If 'tables' is a string that starts with a space, treat it as user-enforced FROM...

[lhc/web/wiklou.git] / includes / AjaxFunctions.php
diff --git a/includes/AjaxFunctions.php b/includes/AjaxFunctions.php

index 9f7a332..5f906a3 100644 (file)
--- a/includes/AjaxFunctions.php
+++ b/includes/AjaxFunctions.php
@@ -45,7 +45,7 @@ function js_unescape($source, $iconv_to = 'UTF-8') {
     if ($iconv_to != "UTF-8") {
         $decodedStr = iconv("UTF-8", $iconv_to, $decodedStr);
     }
-  
+ 
     return $decodedStr;
  }
  
@@ -71,7 +71,7 @@ function code2utf($num){
  function wfSajaxSearch( $term ) {
         global $wgContLang, $wgOut;
         $limit = 16;
-       
+
         $l = new Linker;
  
         $term = str_replace( ' ', '_', $wgContLang->ucfirst( 
@@ -81,7 +81,7 @@ function wfSajaxSearch( $term ) {
         if ( strlen( str_replace( '_', '', $term ) )<3 )
                 return;
  
-       $db =& wfGetDB( DB_SLAVE );
+       $db = wfGetDB( DB_SLAVE );
         $res = $db->select( 'page', 'page_title',
                         array(  'page_namespace' => 0,
                                 "page_title LIKE '". $db->strencode( $term) ."%'" ),
@@ -108,8 +108,8 @@ function wfSajaxSearch( $term ) {
         $subtitlemsg = ( Title::newFromText($term) ? 'searchsubtitle' : 'searchsubtitleinvalid' );
         $subtitle = $wgOut->parse( wfMsg( $subtitlemsg, wfEscapeWikiText($term) ) ); #FIXME: parser is missing mTitle !
  
-       $term = htmlspecialchars( $term );
-       $html = '<div style="float:right; border:solid 1px black;background:gainsboro;padding:2px;"><a onclick="Searching_Hide_Results();">' 
+       $term = urlencode( $term );
+       $html = '<div style="float:right; border:solid 1px black;background:gainsboro;padding:2px;"><a onclick="Searching_Hide_Results();">'
                 . wfMsg( 'hideresults' ) . '</a></div>'
                 . '<h1 class="firstHeading">'.wfMsg('search')
                 . '</h1><div id="contentSub">'. $subtitle . '</div><ul><li>'
@@ -121,12 +121,51 @@ function wfSajaxSearch( $term ) {
                                         "search=$term&go=Go" )
                 . "</li></ul><h2>" . wfMsg( 'articletitles', $term ) . "</h2>"
                 . '<ul>' .$r .'</ul>'.$more;
-               
+
         $response = new AjaxResponse( $html );
-       
+
         $response->setCacheDuration( 30*60 );
-               
+
         return $response;
  }
  
+/**
+ * Called for AJAX watch/unwatch requests.
+ * @param $pageID Integer ID of the page to be watched/unwatched
+ * @param $watch String 'w' to watch, 'u' to unwatch
+ * @return String '<w#>' or '<u#>' on successful watch or unwatch, respectively, or '<err#>' on error (invalid XML in case we want to add HTML sometime)
+ */
+function wfAjaxWatch($pageID = "", $watch = "") {
+       if(wfReadOnly())
+               return '<err#>'; // redirect to action=(un)watch, which will display the database lock message
+
+       if(('w' !== $watch && 'u' !== $watch) || !is_numeric($pageID))
+               return '<err#>';
+       $watch = 'w' === $watch;
+       $pageID = intval($pageID);
+
+       $title = Title::newFromID($pageID);
+       if(!$title)
+               return '<err#>';
+       $article = new Article($title);
+       $watching = $title->userIsWatching();
+
+       if($watch) {
+               if(!$watching) {
+                       $dbw = wfGetDB(DB_MASTER);
+                       $dbw->begin();
+                       $article->doWatch();
+                       $dbw->commit();
+               }
+       } else {
+               if($watching) {
+                       $dbw = wfGetDB(DB_MASTER);
+                       $dbw->begin();
+                       $article->doUnwatch();
+                       $dbw->commit();
+               }
+       }
+
+       return $watch ? '<w#>' : '<u#>';
+}
  ?>