Beispiel #1
0
function do_highlight($formatter, $params = array())
{
    if (isset($params['value'])) {
        $expr = $params['value'];
    } else {
        if (isset($params['q'])) {
            $expr = $params['q'];
        }
    }
    $expr = _stripslashes($expr);
    $formatter->send_header('', $params);
    $formatter->send_title('', '', $params);
    flush();
    ob_start();
    $formatter->send_page();
    flush();
    $out = ob_get_contents();
    ob_end_clean();
    if (isset($expr[0])) {
        highlight_repl(null, true);
        $highlight = _preg_search_escape($expr);
        $out = preg_replace_callback('/((<[^>]*>)|(' . $highlight . '))/i', 'highlight_repl', $out);
        echo $out;
    } else {
        echo $out;
    }
    $args['editable'] = 1;
    $formatter->send_footer($args, $params);
}
 public function index()
 {
     //note 普通的 http 通知方式
     if (!defined('IN_UC')) {
         error_reporting(0);
         set_magic_quotes_runtime(0);
         defined('MAGIC_QUOTES_GPC') || define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc());
         service("Passport");
         $_DCACHE = $get = $post = array();
         $code = @$_GET['code'];
         parse_str(_authcode($code, 'DECODE', UC_KEY), $get);
         if (MAGIC_QUOTES_GPC) {
             $get = _stripslashes($get);
         }
         $timestamp = time();
         if ($timestamp - $get['time'] > 3600) {
             exit('Authracation has expiried');
         }
         if (empty($get)) {
             exit('Invalid Request');
         }
         $action = $get['action'];
         require_once DISCUZ_ROOT . './uc_client/lib/xml.class.php';
         $post = xml_unserialize(file_get_contents('php://input'));
         if (in_array($get['action'], array('test', 'deleteuser', 'renameuser', 'gettag', 'synlogin', 'synlogout', 'updatepw', 'updatebadwords', 'updatehosts', 'updateapps', 'updateclient', 'updatecredit', 'getcreditsettings', 'updatecreditsettings'))) {
             exit($this->{$get}['action']($get, $post));
         } else {
             exit(API_RETURN_FAILED);
         }
     }
 }
Beispiel #3
0
function do_autosave($formatter, $options)
{
    global $DBInfo;
    if (session_id() == '') {
        // ip based
        if ($DBInfo->user->id == 'Anonymous') {
            $myid = md5($_SERVER['REMOTE_ADDR'] . '.' . 'MONIWIKI');
            // IP based for Anonymous user XXX
        } else {
            $myid = md5($DBInfo->user->id . $_SERVER['REMOTE_ADDR'] . '.' . 'MONIWIKI');
        }
    } else {
        if (0) {
            if ($_SESSION['_autosave']) {
                $myid = $_SESSION['_autosave'];
            } else {
                $myid = session_id();
                $_SESSION['_autosave'] = $myid;
            }
        } else {
            if ($DBInfo->user->id == 'Anonymous') {
                $myid = md5($_SERVER['REMOTE_ADDR'] . '.' . 'MONIWIKI');
                // IP based for Anonymous user XXX
            } else {
                $myid = md5($DBInfo->user->id . $_SERVER['REMOTE_ADDR'] . '.' . 'MONIWIKI');
            }
        }
    }
    $myid = md5($myid . $formatter->page->name);
    if (isset($options['section'])) {
        $myid .= '.' . $options['section'];
    }
    // XXX section support
    $save = new Cache_text('autosave');
    if (!empty($options['retrive'])) {
        $saved = $save->fetch($myid);
        $os = rtrim($saved);
        $stamp = $save->mtime($myid);
        echo $stamp . "\n" . $os;
        return true;
    } else {
        if (!empty($options['remove'])) {
            $save->remove($myid);
            echo 'true';
            return true;
        }
    }
    $savetext = $options['savetext'];
    $datestamp = substr($options['datestamp'], 0, 10);
    // only 10-digits used
    $savetext = preg_replace("/\r\n|\r/", "\n", $savetext);
    $savetext = _stripslashes($savetext);
    if ($save->exists($myid) and $save->mtime($myid) > $datestamp) {
        echo 'false';
        return false;
    }
    $save->update($myid, $savetext);
    echo 'true';
    return true;
}
Beispiel #4
0
 function index()
 {
     /* 只提供普通的http通知方式 */
     error_reporting(0);
