include_once "{$lib}/class/file.php"; include_once "{$lib}/share/errorimage.php"; include_once "{$lib}/share/string.php"; // Dump the specified file into the data stream. function dumpFile($file, $type) { header("Content-Type: {$type}"); header("Accept-Ranges: bytes"); header("Content-Length: " . filesize($file)); readfile($file); exit; } // Sanity check: $_REQUEST['file'] = pieGetOption(@$_REQUEST['file']); $file = new File(); if (!$file->isValidName($_REQUEST['file'])) { pieErrorImage(); } if (!$file->exists($_REQUEST['file'])) { pieErrorImage(); } $_REQUEST['stamp'] = abs(intval(@$_REQUEST['stamp'])); $_REQUEST['size'] = abs(intval(@$_REQUEST['size'])); if (!$file->read($_REQUEST['file'], $_REQUEST['stamp'])) { pieErrorImage(); } // Check for alias: while ($file->meta['type'] == "alias") { if ($GLOBALS['pie']['auto_redirect']) { header("Location: " . pieMakeString($GLOBALS['pie']['redirect_media_url'], array('file' => rawurlencode($file->meta['original'])))); exit;
function importPage($name, $source, $meta) { $page = new Page(); $file = new File(); $user = new User(); if ($_REQUEST['group']) { $name = $_REQUEST['group'] . $GLOBALS['pie']['group_delimiter'] . $name; } if ($meta['user']) { // Old style author. $meta['author'] = $meta['user']; unset($meta['user']); } // User mapping. if (!$meta['author'] && $_REQUEST['author']) { $meta['author'] = $_REQUEST['author']; } if (!$user->exists($meta['author']) && $_REQUEST['author']) { $meta['author'] = $_REQUEST['author']; } if ($meta['links']) { // Old style links. $links = explode(" ", $meta['links']); $p = array(); $f = array(); foreach ($links as $i) { if ($file->isValidName($i)) { $f[] = $i; } else { $p[] = $i; } } if (count($p)) { $meta['pages'] = implode(" ", $p); } if (count($f)) { $meta['files'] = implode(" ", $f); } } // Adapt character encoding. if ($_REQUEST['contentencoding']) { $page->source = mb_convert_encoding($source, "UTF-8", $_REQUEST['contentencoding']); } else { $page->source = $source; } if ($_REQUEST['contentencoding'] && $meta['comment']) { $meta['comment'] = mb_convert_encoding($meta['comment'], "UTF-8", $_REQUEST['contentencoding']); } if ($_REQUEST['contentencoding'] && $meta['title']) { $meta['title'] = mb_convert_encoding($meta['title'], "UTF-8", $_REQUEST['contentencoding']); } if ($_REQUEST['contentencoding'] && $meta['pages']) { $meta['pages'] = mb_convert_encoding($meta['pages'], "UTF-8", $_REQUEST['contentencoding']); } if ($_REQUEST['contentencoding'] && $meta['files']) { $meta['files'] = mb_convert_encoding($meta['files'], "UTF-8", $_REQUEST['contentencoding']); } // Adapt delimiters of alternate text in links. if ($_REQUEST['delimiter']) { $page->source = preg_replace('/(\\[\\[\\S+)\\s+([^\\[\\]]+\\]\\])/', '$1' . $GLOBALS['pie']['link_text_delimiter'] . '$2', $page->source); } $page->name = $name; $page->meta = $meta; return $page->write(false); }
// Determine the state of operation depending on the provided input. unset($original); unset($alias); if (@$_REQUEST['page']) { $_REQUEST['page'] = pieGetOption($_REQUEST['page']); $original = $_REQUEST['page']; $resource = new Page(); if (!$resource->isValidName($original)) { pieError("PageNameInvalid"); } $context = 'page'; } elseif (@$_REQUEST['file']) { $_REQUEST['file'] = pieGetOption($_REQUEST['file']); $original = $_REQUEST['file']; $resource = new File(); if (!$resource->isValidName($original)) { pieError("FileNameInvalid"); } $context = 'file'; } else { pieError("ActionInvalid"); } // Verify the alias: if (@$_REQUEST['alias']) { $_REQUEST['alias'] = pieGetOption($_REQUEST['alias']); $_REQUEST['alias'] = pieBeautifyName($_REQUEST['alias']); $alias = $_REQUEST['alias']; if (!$resource->isValidName($alias)) { pieError("AliasNameInvalid"); } }
