diff --git a/src/controllers/components/SocialComponent.php b/src/controllers/components/SocialComponent.php index afcf62744..15a077e5e 100644 --- a/src/controllers/components/SocialComponent.php +++ b/src/controllers/components/SocialComponent.php @@ -1497,11 +1497,12 @@ EOD; }else { $data["MODE"] = "read"; } - if (!$group) { - if ($data['MODE'] !== 'api'){ + if (!$group || !isset($group["OWNER_ID"])) { + if ($data['MODE'] !== 'api') { + $_REQUEST = ['c' => "search", 'a' => '', C\CSRF_TOKEN => ''];; return $parent->redirectWithMessage( tl("social_component_no_group_access")); - }else{ + } else { $data['errors'] = []; $data['errors'][] = tl("social_component_no_group_access"); } diff --git a/src/index.php b/src/index.php index 4ff338fec..58edfb303 100755 --- a/src/index.php +++ b/src/index.php @@ -272,6 +272,16 @@ function routeFeeds($route_args) $handled = true; if (isset($route_args[1]) && $route_args[1] == intval($route_args[1])) { $_REQUEST['c'] = "group"; + if (!empty($route_args[2])) { + $_REQUEST['a'] = 'wiki'; + if ($route_args[2] == 'pages') { + $_REQUEST['arg'] = 'pages'; + $_REQUEST['route']['arg'] = true; + } else { + $_REQUEST['page_name'] = $route_args[2]; + $_REQUEST['route']['page_name'] = true; + } + } $_REQUEST['a'] = (isset($_REQUEST['a']) && $_REQUEST['a'] == 'wiki') ? $_REQUEST['a'] : "groupFeeds"; $_REQUEST['route']['c'] = true; @@ -378,9 +388,21 @@ function routeController($route_args) { $_REQUEST['c'] = $route_args[0]; $_REQUEST['route']['c'] = true; - if (isset($route_args[1])) { + if (isset($route_args[1]) && intval($route_args[1]) == $route_args[1]) { if(isset($_REQUEST['a']) && $_REQUEST['a'] == 'wiki') { $_REQUEST['group_id'] = $route_args[1]; + } else if (!empty($route_args[2])) { + $_REQUEST['a'] = 'wiki'; + $_REQUEST['group_id'] = $route_args[1]; + if ($route_args[2] == 'pages') { + $_REQUEST['arg'] = 'pages'; + $_REQUEST['route']['arg'] = true; + } else { + $_REQUEST['page_name'] = $route_args[2]; + $_REQUEST['route']['page_name'] = true; + } + $_REQUEST['route']['page_name'] = true; + $_REQUEST['route']['a'] = true; } else { $_REQUEST['a'] = 'groupFeeds'; $_REQUEST['just_group_id'] = $route_args[1]; @@ -538,37 +560,39 @@ function routeWiki($route_args) function wikiUrl($name, $with_delim = false, $controller = "static", $id = C\PUBLIC_GROUP_ID) { + $q = ($with_delim) ? "?" : ""; + $a = ($with_delim) ? "&" : ""; $is_static = ($controller == "static"); - $delim = ($with_delim) ? "&" : ""; if (C\REDIRECTS_ON) { + $q = ($with_delim) ? "?" : ""; if($is_static) { if($name == "") { - $name = "main"; + $name = "Main"; } - $delim = ($with_delim) ? "?" : ""; - return C\BASE_URL ."p/$name$delim"; + return C\BASE_URL ."p/$name$q"; } else { - $page = ($name== "") ? "" : "&page_name=$name"; + $page = ($name== "") ? "?a=wiki$a" : "/$name$q"; return C\BASE_URL . - $controller . "/$id?a=wiki$page$delim"; + $controller . "/$id$page"; } } else { + $delim = ($with_delim) ? "&" : ""; if ($name == 'pages') { if ($is_static) { $controller = $group; } return C\BASE_URL . - "?c=$controller&a=wiki&arg=pages&group_id=$id$delim"; + "?c=$controller&a=wiki&arg=pages&group_id=$id$a"; } else { if ($is_static) { if($name == "") { $name = "main"; } - return C\BASE_URL . "?c=static&p=$name$delim"; + return C\BASE_URL . "?c=static&p=$name$a"; } else { $page = ($name== "") ? "" : "&page_name=$name"; return C\BASE_URL . - "?c=$controller&a=wiki&group_id=$id$page$delim"; + "?c=$controller&a=wiki&group_id=$id$page$a"; } } } diff --git a/src/views/RecoverView.php b/src/views/RecoverView.php index db14140b8..958cbcf0a 100644 --- a/src/views/RecoverView.php +++ b/src/views/RecoverView.php @@ -66,9 +66,9 @@ class RecoverView extends View ?