     set_magic_quotes_runtime(0);
     $_DCACHE = $get = $post = array();
     $code = @$_GET['code'];
     parse_str(_authcode($code, 'DECODE', UC_KEY), $get);
     $get = _stripslashes($get);
     $timestamp = time();
     if ($timestamp - $get['time'] > 3600) {
         exit('Authracation has expiried');
     }
     if (empty($get)) {
         exit('Invalid Request');
     }
     $action = $get['action'];
     include ROOT_PATH . '/uc_client/lib/xml.class.php';
     $post = xml_unserialize(file_get_contents('php://input'));
     if (in_array($get['action'], array('test', 'deleteuser', 'renameuser', 'gettag', 'synlogin', 'synlogout', 'updatepw', 'updatebadwords', 'updatehosts', 'updateapps', 'updateclient', 'updatecredit', 'getcreditsettings', 'updatecreditsettings'))) {
         exit($this->{$get}['action']($get, $post));
     } else {
         exit(API_RETURN_FAILED);
     }
 }
Beispiel #5
0
 function _stripslashes(&$var)
 {
     if (is_array($var)) {
         foreach ($var as $k => &$v) {
             _stripslashes($v);
         }
     } else {
         $var = stripslashes($var);
     }
 }
function _stripslashes($value)
{
    if (is_array($value)) {
        foreach ($value as $k => $v) {
            $value[$k] = _stripslashes($v);
        }
        return $value;
    }
    return stripslashes($value);
}
Beispiel #7
0
function _stripslashes(&$val)
{
    if (!is_array($val)) {
        return stripslashes($val);
    }
    foreach ($val as $k => &$v) {
        $val[$k] = _stripslashes($v);
    }
    return $val;
}
Beispiel #8
0
function _uc_stripslashes($string)
{
    if (is_array($string)) {
        foreach ($string as $key => $val) {
            $string[$key] = _stripslashes($val);
        }
    } else {
        $string = stripslashes($string);
    }
    return $string;
}
Beispiel #9
0
 function User_nforge($id = '')
 {
     if ($id) {
         $this->setID($id);
         $u =& user_get_object_by_name($id);
     } else {
         $u =& user_get_object(user_getid());
         if ($u and is_object($u) and !$u->isError()) {
             global $DBInfo;
             $id = $u->getUnixName();
         }
         if (!empty($id)) {
             $this->setID($id);
             $udb = new UserDB($DBInfo);
             $tmp = $udb->getUser($id);
             // get timezone and make timezone offset
             $tz_offset = date('Z');
             $update = 0;
             if ($tz_offset != $tmp->info['tz_offset']) {
                 $update = 1;
             }
             if (!empty($DBInfo->use_homepage_url) and empty($tmp->info['home']) or $update or empty($tmp->info['nick']) or $tmp->info['nick'] != $u->data_array['realname']) {
                 // register user
                 $tmp->info['tz_offset'] = $tz_offset;
                 $tmp->info['nick'] = $u->data_array['realname'];
                 if (!empty($DBInfo->use_homepage_url)) {
                     $tmp->info['home'] = util_make_url_u($u->getID(), true);
                 }
                 $udb->saveUser($tmp);
             }
         } else {
             $id = 'Anonymous';
             $this->setID('Anonymous');
         }
     }
     $this->css = isset($_COOKIE['MONI_CSS']) ? $_COOKIE['MONI_CSS'] : '';
     $this->theme = isset($_COOKIE['MONI_THEME']) ? $_COOKIE['MONI_THEME'] : '';
     $this->bookmark = isset($_COOKIE['MONI_BOOKMARK']) ? $_COOKIE['MONI_BOOKMARK'] : '';
     $this->trail = isset($_COOKIE['MONI_TRAIL']) ? _stripslashes($_COOKIE['MONI_TRAIL']) : '';
     $this->tz_offset = isset($_COOKIE['MONI_TZ']) ? _stripslashes($_COOKIE['MONI_TZ']) : '';
     $this->nick = isset($_COOKIE['MONI_NICK']) ? _stripslashes($_COOKIE['MONI_NICK']) : '';
     if ($this->tz_offset == '') {
         $this->tz_offset = date('Z');
     }
     if (!empty($id) and $id != 'Anonymous') {
         global $DBInfo;
         $udb = new UserDB($DBInfo);
         if (!$udb->_exists($id)) {
             $dummy = $udb->saveUser($this);
         }
     }
 }
Beispiel #10
0
 /**
  * @return Application Application object
  * @desc Constructor - set global pathes, error reporting and maximum script execution time; register $_POST, $_GET, $_SESSION variables as $_GLOBALS.