pieError("PageNotFound"); } if (!$resource->read($_REQUEST['page'], 0)) { pieError("SourceReadError"); } if ($resource->meta['type'] == "alias") { pieError("AliasRedirect", array('page' => htmlspecialchars($resource->meta['original']), 'alias' => htmlspecialchars($_REQUEST['page']))); } $context = 'page'; $history = $resource->history($_REQUEST['page']); } elseif (@$_REQUEST['file']) { // Preparations for files. $_REQUEST['file'] = pieGetOption($_REQUEST['file']); $resource = new File(); $resource->name = $_REQUEST['file']; if (!$resource->isValidName($_REQUEST['file'])) { pieError("FileNameInvalid"); } if (!$resource->exists($_REQUEST['file'])) { pieError("FileNotFound"); } if (!$resource->read($_REQUEST['file'], 0)) { pieError("FileReadError"); } if ($resource->meta['type'] == "alias") { pieError("AliasRedirect", array('file' => htmlspecialchars($resource->meta['original']), 'alias' => htmlspecialchars($_REQUEST['file']))); } $context = 'file'; $history = $resource->history($_REQUEST['file']); } else { pieError("PageNotFound");
$a = $m[1] * 1048576; } $b = ini_get("upload_max_filesize"); if (preg_match('/^(\\d+)[Mm]$/', $b, $m)) { $b = $m[1] * 1048576; } $a = min($a, $b); $b = pieMakeSize($a); $data = array('maxsize' => $a, 'uploadsize' => $b); if (@$_REQUEST['create']) { $data['append'] = 'checked="checked" disabled="disabled" '; } else { $data['append'] = 'checked="checked" '; } $data['comment'] = $GLOBALS['pie']['locale']->key("InitialVersion"); if ($file->isValidName($name)) { // A file name is being provided. $name = pieBeautifyName($name); if ($file->exists($name)) { // An update of an existing file. $file->read($name, 0); if ($file->meta['author'] != $GLOBALS['pie']['user']) { $data['append'] = 'checked="checked" disabled="disabled" '; } if ($file->meta['comment']) { $data['comment'] = htmlspecialchars($file->meta['comment']); } else { unset($data['comment']); } } }
if (!$object->isValidName($target)) { pieError("PageNameInvalid"); } if (!$object->exists($target)) { pieError("PageNotFound"); } if (!$object->read($target, 0)) { pieError("SourceReadError"); } // Lock the page. if (!$object->lock($GLOBALS['pie']['user'])) { pieError("PageLockError"); } } elseif ($context == "file") { $object = new File(); if (!$object->isValidName($target)) { pieError("FileNameInvalid"); } if (!$object->exists($target)) { pieError("FileNotFound"); } if (!$object->read($target, 0)) { pieError("FileReadError"); } } else { pieError("ActionInvalid"); } // Check permissions to delete the resource: $history = $object->history($object->name); if (@$_REQUEST['approve']) { // The user asked to delete the resource, no matter what.
if (!$object->isValidName($source)) { pieError("PageNameInvalid"); } if (!$object->exists($source)) { pieError("PageNotFound"); } if (!$object->read($source, 0)) { pieError("SourceReadError"); } // Lock the page. if (!$object->lock($GLOBALS['pie']['user'])) { pieError("PageLockError"); } } elseif ($context == "file") { $object = new File(); if (!$object->isValidName($source)) { pieError("FileNameInvalid"); } if (!$object->exists($source)) { pieError("FileNotFound"); } if (!$object->read($source, 0)) { pieError("FileReadError"); } } else { pieError("ActionInvalid"); } // Validate the destination: if (!isset($_REQUEST['newname'])) { pieError("RenameForm", array('source' => $source)); }
pieHead(); // Verify the input. if (@$_REQUEST['page'] && !@$_REQUEST['file']) { $resource = pieGetOption($_REQUEST['page']); $page = new Page(); if (!$page->isValidName($resource)) { pieError("PageNameInvalid"); } if (!$page->exists($resource)) { pieError("PageNotFound"); } $context = "page"; } elseif (@$_REQUEST['file'] && !@$_REQUEST['page']) { $resource = pieGetOption($_REQUEST['file']); $file = new File(); if (!$file->isValidName($resource)) { pieError("FileNameInvalid"); } if (!$file->exists($resource)) { pieError("FileNotFound"); } $context = "file"; } else { pieError("ActionInvalid"); } // Build the referer list. if (($referers = pieRefererList($resource, $context)) === false) { pieError("RefererError"); } // Present the result. if (!count($referers)) {
function checkFiles($list) { $f = new File(); $num = 0; foreach ($list as $file) { $name = decodeName($file); $name = preg_replace('/\\s+\\d+$/', "", $name); if (!$f->isValidName($name)) { pieError("InvalidName", array('file' => htmlspecialchars($name))); } if ($f->exists($name)) { pieError("FileExists", array('file' => htmlspecialchars($name))); } $num++; } return $num; }