parse($stmt)
// convert enums
$stmt=preg_replace("/\n[ \t]+(\"[a-zA-Z0-9_]+\") enum\(([^\)]+)\)/e","convert_enums('$1','$2')",$stmt);
// Oracle wants to have "default ... NOT NULL" not "NOT NULL default ..."
$stmt=preg_replace("/(.+)(NOT NULL) (default.+),/","$1$3 $2,",$stmt);
$stmt=preg_replace("/(.+)(NOT NULL) (default.+),/i","$1$3 $2,",$stmt);
// same with other constraints
$stmt=preg_replace("/(.+)(CHECK.+) (default.+),/","$1$3 $2,",$stmt);
$stmt=preg_replace("/(.+)(CHECK.+) (default.+),/i","$1$3 $2,",$stmt);
// quote column names in primary keys
$stmt=preg_replace("/\n[ \t]+(PRIMARY KEY) \((.+)\),*/e","quote_prim_cols('$1','$2')",$stmt);
......
<?php
if (isset($_GET['version'])) {
$version = $_GET['version'];
$tikiversion='1.9';
if(!isset($_GET['version'])) {
echo "version not given. Using default $tikiversion.<br />";
} else {
$version = 'last';
if(preg_match('/\d\.\d/',$_GET['version'])) {
$tikiversion=$_GET['version'];
}
}
// read file
$file="../tiki.sql";
$file="../tiki-$tikiversion-mysql.sql";
@$fp = fopen($file,"r");
if(!$fp) echo "Error opening $file";
$data = '';
......@@ -25,7 +30,7 @@ $statements=preg_split("#(;\n)|(;\r\n)#",$data);
echo "<table>\n";
// step though statements
$fp=fopen($version.".to_pgsql72.sql","w");
$fp=fopen($tikiversion.".to_pgsql72.sql","w");
foreach ($statements as $statement)
{
echo "<tr><td><pre>\n";
......
<?php
if (isset($_GET['version'])) {
$version = $_GET['version'];
$tikiversion='1.9';
if(!isset($_GET['version'])) {
echo "version not given. Using default $tikiversion.<br />";
} else {
$version = 'last';
if(preg_match('/\d\.\d/',$_GET['version'])) {
$tikiversion=$_GET['version'];
}
}
// read file
$file="../tiki.sql";
$file="../tiki-$tikiversion-mysql.sql";
@$fp = fopen($file,"r");
if(!$fp) echo "Error opening $file";
$data = '';
......@@ -25,7 +29,7 @@ $statements=preg_split("#(;\n)|(;\r\n)#",$data);
echo "<table>\n";
// step though statements
$fp=fopen($version.".to_sqlite.sql","w");
$fp=fopen($tikiversion.".to_sqlite.sql","w");
foreach ($statements as $statement)
{
echo "<tr><td><pre>\n";
......
<?php
if (isset($_GET['version'])) {
$version = $_GET['version'];
$tikiversion='1.9';
if(!isset($_GET['version'])) {
echo "version not given. Using default $tikiversion.<br />";
} else {
$version = 'last';
if(preg_match('/\d\.\d/',$_GET['version'])) {
$tikiversion=$_GET['version'];
}
}
// read file
$file="../tiki.sql";
$file="../tiki-$tikiversion-mysql.sql";
@$fp = fopen($file,"r");
if(!$fp) echo "Error opening $file";
$data = '';
......@@ -25,7 +29,7 @@ $statements=preg_split("#(;\n)|(;\r\n)#",$data);
echo "<table>\n";
// step though statements
$fp=fopen($version.".to_sybase.sql","w");
$fp=fopen($tikiversion.".to_sybase.sql","w");
fwrite($fp,"set quoted_identifier on\ngo\n\n");
foreach ($statements as $statement)
{
......@@ -76,17 +80,17 @@ function parse($stmt)
// convert enums
$stmt=preg_replace("/\n[ \t]+(\"[a-zA-Z0-9_]+\") enum\(([^\)]+)\)/e","convert_enums('$1','$2')",$stmt);
// Oracle wants to have "default ... NOT NULL" not "NOT NULL default ..."
