Profile
MAJ is an Open Source, PHP-based content management system (CMS) that can be deployed as a blog, bulletin or message board, Internet forum, and wiki. It is extensible via PHP panels and is HTML5 and CSS3 ready.
Git
This commit has been accessed 866 times via Git panel.

commit ef64f868acab9b9dec9b2268890ea88aa4d6b693
tree b2d9f8e875111b2134ec13af5112964dc33c2046
parent c191ce955207a003078f0afac3c7441c8873d4c1
author Engels Antonio <engels@majcms.org> 1277314190 +0800
committer Engels Antonio <engels@majcms.org> 1277314190 +0800

    maj-0.14-20071102-bb.zip

diff --git a/colors.php b/colors.php
index e0910ae..22271e7 100644
--- a/colors.php
+++ b/colors.php
@@ -1,4 +1,5 @@
 <?php
+
 session_start();
 header("Cache-control: private");
 
diff --git a/edit.php b/edit.php
index 5525560..7e41985 100644
--- a/edit.php
+++ b/edit.php
@@ -197,7 +197,7 @@ a:active {
 
 <?php
 
-if (isset($_REQUEST['comment']) and !empty($_REQUEST['comment']) and isset($_REQUEST['comment_txt']) and !empty($_REQUEST['comment_txt'])) {
+if (isset($_REQUEST['comment']) and !empty($_REQUEST['comment']) and isset($_REQUEST['comment_txt']) and !empty($_REQUEST['comment_txt']) and isset($_REQUEST['type']) and !empty($_REQUEST['type']) and (($_REQUEST['type'] == "live") or ($_REQUEST['type'] == "pending"))) {
 
        $comment_txt = ucfirst($_REQUEST['comment_txt']);
        //$comment_txt = htmlentities($comment_txt, ENT_NOQUOTES);
@@ -213,12 +213,12 @@ if (isset($_REQUEST['comment']) and !empty($_REQUEST['comment']) and isset($_REQ
        $comment_txt = str_replace('=)', '<img src=images/smileys/surprised.png border=0>', $comment_txt);
        $comment_txt = str_replace(':\\', '<img src=images/smileys/undecided.png border=0>', $comment_txt);
        $comment_txt = str_replace(';)', '<img src=images/smileys/wink.png border=0>', $comment_txt);
-       $comment_txt_file = "data/items/{$_REQUEST['entry']}/comments/live/{$_REQUEST['comment']}/comment.txt";
+       $comment_txt_file = "data/items/{$_REQUEST['entry']}/comments/{$_REQUEST['type']}/{$_REQUEST['comment']}/comment.txt";
        $open_comment_txt_file = fopen($comment_txt_file,"w");
        fwrite($open_comment_txt_file,$comment_txt);
        fclose($open_comment_txt_file);
 
-       $comment_revisions_file = "data/items/{$_REQUEST['entry']}/comments/live/{$_REQUEST['comment']}/revisions.txt";
+       $comment_revisions_file = "data/items/{$_REQUEST['entry']}/comments/{$_REQUEST['type']}/{$_REQUEST['comment']}/revisions.txt";
        $fp_comment_revisions_file = fopen($comment_revisions_file, "r");
        $comment_revisions_count = fread($fp_comment_revisions_file, filesize($comment_revisions_file));
        fclose($fp_comment_revisions_file);
@@ -229,16 +229,22 @@ if (isset($_REQUEST['comment']) and !empty($_REQUEST['comment']) and isset($_REQ
 
