1. if there is some selection - in the code window - put it into the search box straight away
2. tweak for Chrome - somewhy it had problem with using Ctrl-F more then once
XHR now being used for many more functions, only load now remains to be
done
file value passed as 3rd param on serverQueue
moveFile() file param also has string replacing / to | on filename
replaceInFile() fileRef param also passed as 3rd param, investigate!
If not saving prev files refs and not loading (ie, the extra functions
now covered by XHR), if we're saving, send contents with XHR request,
both send timeStart and file of course
New folder
Move file/folder
Rename file/folder
Paste file/folder
Upload file(s)
Delete file(s)/folders(s)
Replace text in a file
Get contents of remote URL
...all moved to XHR setup now!
No longer using session_start_safe() function because it caused more
usage problems than it solved. Setting a load of new params now to give
a much better setup.
newFile now just calls newTab but with 'alsoSave' param, which is picked
up and runs saveFile, giving more power to the API
When opening a file, if it's a new tab, call createNewTab with a 'new'
param, which is picked up and if set, we don't call setPreviousFiles. We
don't want to set them on adding a new tab anyway, plus it creates an
extra process, which means the server queue gets jammed and new tabs
don't get a save action processed.
The 2 x if conditions added a security measure to avoid path traversals,
should languageBase or languageUser ever be set to something malicious
such as (eg ../../../../../../../etc/passwd)
However, it meant that the ICEcoder dir and the doc root dir paths had
to both start the same, and so be in the same location really. It was
previously a benefit to have them possibly contain different paths, but
this security point restricts this.
We can remove these 2 if conditions however and simply wrap the 2 array
values with basename(), so we take only the trailing file name and so
avoid path traversal issues.
Location shouldn't contain the dirname of the file or a loggedOut param
(with no CSRF!) - all unnecessary and causes problems
Also add a die() after the header location to go no further.