  */
 function Application()
 {
     // set timer ON for global execute time
     $GLOBALS['start_time'] = getmicrotime();
     // set up global template
     $this->global_template = 'global';
     // create empty array of app errors
     $this->error = array();
     // set GET, POST, SSESION variables global & strip slashes
     if (is_array($_POST) and sizeof($_POST) > 0) {
         foreach ($_POST as $key => $val) {
             $val = _stripslashes($val);
             $_POST[$key] = $val;
             $GLOBALS[$key] = $val;
         }
     }
     if (is_array($_GET) and sizeof($_GET) > 0) {
         foreach ($_GET as $key => $val) {
             $val = _stripslashes($val);
             $_GET[$key] = $val;
             $GLOBALS[$key] = $val;
         }
     }
     if (is_array($_SESSION) and sizeof($_SESSION) > 0) {
         foreach ($_SESSION as $key => $val) {
             $val = _stripslashes($val);
             $_SESSION[$key] = $val;
             $GLOBALS[$key] = $val;
         }
     }
     //
     $this->user = false;
     // load CP if needed
     if (defined('CP_CLASS') && CP_CLASS == 1) {
         $this->load('cp', 'class');
     }
     // set time limit & error level
     error_reporting(ERROR_LEVEL);
     set_time_limit(TIME_LIMIT);
     // define global tpl path
     if (ROOT_PATH != './' && ROOT_PATH != '') {
         define('GLOBAL_TPL_PATH', '../' . ROOT_PATH . 'tpl/global/');
     } else {
         define('GLOBAL_TPL_PATH', 'global/');
     }
     $this->paging = false;
 }
Beispiel #11
0
function do_markup($formatter, $options)
{
    $formatter->section_edit = 0;
    $formatter->sister_on = 0;
    $formatter->perma_icon = '';
    $formatter->get_javascripts();
    // trash default javascripts
    //$options['fixpath']=1;
    $formatter->send_header("", $options);
    $formatter->postfilters = array('fiximgpath');
    if (!empty($options['preview'])) {
        $formatter->wikimarkup = 2;
    } else {
        if (empty($options['all'])) {
            $formatter->wikimarkup = 1;
        }
    }
    if (!empty($options['value'])) {
        $val = _stripslashes($options['value']);
        $val = preg_replace('/(\\r\\n|\\n|\\r)/', "\n", $val);
        // Win32 fix
        $formatter->send_page($val, $options);
    } else {
        if (isset($options['section'])) {
            $formatter->section_edit = 1;
            $formatter->sect_num = $options['section'] - 1;
            $raw_body = $formatter->page->get_raw_body($options);
            $sections = _get_sections($raw_body);
            if ($sections[$options['section']]) {
                $raw_body = $sections[$options['section']];
                $formatter->send_page($raw_body, $options);
            }
        } else {
            $formatter->section_edit = 1;
            $formatter->send_page('', $options);
        }
        #else ignore
    }
    print $formatter->get_javascripts();
    return;
}
Beispiel #12
0
define('THINK_PATH', SITE_PATH . '/core/ThinkPHP');
set_magic_quotes_runtime(0);
defined('MAGIC_QUOTES_GPC') || define('MAGIC_QUOTES_GPC', get_magic_quotes_gpc());
require_once SITE_PATH . '/config/uc_config.inc.php';
//载入ThinkSNS配置
$tsconfig1 = (require_once SITE_PATH . '/config/config.inc.php');
$tsconfig2 = (require_once SITE_PATH . '/core/OpenSociax/convention.php');
$tsconfig = array_merge($tsconfig2, $tsconfig1);
$cookiepre = $tsconfig['COOKIE_PREFIX'];
$cookiedomain = $tsconfig['COOKIE_DOMAIN'];
$cookiepath = $tsconfig['COOKIE_PATH'];
$_DCACHE = $get = $post = array();
$code = @$_GET['code'];
parse_str(_authcode($code, 'DECODE', UC_KEY), $get);
if (MAGIC_QUOTES_GPC) {
    $get = _stripslashes($get);
}
//时间戳验证
$timestamp = time();
// if($timestamp - $get['time'] > 3600) {
// 	exit('Authracation has expiried');
// }
if (empty($get)) {
    exit('Invalid Request');
}
$action = $get['action'];
require_once DISCUZ_ROOT . './uc_client/lib/xml.class.php';
$post = xml_unserialize(file_get_contents('php://input'));
// 调试用-写log
// $log_message = "============================ \n "
// 				.date('Y-m-d H:i:s')." \n ".$_SERVER['REQUEST_URI']
Beispiel #13
0
function do_msgfmt($formatter, $options)
{
    global $DBInfo;
    if ($_SERVER['REQUEST_METHOD'] == 'POST' && !$DBInfo->security->writable($options)) {
        $options['title'] = _("Page is not writable");
        return do_invalid($formatter, $options);
    }
    $po = '';
    $domain = 'PoHello';
    if (isset($options['msgid']) or isset($options['msgstr'])) {
        # just check a single msgstr
        header("Content-type: text/plain");
        $date = date('Y-m-d h:i+0900');
        $charset = strtoupper($DBInfo->charset);
        if (_stripslashes($options['msgid']) != '""') {
            $po = <<<POHEAD
msgid ""
msgstr ""
"Project-Id-Version: {$domain} 1.1\\n"
"POT-Creation-Date: {$date}\\n"
"PO-Revision-Date: {$date}\\n"
"Last-Translator: MoniWiki <nobody@localhost>\\n"
"Language-Team: moniwiki <ko@localhost>\\n"
"MIME-Version: 1.0\\n"
"Content-Type: text/plain; charset={$charset}\\n"
"Content-Transfer-Encoding: 8bit\\n"



#: src/test.c

POHEAD;
        }
        $po .= 'msgid ' . _stripslashes($options['msgid']) . "\n";
        #$msg=preg_replace('/""(?!")/',"\"\n\"",
        #    _stripslashes($options['msgstr']));