 }
 
-if (isset($_REQUEST['comment']) and !empty($_REQUEST['comment'])) { ?>
+if (isset($_REQUEST['comment']) and !empty($_REQUEST['comment']) and isset($_REQUEST['type']) and !empty($_REQUEST['type']) and (($_REQUEST['type'] == "live") or ($_REQUEST['type'] == "pending"))) {
+
+       if (!file_exists("data/items/{$_REQUEST['entry']}/comments/{$_REQUEST['type']}/{$_REQUEST['comment']}")) {
+               exit();
+       }
+
+?>
        <p><table border=0 cellspacing=0 cellpadding=0 bgcolor=#CCCCCC><tr><td width=525>
-       <div id=panel_title><?php readfile("data/items/{$_REQUEST['entry']}/comments/live/{$_REQUEST['comment']}/firstname.txt"); ?>&nbsp;<?php readfile("data/items/{$_REQUEST['entry']}/comments/live/{$_REQUEST['comment']}/lastname.txt"); ?>&nbsp;&lt;<?php readfile("data/items/{$_REQUEST['entry']}/comments/live/{$_REQUEST['comment']}/email.txt"); ?>&gt;</div>
-       <div id=panel_body><?php readfile("data/items/{$_REQUEST['entry']}/comments/live/{$_REQUEST['comment']}/comment.txt"); ?></div>
+       <div id=panel_title><?php readfile("data/items/{$_REQUEST['entry']}/comments/{$_REQUEST['type']}/{$_REQUEST['comment']}/firstname.txt"); ?>&nbsp;<?php readfile("data/items/{$_REQUEST['entry']}/comments/{$_REQUEST['type']}/{$_REQUEST['comment']}/lastname.txt"); ?>&nbsp;&lt;<?php readfile("data/items/{$_REQUEST['entry']}/comments/{$_REQUEST['type']}/{$_REQUEST['comment']}/email.txt"); ?>&gt;</div>
+       <div id=panel_body><?php readfile("data/items/{$_REQUEST['entry']}/comments/{$_REQUEST['type']}/{$_REQUEST['comment']}/comment.txt"); ?></div>
        <div id=panel_footer><font style="font-size: 10px; color: #999999;">
        <?php
-               readfile("data/items/{$_REQUEST['entry']}/comments/live/{$_REQUEST['comment']}/timestamp.txt");
-               if (file_exists("data/items/{$_REQUEST['entry']}/comments/live/{$_REQUEST['comment']}/revisions.txt")) {
+               readfile("data/items/{$_REQUEST['entry']}/comments/{$_REQUEST['type']}/{$_REQUEST['comment']}/timestamp.txt");
+               if (file_exists("data/items/{$_REQUEST['entry']}/comments/{$_REQUEST['type']}/{$_REQUEST['comment']}/revisions.txt")) {
                        echo " (Revision ";
-                       readfile("data/items/{$_REQUEST['entry']}/comments/live/{$_REQUEST['comment']}/revisions.txt");
+                       readfile("data/items/{$_REQUEST['entry']}/comments/{$_REQUEST['type']}/{$_REQUEST['comment']}/revisions.txt");
                        echo ")";
                }
        ?>
@@ -249,7 +255,7 @@ if (isset($_REQUEST['comment']) and !empty($_REQUEST['comment'])) { ?>
        <form enctype="multipart/form-data" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
        <tr><td><textarea class=input_body name=comment_txt rows=10><?php
 
-       $comment_txt_file = "data/items/{$_REQUEST['entry']}/comments/live/{$_REQUEST['comment']}/comment.txt";
+       $comment_txt_file = "data/items/{$_REQUEST['entry']}/comments/{$_REQUEST['type']}/{$_REQUEST['comment']}/comment.txt";
        $open_comment_txt_file = fopen($comment_txt_file,"r");
        $read_comment_txt_file = fread($open_comment_txt_file,filesize($comment_txt_file));
        fclose($open_comment_txt_file);
@@ -281,6 +287,7 @@ if (isset($_REQUEST['comment']) and !empty($_REQUEST['comment'])) { ?>
        ?></textarea></td></tr>
        <tr><td><input type=hidden name=entry value="<?php echo $_REQUEST['entry']; ?>"></td></tr>
        <tr><td><input type=hidden name=comment value="<?php echo $_REQUEST['comment']; ?>"></td></tr>
+       <tr><td><input type=hidden name=type value="<?php echo $_REQUEST['type']; ?>"></td></tr>
        <tr><td><input class=input_body type=submit value="click here to update this comment"></td></tr>
        </form>
 