> <div class="landing non-search"> <div class="small-top"> - <h1 class="logo"><a href="./?<?= + <h1 class="logo"><a href="<?=C\BASE_URL ?>?<?= C\CSRF_TOKEN."=".$data[C\CSRF_TOKEN] ?>"><img - src="<?php e($logo); ?>" alt="<?= $this->logo_alt_text + src="<?= C\BASE_URL . $logo ?>" alt="<?= $this->logo_alt_text ?>"/></a><span> - <?= tl('recover_view_recover_password') ?></span></h1> <form method="post"> diff --git a/src/views/RegisterView.php b/src/views/RegisterView.php index de1d6d03b..9fe4a68d3 100755 --- a/src/views/RegisterView.php +++ b/src/views/RegisterView.php @@ -149,8 +149,8 @@ class RegisterView extends View ?> <div class="landing non-search"> <div class="small-top"> - <h1 class="logo"><a href="./?<?= $append_url ?>"><img - src="<?= $logo ?>" alt="<?= $this->logo_alt_text + <h1 class="logo"><a href="<?=C\BASE_URL ?>?<?= $append_url ?>"><img + src="<?= C\BASE_URL . $logo ?>" alt="<?= $this->logo_alt_text ?>" /></a><span> - <?=tl('register_view_create_account') ?></span></h1> <?php diff --git a/src/views/SettingsView.php b/src/views/SettingsView.php index 6237caa0b..9cc74e365 100755 --- a/src/views/SettingsView.php +++ b/src/views/SettingsView.php @@ -60,9 +60,9 @@ class SettingsView extends View } ?> <div class="landing non-search"> -<h1 class="logo"><a href="./?<?php if ($logged_in) { +<h1 class="logo"><a href="<?=C\BASE_URL ?>?<?php if ($logged_in) { e(C\CSRF_TOKEN."=".$data[C\CSRF_TOKEN]. "&"); - } ?>its=<?= $data['its']?>"><img src="<?=$logo ?>" alt="<?= + } ?>its=<?= $data['its']?>"><img src="<?=C\BASE_URL . $logo ?>" alt="<?= $this->logo_alt_text ?>" /></a><span> - <?= tl('settings_view_settings') ?></span> </h1> diff --git a/src/views/SigninView.php b/src/views/SigninView.php index 122b1a33a..a51b43c52 100755 --- a/src/views/SigninView.php +++ b/src/views/SigninView.php @@ -62,9 +62,10 @@ class SigninView extends View $logo = C\M_LOGO; }?> <div class="landing non-search"> - <h1 class="logo"><a href="./<?php if ($logged_in) { + <h1 class="logo"><a href="<?=C\BASE_URL ?><?php if ($logged_in) { e('?'.C\CSRF_TOKEN."=".$data[C\CSRF_TOKEN]); - }?>"><img src="<?=$logo ?>" alt="<?= $this->logo_alt_text + }?>"><img src="<?=C\BASE_URL . + $logo ?>" alt="<?= $this->logo_alt_text ?>" /></a><span> - <?=tl('signin_view_signin') ?></span></h1> <?php if (isset($data['AUTH_ITERATION'])) { ?> <form method="post" id="zkp-form" diff --git a/src/views/SuggestView.php b/src/views/SuggestView.php index 5192de443..ce93b7182 100644 --- a/src/views/SuggestView.php +++ b/src/views/SuggestView.php @@ -65,8 +65,8 @@ class SuggestView extends View ?> <div class="landing non-search"> <div class="small-top"> - <h1 class="logo"><a href="./?<?= $append_url ?>"><img - src="<?= $logo ?>" alt="<?= $this->logo_alt_text + <h1 class="logo"><a href="<?= C\BASE_URL . $append_url ?>"><img + src="<?= C\BASE_URL . $logo ?>" alt="<?= $this->logo_alt_text ?>"/></a><span> - <?=tl('suggest_view_suggest_url') ?></span></h1> <p class="center"><?= tl('suggest_view_instructions') ?></p> diff --git a/src/views/WikiView.php b/src/views/WikiView.php index 40a9214cc..ec32cec12 100644 --- a/src/views/WikiView.php +++ b/src/views/WikiView.php @@ -63,13 +63,10 @@ class WikiView extends View isset($data['PAGE_HEADER']) && $data['PAGE_HEADER'] && isset($data["HEAD"]['page_type']) && $data["HEAD"]['page_type'] != 'presentation'; - $base_query = htmlentities(B\wikiUrl("", true, "group", - $data["GROUP"]["GROUP_ID"])); $feed_base_query = B\feedsUrl("group", $data["GROUP"]["GROUP_ID"], true, "group"); $token_string = ($logged_in) ? C\CSRF_TOKEN."=". $data[C\CSRF_TOKEN] : ""; - $base_query .