        $msg = _stripslashes($options['msgstr']);
        $po .= 'msgstr ' . $msg . "\n";
        $po .= "\n\n";
        $ret = _pocheck($po, 1);
        if ($ret == true) {
            print "true\n" . $po;
        }
        return;
    }
    if ($options['po'] and $options['btn']) {
        $formatter->send_header('', $options);
        $formatter->send_title(sprintf(_("Translation of %s"), $options['page']), '', $options);
        $comment = $options['comment'] ? _stripslashes($options['comment']) : "Translations are updated";
        $po = preg_replace("/(\r\n|\r)/", "\n", _stripslashes($options['po']));
        $formatter->page->write($po);
        $ret = $DBInfo->savePage($formatter->page, $comment, $options);
        if ($ret != -1) {
            print "<h2>" . _("Translations are successfully updated.") . "</h2>";
        } else {
            print "<h2>" . _("Fail to save translations.") . "</h2>";
        }
        $formatter->send_footer('', $options);
        return;
    }
    $msgkeys = array_keys($options);
    $msgids = preg_grep('/^msgid-/', $msgkeys);
    $msgstrs = preg_grep('/^msgstr-/', $msgkeys);
    if (sizeof($msgids) != sizeof($msgstrs)) {
        print "Invalid request.";
        return;
    }
    $rawpo = $formatter->page->_get_raw_body();
    $lines = explode("\n", $rawpo);
    $po = '';
    $comment = '';
    $msgid = array();
    $msgstr = array();
    foreach ($lines as $l) {
        if ($l[0] != 'm' and !preg_match('/^\\s*"/', $l)) {
            if ($msgstr) {
                $mid = implode("\n", $msgid);
                $id = md5($mid);
                $msg = preg_replace("/(\r\n|\r)/", "\n", _stripslashes($options['msgstr-' . $id]));
                $sid = md5(rtrim($msg));
                if ($options['md5sum-' . $id] and $options['md5sum-' . $id] != $sid) {
                    $comment = preg_replace('/#, fuzzy\\n/m', '', $comment);
                    $comment = str_replace(', fuzzy', '', $comment);
                }
                # fix msgstr
                #$msg=preg_replace('/(?!<\\\\)"/','\\"',$msg);
                $po .= $comment;
                $po .= 'msgid ' . preg_replace('/(\\r\\n|\\r)/', "\n", _stripslashes($options['msgid-' . $id])) . "\n";
                $po .= 'msgstr ' . $msg . "\n";
                # init
                $msgid = array();
                $msgstr = array();
                $comment = '';
            }
            if ($l[0] == '#' and $l[1] == ',') {
                if ($comment) {
                    $po .= $comment;
                    $comment = '';
                }
                $comment .= $l . "\n";
            } else {
                if ($comment) {
                    $po .= $comment;
                    $comment = '';
                }
                $po .= $l . "\n";
                continue;
            }
        } else {
            if (preg_match('/^(msgid|msgstr)\\s+(".*")\\s*$/', $l, $m)) {
                if ($m[1] == 'msgid') {
                    $msgid[] = $m[2];
                    continue;
                }
                $msgstr[] = $m[2];
            } else {
                if (preg_match('/^\\s*(".*")\\s*$/', $l, $m)) {
                    if ($msgstr) {
                        $msgstr[] = $m[1];
                    } else {
                        $msgid[] = $m[1];
                    }
                } else {
                    $po .= $l . "\n";
                }
            }
        }
    }
    $formatter->send_header('', $options);
    $formatter->send_title(sprintf(_("Translation of %s"), $options['page']), '', $options);
    $e = _pocheck($po);
    #if ($e != true) return;
    #print $po;
    $url = $formatter->link_url($formatter->page->urlname);
    print "<form method='post' action='{$url}'>\n" . "<input type='hidden' name='action' value='msgfmt' />\n";
    print "<input type='submit' name='btn' value='Save Translation ?' /> ";
    print "Summary:" . " <input type='text' size='60' name='comment' value='Translations are updated' />" . "<br />\n";
    if ($options['patch']) {
        include_once 'lib/difflib.php';
        $rawpo = array_map(create_function('$a', 'return $a."\\n";'), explode("\n", $rawpo));
        $newpo = array_map(create_function('$a', 'return $a."\\n";'), explode("\n", $po));
        $diff = new Diff($rawpo, $newpo);
        $f = new UnifiedDiffFormatter();
        $f->trailing_cr = "";
        $diffs = $f->format($diff);
        $sz = sizeof(explode("\n", $diffs));
        print "<textarea cols='80' rows='{$sz}' style='width:80%'>";
        print $diffs;
        print "</textarea>\n";
    }
    $po = _html_escape($po);
    print "<input type='hidden' name='po' value=\"{$po}\" />\n";
    print "</form>";
    $formatter->send_footer('', $options);
    return;
}
Beispiel #14
0
function _CommonFilter($str)
{
    $str = str_replace("&#032;", " ", $str);
    $str = preg_replace("/\\\$/", "&#036;", $str);
    //	$str = preg_replace("/&amp;#([0-9]+);/s", "&#\\1;"		, $str );
    $str = _stripslashes($str);
    //	$str = preg_replace( "/\\\(?!&amp;#|\?#)/", "&#092;"	, $str );
    return $str;
}
Beispiel #15
0
function ajax_chat($formatter, $options)
{
    global $DBInfo;
    $user =& $DBInfo->user;