diff --git a/index.php b/index.php
index 4fe379d..831a75a 100644
--- a/index.php
+++ b/index.php
@@ -2764,7 +2764,7 @@ if (file_exists("data/panels")) {
                                if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == $login_username)) {
                                        echo '<a href=del.php?entry=' . $d . '&comment=' . $comment . '&type=live><img src=images/widget.del.png width=11 height=11 border=0 align=right alt="delete comment"></a>';
                                        echo '<a href=move.php?entry=' . $d . '&comment=' . $comment . '&type=live><img src=images/widget.move.png width=11 height=11 border=0 align=right alt="move comment"></a>';
-                                       echo '<a href=edit.php?entry=' . $d . '&comment=' . $comment . '><img src=images/widget.edit.png width=11 height=11 border=0 align=right alt="edit comment"></a>';
+                                       echo '<a href=edit.php?entry=' . $d . '&comment=' . $comment . '&type=live><img src=images/widget.edit.png width=11 height=11 border=0 align=right alt="edit comment"></a>';
                                }
                                echo '</div><div id=panel_body><table border=0 cellspacing=0 cellpadding=0><tr>';
                               
@@ -3237,8 +3237,8 @@ if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == $login_username
                        echo ' &lt;';
                        readfile("$dir/$d/comments/pending/$pending_comment/email.txt");
                        echo '&gt;';
+
                        echo '<a href=del.php?entry=' . $d . '&comment=' . $pending_comment . '&type=pending><img src=images/widget.del.png width=11 height=11 border=0 align=right alt="delete comment"></a>';
-                       echo '<a href=move.php?entry=' . $d . '&comment=' . $pending_comment . '&type=pending><img src=images/widget.move.png width=11 height=11 border=0 align=right alt="move comment"></a>';
 
                        $pending_comment_key_file = "$dir/$d/comments/pending/$pending_comment/key.txt";
                        $open_pending_comment_key_file = fopen($pending_comment_key_file,"r");
@@ -3246,6 +3246,11 @@ if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == $login_username
                        fclose($open_pending_comment_key_file);
 
                        echo '<a href=' . $_SERVER['PHP_SELF'] . '?entry=' . $d . '&comment=' . $pending_comment . '&key=' . $pending_comment_login_key . '&action=approve><img src=images/widget.cat.png width=11 height=11 border=0 align=right alt="post comment"></a>';
+
+                       echo '<a href=move.php?entry=' . $d . '&comment=' . $pending_comment . '&type=pending><img src=images/widget.move.png width=11 height=11 border=0 align=right alt="move comment"></a>';
+
+                       echo '<a href=edit.php?entry=' . $d . '&comment=' . $pending_comment . '&type=pending><img src=images/widget.edit.png width=11 height=11 border=0 align=right alt="edit comment"></a>';
+
                        echo '</div><div id=panel_body><table border=0 cellspacing=0 cellpadding=0><tr>';
 
                        if (file_exists("data/bb.txt") and file_exists("data/avatar.txt") and file_exists("$dir/$d/comments/pending/$pending_comment/author.txt")) {
@@ -3431,6 +3436,13 @@ if (isset($_SESSION['logged_in']) and ($_SESSION['logged_in'] == $login_username
                                echo "<a href=member.php?id=$pxavatar_author>$pxavatar_author</a> - ";
                        }
                        readfile("$dir/$d/comments/pending/$pending_comment/timestamp.txt");
+
+                       if (file_exists("$dir/$d/comments/pending/$pending_comment/revisions.txt")) {
+                               echo '  (Revision ';
+                               readfile("$dir/$d/comments/pending/$pending_comment/revisions.txt");
+                               echo ')';
+                       }
+
                        echo '</font><font style="font-size: 5px;"><br><br></font>';
                        readfile("$dir/$d/comments/pending/$pending_comment/comment.txt");
                        echo '</p></tr></table></div>';
diff --git a/move.php b/move.php
index 2f6fd76..346ad21 100644
--- a/move.php
+++ b/move.php
@@ -27,6 +27,31 @@ if (!isset($_SESSION['logged_in']) or ($_SESSION['logged_in'] != $login_username
        exit();
 }
 