= $token_string; $feed_base_query .= $token_string; if (C\MOBILE) { $logo = C\M_LOGO; @@ -101,16 +98,21 @@ class WikiView extends View ?></span></li> <?php } else { + $page_name = ($name == 'pages') ? 'pages' : + $data['PAGE_NAME']; + $arg = ($name == 'edit') ? '&arg=' . $name : ""; $append = ""; - if ($name != 'pages') { - $append = '&page_name='. $data['PAGE_NAME']; + if (isset($_REQUEST['noredirect'])) { + $append .= '&noredirect=true'; } if (isset($data['OTHER_BACK_URL'])) { $append .= $data['OTHER_BACK_URL']; } ?> - <li class="outer"><a href="<?php e($base_query . - '&arg='.$name.$append); ?>"><?= + <li class="outer"><a href="<?=htmlentities(B\wikiUrl( + $page_name, true, $data['CONTROLLER'], + $data["GROUP"]["GROUP_ID"])) . $token_string . + $arg . $append ?>"><?= $translation ?></a></li> <?php } diff --git a/src/views/elements/GroupfeedElement.php b/src/views/elements/GroupfeedElement.php index 5ab29dc9e..f3728eafc 100644 --- a/src/views/elements/GroupfeedElement.php +++ b/src/views/elements/GroupfeedElement.php @@ -154,7 +154,8 @@ class GroupfeedElement extends Element implements CrawlConstants e( $data['SUBTITLE']); e(" [".tl('groupfeed_element_feed')."|". "<a href='". htmlentities(B\wikiUrl( - "", true, $data['CONTROLLER'], $data['JUST_GROUP_ID'])). + "Main", true, $data['CONTROLLER'], + $data['JUST_GROUP_ID'])). $token_string . "'>" . tl('group_view_wiki') . "</a>]"); } else if (isset($data['JUST_USER_ID'])) { diff --git a/src/views/elements/ManageaccountElement.php b/src/views/elements/ManageaccountElement.php index e8a5fa199..feb387517 100755 --- a/src/views/elements/ManageaccountElement.php +++ b/src/views/elements/ManageaccountElement.php @@ -63,8 +63,8 @@ class ManageaccountElement extends Element $edit_or_no_url = $base_url .( (isset($data['EDIT_USER'])) ? "&edit=false":"&edit=true"); $edit_or_no_text = tl('manageaccount_element_edit_or_no_text'); - $edit_or_no_img = (isset($data['EDIT_USER'])) ? - "resources/unlocked.png" : "resources/locked.png"; + $edit_or_no_img = C\BASE_URL . ((isset($data['EDIT_USER'])) ? + "resources/unlocked.png" : "resources/locked.png"); $password_or_no_url = $base_url .( (isset($data['EDIT_PASSWORD'])) ? "&edit_pass=false": "&edit_pass=true"); @@ -219,7 +219,7 @@ class ManageaccountElement extends Element <div><b><a href="<?=htmlentities(B\feedsUrl("group", $group['GROUP_ID'], true, "admin")) . $token ?>" rel="nofollow"><?=$group['GROUP_NAME'] - ?></a> [<a href="<?=htmlentities(B\wikiUrl("", true, + ?></a> [<a href="<?=htmlentities(B\wikiUrl("Main", true, "admin", $group['GROUP_ID'])) . $token ?>"><?= tl('manageaccount_element_group_wiki')?></a>] (<?= diff --git a/src/views/elements/ManagegroupsElement.php b/src/views/elements/ManagegroupsElement.php index 689d0c01f..406de001a 100755 --- a/src/views/elements/ManagegroupsElement.php +++ b/src/views/elements/ManagegroupsElement.php @@ -51,6 +51,7 @@ class ManagegroupsElement extends Element public function render($data) { $admin_url = htmlentities(B\controllerUrl('admin', true)); + $token_string = C\CSRF_TOKEN."=".$data[C\CSRF_TOKEN]; ?> <div class="current-activity" > <?php @@ -90,7 +91,7 @@ class ManagegroupsElement extends Element <th colspan='2'><?=tl('managegroups_element_actions') ?></th> </tr> <?php - $group_url = $admin_url.C\CSRF_TOKEN."=".$data[C\CSRF_TOKEN]; + $group_url = $admin_url . $token_string; $base_url = $group_url . "&a=manageGroups"; $wiki_url = $group_url . "&a=wiki&group_id="; $group_url .= "&a=groupFeeds&just_group_id="; @@ -208,7 +209,9 @@ class ManagegroupsElement extends Element $group["OWNER_ID"] == $_SESSION['USER_ID'])) { e("<td><a href='".$group_url.