    # get cookie
    $id = $user->id;
    $nic = '';
    $udb =& $DBInfo->udb;
    if (!empty($options['nic'])) {
        if (!$udb->_exists($options['nic'])) {
            $nic = ' ' . $options['nic'];
        } else {
            if ($user->id == 'Anonymous') {
                $nic = ' ' . $options['nic'] . '_' . substr(md5($_SERVER['REMOTE_ADDR']), 0, 4);
            }
        }
    }
    // %uD55C%uD558
    $value = _stripslashes($options['value']);
    $value = preg_replace('/%u([a-f0-9]{4})/i', '&#x\\1;', $value);
    $nic = preg_replace('/%u([a-f0-9]{4})/i', '&#x\\1;', $nic);
    $itemnum = _stripslashes($options['item']);
    if ($itemnum > 50 or $itemnum <= 0) {
        $itemnum = 20;
    }
    $room = escapeshellcmd(_stripslashes($options['room']));
    if (!file_exists($DBInfo->upload_dir . '/Chat')) {
        umask(00);
        mkdir($DBInfo->upload_dir . '/Chat', 0777);
        umask(022);
    }
    if ($room == 'chat') {
        $log = $DBInfo->upload_dir . '/Chat/default.log';
    } else {
        $room = substr($room, 4);
        $log = $DBInfo->upload_dir . '/Chat/' . $room . '.log';
    }
    if (!$value) {
        if (!file_exists($log)) {
            print 'false';
            return;
        }
        $mtime = filemtime($log);
        if (empty($options['laststamp']) or $mtime <= $options['laststamp']) {
            print 'false';
            return;
        }
    }
    $lines = array();
    $fp = fopen($log, 'a+');
    while (is_resource($fp)) {
        fseek($fp, 0, SEEK_END);
        if ($value) {
            fwrite($fp, time() . "\t" . $user->id . $nic . "\t" . rtrim($value) . "\n");
        }
        if (($fz = filesize($log)) == 0) {
            break;
        }
        fseek($fp, 0, SEEK_END);
        if ($fz < 512) {
            fseek($fp, 0);
            $ll = rtrim(fread($fp, 512));
            $lines = explode("\n", $ll);
            break;
        }
        $a = -1;
        $end = 0;
        $last = '';
        $check = time();
        $date_from = $check - 24 * 60 * 60;
        // one day
        while ($date_from < $check and !feof($fp)) {
            $a -= 512;
            // if (-$a > $fz) { $a=-$fz; print 'wwwww';}
            fseek($fp, $a, SEEK_END);
            $l = fread($fp, 512);
            while (($p = strrpos($l, "\n")) !== false) {
                $line = substr($l, $p + 1) . $last;
                $l = substr($l, 0, $p);
                $dumm = explode("\t", $line, 2);
                $check = $dumm[0];
                if ($date_from > $check) {
                    break;
                }
                $lines[] = $line;
                if (sizeof($lines) >= $itemnum) {
                    $check = 0;
                    break;
                }
                $last = '';
            }
            $last = $l . $last;
        }
        fclose($fp);
        $lines = array_reverse($lines);
        break;
    }
    $debug = '';
    #ob_start();
    #print_r($_GET);
    #$debug=ob_get_contents();
    #ob_end_clean();
    $out = '';
    $formatter->set_wordrule();
    if (!empty($formatter->use_smileys) and empty($formatter->smiley_rule)) {
        $formatter->initSmileys();
    }
    $save = $formatter->sister_on;
    $formatter->sister_on = 0;
    $save2 = $formatter->nonexists;
    $formatter->nonexists = 'always';
    foreach ($lines as $line) {
        list($time, $user, $msg) = explode("\t", $line, 3);
        if (($p = strpos($user, ' ')) === false) {
            if ($user != 'Anonymous') {
                $user = '******' . $user . ']';
            }
        } else {
            $user = '******' . $user . ']';
        }
        $line = '<span class="date">' . gmdate("H:i:s", $time + $options['tz_offset']) . '</span>' . '<span class="user">&lt;' . $user . '></span>' . $msg;
        if (!empty($formatter->smiley_rule)) {
            $line = preg_replace_callback($formatter->smiley_rule, array(&$formatter, 'smiley_repl'), $line);
        }
        $out = '<li>' . preg_replace_callback("/(" . $formatter->wordrule . ")/", array(&$formatter, 'link_repl'), $line) . '</li>';
        #$out.='<li>'.$line.'</li>';
    }
    $formatter->sister_on = $save;
    $formatter->nonexists = $save2;
    if (!empty($options['action_mode']) and $options['action_mode'] == 'ajax') {
        $formatter->header('Expires', '0');
        $formatter->header('Cache-Control', 'no-cache');
        $formatter->header('Pragma', 'no-cache');
    }
    $stamp = '<span id="laststamp" style="display:none">' . time() . '</span>';
    print '<ul>' . $debug . $out . '</ul>' . $stamp;
}
Beispiel #16
0
function forum_check_password($forum_fid)
{
    $frame_top_target = html_get_top_frame_name();
    if (!($db_forum_check_password = db_connect())) {
        return false;
    }
    $webtag = get_webtag($webtag_search);
    if (!is_numeric($forum_fid)) {
        return false;
    }
    if ($forum_passhash = forum_get_password($forum_fid)) {
        forum_get_saved_password($password, $passhash, $sesshash);
        if ($sesshash == $forum_passhash) {
            return true;
        }
        // If we got this far then the password verification failed or
        // the user hasn't seen the password dialog before.