+function rmdirr($recurse_dirname) {
+
+       if (!file_exists($recurse_dirname)) {
+               return false;
+       }
+
+       if (is_file($recurse_dirname)) {
+               return unlink($recurse_dirname);
+       }
+
+       $recurse_dir = dir($recurse_dirname);
+
+       while (false !== $recurse_entry = $recurse_dir->read()) {
+
+               if ($recurse_entry == '.' || $recurse_entry == '..') {
+                       continue;
+               }
+
+               rmdirr("$recurse_dirname/$recurse_entry");
+       }
+
+       $recurse_dir->close();
+       return rmdir($recurse_dirname);
+}
+
 ?>
 
 <style>
@@ -148,7 +173,7 @@ if (isset($_REQUEST['comment']) and !empty($_REQUEST['comment']) and isset($_REQ
 
                rename("data/items/$entry/comments/live/$comment","data/items/$target/comments/live/$comment");
 
-       header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '?entry=' . $target . '&show=comments');
+               header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '?entry=' . $target . '&show=comments');
 
                exit();
        }
@@ -176,7 +201,40 @@ if (isset($_REQUEST['comment']) and !empty($_REQUEST['comment']) and isset($_REQ
 
                rename("data/items/$entry/comments/pending/$comment","data/items/$target/comments/pending/$comment");
 
-       header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '?entry=' . $target . '&show=comments');
+               if (file_exists("data/comments/pending/$entry/count.txt")) {
+
+                       $count = file_get_contents("data/comments/pending/$entry/count.txt");
+
+                       if ($count <= 1) {
+                               rmdirr("data/comments/pending/$entry");
+                       }
+                       else {
+                               $count = $count - 1;
+                               $count_txt = fopen("data/comments/pending/$entry/count.txt","w");
+                               fwrite($count_txt,$count);
+                               fclose($count_txt);
+                       }
+               }
+
+               if (file_exists("data/comments/pending/$target/count.txt")) {
+
+                       $count = file_get_contents("data/comments/pending/$target/count.txt");
+                       $count = $count + 1;
+               }
+               else {
+                       $count = 1;
+               }
+
+
+               if (!file_exists("data/comments/pending/$target")) {
+                       mkdir("data/comments/pending/$target");
+               }
+
+               $count_txt = fopen("data/comments/pending/$target/count.txt","w");
+               fwrite($count_txt,$count);
+               fclose($count_txt);
+
+               header("Location: http://" . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '?entry=' . $target . '&show=comments');
 
                exit();
        }
 
Credits
Sunday, Sep 18, 2005, 12:00 AM (Revision 11 - Thursday, Jul 14, 2011, 7:30 PM)
Open Source enables software developers to stand on the shoulders of giants instead of reinventing the wheel, so to speak. Kudos and many thanks to the folks who made their work freely available for reuse in MAJ.

read more
Bugs and Exploits
Friday, Aug 26, 2005, 12:00 AM (Revision 23 - Wednesday, May 29, 2013, 5:25 AM)
Although MAJ started as a family project, care has been taken to make it as "safe" as possible. With more people now working on MAJ, bugs and exploitable code may sometimes slip in. We invite you to poke around and see if you can find any. Generally, there are two things you can do when you find a MAJ or PHP-related bug or exploit:

1. Take advantage of it. But hey, what's so exciting about messing up someone's blog? Ho-hum, right?
2. Report it here so that we can work on a fix and make MAJ better.

read more
Search
Download
MAJ 2.0
75 files
33012 downloads
MAJ 1.0
26 files
13143 downloads
MAJ 0.14
45 files
35025 downloads