$group['GROUP_ID']."' >". $group_column."</a> [<a href=\"" - . $wiki_url. $group['GROUP_ID'] ."\">" + . htmlentities(B\wikiUrl("Main", true, + "admin", $group['GROUP_ID'])) . + $token_string ."\">" . (tl('manageaccount_element_group_wiki')) . "</a>]</td>"); } else { diff --git a/src/views/elements/WikiElement.php b/src/views/elements/WikiElement.php index d547ac6d2..a1916d75b 100644 --- a/src/views/elements/WikiElement.php +++ b/src/views/elements/WikiElement.php @@ -136,7 +136,7 @@ class WikiElement extends Element implements CrawlConstants <h2><?= $data['GROUP']['GROUP_NAME']. "[<a href='". htmlentities( B\feedsUrl("group", $data["GROUP"]["GROUP_ID"], - true, "group")) . $csrf_token."'>" . + true, $data["CONTROLLER"])) . $csrf_token."'>" . tl('groupfeed_element_feed'). "</a>|".tl('wiki_view_wiki')."]" ?></h2> <div class="top-margin"><b> @@ -161,18 +161,19 @@ class WikiElement extends Element implements CrawlConstants ?></span><?php } else { $append = ""; - if ($name != 'pages') { - $append = '&page_name=' . $data['PAGE_NAME']; - if (isset($_REQUEST['noredirect'])) { - $append .= '&noredirect=true'; - } + $page_name = ($name == 'pages') ? + 'pages' : $data['PAGE_NAME']; + $arg = ($name == 'edit') ? '&arg=' . $name : ""; + if (isset($_REQUEST['noredirect'])) { + $append .= '&noredirect=true'; } if (isset($data['OTHER_BACK_URL'])) { $append .= $data['OTHER_BACK_URL']; } - e($bar); ?><a href="<?=$base_query . - '&arg=' . $name . $append - ?>"><?php + e($bar); ?><a href="<?=htmlentities(B\wikiUrl( + $page_name, true, $data['CONTROLLER'], + $data["GROUP"]["GROUP_ID"])) . $csrf_token . + $arg . $append ?>"><?php e($translation); ?></a><?php } $bar = "|"; @@ -615,12 +616,12 @@ class WikiElement extends Element implements CrawlConstants { $token_string = ($logged_in) ? C\CSRF_TOKEN."=". $data[C\CSRF_TOKEN] : ""; - $base_query = B\wikiUrl("", true, $data['CONTROLLER'], - $data["GROUP"]["GROUP_ID"]) . $token_string; - $create_query = $base_query . "&arg=edit&page_name=" . - $data["FILTER"]; - $paging_query = $base_query . "&arg=pages"; - $base_query .= "&arg=read"; + $group_id = $data["GROUP"]["GROUP_ID"]; + $controller = $data['CONTROLLER']; + $create_query = htmlentities(B\wikiUrl($data["FILTER"], true, + $controller, $group_id)) . $token_string . "&arg=edit"; + $paging_query = htmlentities(B\wikiUrl("pages", true, $controller, + $group_id)) . $token_string; ?><h2><?=tl("wiki_view_wiki_page_list", $data["GROUP"]["GROUP_NAME"]) ?></h2><?php ?> @@ -641,7 +642,7 @@ class WikiElement extends Element implements CrawlConstants </form> <?php if ($data["FILTER"] != "") { - ?><a href='$create_query'><?=tl("wiki_view_create_page", + ?><a href='<?= $create_query ?>'><?=tl("wiki_view_create_page", $data['FILTER']) ?></a><?php } ?> @@ -653,16 +654,17 @@ class WikiElement extends Element implements CrawlConstants Model::MIN_SNIPPET_LENGTH) ? "..." : ""; if ($page['TYPE'] == 'page_alias' && isset($page['ALIAS'])) { $page["DESCRIPTION"] = tl('wiki_element_redirect_to'). - " <a href='$base_query&". - "page_name={$page['ALIAS']}'>{$page['ALIAS']}</a>"; + " <a href='".htmlentities(B\wikiUrl($page['ALIAS'], + true, $controller, $group_id)) . $token_string . + "'>{$page['ALIAS']}</a>"; } else { $page["DESCRIPTION"] = strip_tags($page["DESCRIPTION"]); } ?> <div class='group-result'> - <a href="<?= $base_query.'&page_name='. - $page['TITLE'] ?>&noredirect=true" ><?= - $page["TITLE"] ?></a></br /> + <a href="<?= htmlentities(B\wikiUrl($page['TITLE'], + true, $controller, $group_id)) . $token_string + ?>&noredirect=true" ><?=$page["TITLE"] ?></a></br /> <?=$page["DESCRIPTION"].$ellipsis ?> </div> <div> </div>