        $lang = load_language_file();
        html_draw_top();
        echo "<h1>{$lang['passwdprotectedforum']}</h1>\n";
        if (isset($_COOKIE["bh_{$webtag}_sesshash"]) && strlen(trim(_stripslashes($_COOKIE["bh_{$webtag}_sesshash"]))) > 0) {
            bh_setcookie("bh_{$webtag}_sesshash", "", time() - YEAR_IN_SECONDS);
            html_display_error_msg($lang['usernameorpasswdnotvalid'], '550', 'center');
        }
        echo "<br />\n";
        echo "<div align=\"center\">\n";
        echo "  <form method=\"post\" action=\"forum_password.php\" target=\"", html_get_top_frame_name(), "\">\n";
        echo "    ", form_input_hidden('webtag', _htmlentities($webtag)), "\n";
        echo "    ", form_input_hidden('final_uri', _htmlentities(get_request_uri())), "\n";
        echo "    <table cellpadding=\"0\" cellspacing=\"0\" width=\"550\">\n";
        if ($password_protected_message = forum_get_setting('password_protected_message', false)) {
            echo "      <tr>\n";
            echo "        <td align=\"left\">", fix_html($password_protected_message), "</td>\n";
            echo "      </tr>\n";
        } else {
            echo "      <tr>\n";
            echo "        <td align=\"center\">{$lang['passwdprotectedwarning']}</td>\n";
            echo "      </tr>\n";
        }
        echo "      <tr>\n";
        echo "        <td align=\"left\">&nbsp;</td>\n";
        echo "      </tr>\n";
        echo "      <tr>\n";
        echo "        <td align=\"center\">\n";
        echo "          <table class=\"box\" width=\"400\">\n";
        echo "            <tr>\n";
        echo "              <td class=\"posthead\" align=\"center\">\n";
        echo "                <table class=\"posthead\" width=\"100%\">\n";
        echo "                  <tr>\n";
        echo "                    <td align=\"left\" class=\"subhead\" colspan=\"2\">{$lang['enterpasswd']}</td>\n";
        echo "                  </tr>\n";
        echo "                </table>\n";
        echo "                <table class=\"posthead\" width=\"90%\">\n";
        echo "                  <tr>\n";
        echo "                    <td align=\"left\">{$lang['passwd']}:</td>\n";
        echo "                    <td align=\"left\">", form_input_password('forum_password', _htmlentities($password), 40, false, "autocomplete=\"off\""), form_input_hidden("forum_passhash", _htmlentities($passhash)), "</td>\n";
        echo "                  </tr>\n";
        echo "                  <tr>\n";
        echo "                    <td align=\"left\">&nbsp;</td>\n";
        echo "                    <td align=\"left\">", form_checkbox('remember_password', 'Y', $lang['rememberpassword'], strlen($password) > 0 && strlen($passhash) > 0), "</td>\n";
        echo "                  </tr>\n";
        echo "                  <tr>\n";
        echo "                    <td align=\"left\" colspan=\"2\">&nbsp;</td>\n";
        echo "                  </tr>\n";
        echo "                </table>\n";
        echo "              </td>\n";
        echo "            </tr>\n";
        echo "          </table>\n";
        echo "        </td>\n";
        echo "      </tr>\n";
        echo "      <tr>\n";
        echo "        <td align=\"left\">&nbsp;</td>\n";
        echo "      </tr>\n";
        echo "      <tr>\n";
        echo "        <td align=\"center\">", form_submit("submit", $lang['logon']), "&nbsp;", form_submit("cancel", $lang['cancel']), "</td>\n";
        echo "      </tr>\n";
        if (bh_session_check_perm(USER_PERM_ADMIN_TOOLS, 0) || bh_session_check_perm(USER_PERM_FORUM_TOOLS, 0)) {
            echo "      <tr>\n";
            echo "        <td align=\"left\">&nbsp;</td>\n";
            echo "      </tr>\n";
            echo "      <tr>\n";
            echo "        <td align=\"center\">{$lang['adminforumclosedtip']}</td>\n";
            echo "      </tr>\n";
        }
        echo "    </table>\n";
        echo "  </form>\n";
        echo "</div>\n";
        html_draw_bottom();
        exit;
    }
    return true;
}
Beispiel #17
0
function do_revoke($formatter, $options)
{
    global $DBInfo;
    if ($_SERVER['REQUEST_METHOD'] == 'POST' && !$DBInfo->security->writable($options)) {
        $options['title'] = _("Page is not writable");
        return do_invalid($formatter, $options);
    }
    $is_new = false;
    if (!$formatter->page->exists()) {
        $is_new = true;
    }
    if ($is_new) {
        $formatter->send_header('', $options);
        $title = _("You can't revoke already deleted page.");
        $formatter->send_title($title, '', $options);
        $formatter->send_footer('', $options);
        return;
    }
    // check revocable
    $params = array();
    $retval = array();
    $params['retval'] =& $retval;
    macro_Stat($formatter, $value, $params);
    $is_ok = false;
    if ($retval['first_author'] == $options['id'] || in_array($options['id'], $DBInfo->members)) {
        $is_ok = true;
    }
    // get the site specific hash code
    $ticket = $formatter->page->mtime() . getTicket($DBInfo->user->id, $_SERVER['REMOTE_ADDR']);
    $hash = md5($ticket);
    $formatter->send_header('', $options);
    if ($is_ok && $_SERVER['REQUEST_METHOD'] == 'POST' && $hash == $options['hash']) {