$stmt=preg_replace("/(.+)(NOT NULL) (default.+),/","$1$3 $2,",$stmt);
$stmt=preg_replace("/(.+)(NOT NULL) (default.+),/i","$1$3 $2,",$stmt);
// sybase is strange. a default null does not say, that you may insert
// null values! you have to user default null null
$stmt=preg_replace("/(.+)(default NULL)(.+)/","$1$2 NULL$3",$stmt);
$stmt=preg_replace("/(.+)(default NULL)(.+)/i","$1$2 NULL$3",$stmt);
// and sybase wants default values everywhere
// else it will try to insert NULL values
// what fails if we don't have default null null set :-(
$stmt=preg_replace("/\n[ \t]+(\"[a-zA-Z0-9_]+\") (text|varchar\([0-9]+\)|image),/","\n $1 $2 default '',",$stmt);
$stmt=preg_replace("/\n[ \t]+(\"[a-zA-Z0-9_]+\") (numeric\([0-9]+,[0-9]+\)),/","\n $1 $2 default NULL NULL,",$stmt);
// same with other constraints
$stmt=preg_replace("/(.+)(CHECK.+) (default.+),/","$1$3 $2,",$stmt);
$stmt=preg_replace("/(.+)(CHECK.+) (default.+),/i","$1$3 $2,",$stmt);
// quote column names in primary keys
$stmt=preg_replace("/\n[ \t]+(PRIMARY KEY) \((.+)\),*/e","quote_prim_cols('$1','$2')",$stmt);
......
# BasicEnabled profile for easy use
# $Header: /cvsroot/tikiwiki/tiki/db/profiles/BasicEnabled.prf,v 1.8 2004-09-08 19:51:55 mose Exp $
REPLACE INTO tiki_calendars VALUES (1,'Public','Public calendar','admin','n','n','n','n','n',1072170381,1072170381);
# $Header: /cvsroot/tikiwiki/tiki/db/profiles/BasicEnabled.prf,v 1.9 2005-01-22 22:55:00 mose Exp $
REPLACE INTO tiki_calendars VALUES (1,'Public','Public calendar','admin','n','n','n','n','n','n',1072170381,1072170381,'n');
REPLACE INTO tiki_modules VALUES ('application_menu','l',1,'P','',0,0,'','a:1:{i:0;s:9:\"Anonymous\"\;}');
REPLACE INTO tiki_modules VALUES ('login_box','r',1,'P','',0,0,'','a:1:{i:0;s:9:\"Anonymous\"\;}');
REPLACE INTO tiki_preferences VALUES ('allowRegister','y');
......
This diff is collapsed.
# $Id: tiki_1.7to1.8.sql,v 1.107 2004-05-01 01:06:20 damosoft Exp $
# $Id: tiki_1.7to1.8.sql,v 1.108 2005-01-22 22:54:59 mose Exp $
# The following script will update a tiki database from verion 1.7 to 1.8
#
......@@ -896,3 +896,7 @@ ALTER TABLE tiki_mailin_accounts ADD anonymous CHAR(1) NOT NULL DEFAULT 'y';
# added on 2004-03-26 by baptiste (adding attachments handling to the mail-in feature)
ALTER TABLE tiki_mailin_accounts ADD attachments CHAR(1) NOT NULL DEFAULT 'n';
# 2004-12-16 sylvieg
ALTER TABLE tiki_blog_posts drop KEY ft;
ALTER TABLE tiki_blog_posts ADD FULLTEXT KEY ft(data, title);
ALTER TABLE tiki_blog_posts MODIFY data_size int(11) unsigned NOT NULL default '0';
This diff is collapsed.
#Tiki configuration to secure tiki with apache
#include this file from your main httpd configuration file
<DirectoryMatch */tiki>
options -ExecCGI
<FilesMatch "\.(bak|inc|lib|sh|tpl|sql|pl|cgi)$">
order deny,allow
deny from all
</FilesMatch>
</DirectoryMatch>
<DirectoryMatch */tiki/lang >
<FilesMatch "*">
order deny,allow
deny from all