        // simple comment check
        $comment = _stripslashes($options['comment']);
        $comment = trim($comment);
        $default = _("Revoke");
        if (isset($comment[0]) && ($p = strpos($comment, $default)) === 0) {
            $comment = substr($comment, strlen($default));
            $comment = trim($comment);
            $comment = ltrim($comment, ': ');
        }
        $options['comment'] = isset($comment[0]) ? $default . ': ' . $comment : $default;
        $options['.revoke'] = true;
        $ret = $DBInfo->deletePage($formatter->page, $options);
        if ($ret == -1) {
            if (!empty($options['retval']['msg'])) {
                $title = $options['retval']['msg'];
            } else {
                $title = sprintf(_("Fail to revoke \"%s\""), _html_escape($formatter->page->name));
            }
        } else {
            $title = sprintf(_("\"%s\" is successfully revoked !"), _html_escape($formatter->page->name));
        }
        $formatter->send_title($title, '', $options);
        $formatter->send_footer('', $options);
        return;
    }
    $pagename = $formatter->page->name;
    $lab = _("Summary");
    if (!$is_ok) {
        $title = _("You are not the first author of this page or do not have enough revoke permission");
        $formatter->send_title($title, '', $options);
        $formatter->send_footer('', $options);
        return;
    }
    if ($retval['first_author'] == $options['id']) {
        $title = _("You are the first author of this page");
    } else {
        $title = _("Do you want to revoke this page?");
    }
    $formatter->send_title($title, '', $options);
    $comment = _("Revoke");
    print "<form method='post'>\n    {$lab} : <input name='comment' size='80' value='{$comment}: ' /><br />\n";
    $btn = _("Revoke page");
    $msg = sprintf(_("Only WikiMaster can %s this page"), _("revoke"));
    if ($DBInfo->security->is_protected("revoke", $options)) {
        print _("Password") . ": <input type='password' name='passwd' size='20' value='' />\n{$msg}<br />\n";
    }
    print "\n    <input type='hidden' name='action' value='revoke' />\n    <input type='hidden' name='hash' value='{$hash}' />\n    <input type='submit' value='{$btn}' />{$extra}\n    </form>";
    $formatter->send_footer('', $options);
    return;
}
Beispiel #18
0
function _parse_rlog($formatter, $log, $options = array())
{
    global $DBInfo;
    $tz_offset = $formatter->tz_offset;
    if (!empty($DBInfo->wikimasters) and is_array($DBInfo->wikimasters) and in_array($options['id'], $DBInfo->wikimasters)) {
        $admin = 1;
    }
    if (!empty($options['info_actions'])) {
        $actions = $options['info_actions'];
    } else {
        if (isset($DBInfo->info_actions)) {
            $actions = $DBInfo->info_actions;
        } else {
            $actions = array('recall' => 'view', 'raw' => 'source', 'diff' => 'diff');
        }
    }
    if (!$formatter->page->exists() && !in_array('revert', $actions)) {
        $actions['revert'] = 'revert';
    }
    if (!empty($DBInfo->use_avatar)) {
        if (is_string($DBInfo->use_avatar)) {
            $type = $DBInfo->use_avatar;
        } else {
            $type = 'identicon';
        }
        $avatarlink = qualifiedUrl($formatter->link_url('', '?action=' . $type . '&amp;seed='));
    }
    $ipicon = '<img src="' . $DBInfo->imgs_dir . '/misc/ip.png" />';
    $members = $DBInfo->members;
    // do not check admin member users
    $user = $DBInfo->user;
    $ismember = $user->is_member;
    $diff_action = null;
    if (isset($actions['diff'])) {
        $diff_action = _($actions['diff']);
        unset($actions['diff']);
    }
    $state = 0;
    $flag = 0;
    $time_current = time();
    $simple = !empty($options['simple']) ? 1 : 0;
    $url = $formatter->link_url($formatter->page->urlname);
    $diff_btn = _("Compare");
    $out = "<div class='wikiInfo'>\n";
    if (!empty($options['title'])) {
        $out .= $options['title'];
    } else {
        $out .= "<h2>" . _("Revision History") . "</h2>\n";
    }
    $out .= "<form id='infoform' method='get' action='{$url}'>";
    $out .= "<div><table class='info'><thead><tr>\n";
    $out .= "<th>" . _("Ver.") . "</th><th>" . _("Date") . "</th>" . "<th>" . _("Changes") . "</th>" . "<th>" . _("Editor") . "</th>" . "<th><button type='submit'><span>{$diff_btn}</span></button></th>\n";
    if (!$simple) {
        if (!empty($actions)) {
            $out .= "<th>" . _("View") . "</th>";
        }
        if (isset($admin)) {
            $out .= "<th>" . _("admin.") . "</th>";
        }
    }
    $out .= "</tr>\n</thead>\n";
    $out .= "<tbody>\n";
    $users = array();
    $rr = 0;
    #foreach ($lines as $line) {
    $count = 0;
    $showcount = (!empty($options['count']) and $options['count'] > 5) ? $options['count'] : 10;
    $line = '';
    $ok = 0;
    $log .= "\n";
    // hack
    $ii = 0;
    for (; !empty($line) or !empty($log); list($line, $log) = explode("\n", $log, 2)) {
        if (!$state) {
            if (!preg_match("/^---/", $line)) {
                continue;
            } else {
                $state = 1;
                continue;
            }
        }
        if ($state == 1 and $ok == 1) {
            if (!empty($options['action'])) {
                $act = $options['action'];
            } else {
                $act = 'info';
            }
            $lnk = $formatter->link_to('?action=' . $act . '&amp;rev=' . $rev, _("Show next revisions"), ' class="button small"');
            $out .= '<tr><td colspan="2"></td><td colspan="' . (!empty($admin) ? 5 : 4) . '">' . $lnk . '</td></tr>';
            break;
        }
        switch ($state) {
            case 1:
                $rr++;
                preg_match("/^revision ([0-9a-f\\.]+)\\s*/", $line, $match);
                $rev = $match[1];
                if (isset($match[2]) and preg_match("/\\./", $match[2])) {
                    $state = 0;
                    break;
                }
                $state = 2;
                break;
            case 2:
                $change = '';
                $inf = preg_replace("/date:\\s([0-9\\/:\\s]+)(;\\s+author:.*;\\s+state:.*;)?/", "\\1", $line);
                if (strstr($inf, 'lines:') !== FALSE) {
                    list($inf, $change) = explode('lines:', $inf, 2);
                }
                if (!empty($options['ago'])) {
                    if (preg_match('/^[0-9]+$/', $inf)) {
                        $rrev = '#' . $rr;
                        $ed_time = $inf;
                        $inf = gmdate("Y-m-d H:i:s", $ed_time + $tz_offset);
                    } else {
                        $ed_time = strtotime($inf . ' GMT');
                    }
                    $time_diff = (int) ($time_current - $ed_time) / 60;
                    if ($time_diff > 1440 * 31) {
                        $inf = gmdate("Y-m-d H:i:s", strtotime($inf . ' GMT') + $tz_offset);
                    } else {
                        if (($time_diff = $time_diff / 60) > 24) {
                            $day = (int) ($time_diff / 24);
                            if ($day == 1) {
                                $inf = _("Yesterday");
                            } else {
                                $inf = sprintf(_("%s days ago"), (int) ($time_diff / 24));
                            }
                        } else {
                            if ($time_diff > 1) {
                                $inf = sprintf(_("%s hours ago"), (int) $time_diff);
                            } else {
                                $inf = sprintf(_("%s min ago"), $time_diff % 60);
                            }
                        }
                    }
                } else {
                    if (preg_match('/^[0-9]+$/', $inf)) {
                        $rrev = '#' . $rr;
                        $ed_time = $inf;
                        $inf = gmdate("Y-m-d H:i:s", $inf + $tz_offset);
                    } else {
                        if ($tz_offset != '') {
                            $inf = gmdate("Y-m-d H:i:s", strtotime($inf . ' GMT') + $tz_offset);
                        } else {
                            $inf = date("Y-m-d H:i:s", strtotime($inf));
                        }
                        // localtime
                    }
                }
                $inf = $formatter->link_to("?action=recall&rev={$rev}", $inf);
                $change = preg_replace("/\\+(\\d+)\\s\\-(\\d+)/", "<span class='diff-added'><span>+\\1</span></span><span class='diff-removed'><span>-\\2</span></span>", $change);
                $state = 3;
                break;
            case 3:
                $dummy = explode(';;', $line, 3);
                $ip = $dummy[0];
                $realip = $lastip = $ip;
                if (($p = strpos($ip, ',')) !== false) {
                    // IP addresses via proxies
                    $realip = substr($ip, 0, $p);
                    $tmp = explode(',', $ip);
                    $lastip = $ip = array_pop($tmp);
                }
                $user = trim($dummy[1]);
                if (($p = strpos($user, ' ')) !== false) {
                    // XXX
                    $user = substr($user, 0, $p);
                } else {
                    if (substr($user, 0, 9) == 'Anonymous') {
                        $user = '******';
                    }
                }
                if (!empty($DBInfo->use_avatar)) {
                    $crypted = crypt($ip, $ip);
                    $mylnk = preg_replace('/seed=/', 'seed=' . $crypted, $avatarlink);
                    $avatar = '<img src="' . $mylnk . '" style="width:16px;height:16px;vertical-align:middle" alt="avatar" />';
                } else {
                    $avatar = '';
                }
                if ($user and $user != 'Anonymous') {
                    if (array_key_exists($user, $users)) {
                        $ip = $users[$user];
                    } else {
                        if (!empty($DBInfo->use_nick)) {
                            $u = $DBInfo->udb->getUser($user);
                            if (!empty($u->info['nick'])) {
                                if ($DBInfo->interwiki['User']) {
                                    $ip = $formatter->link_repl('[wiki:User:'******' ' . $u->info['nick'] . ']');
                                } else {
                                    if (!empty($u->info['home'])) {
                                        $ip = $formatter->link_repl('[' . $u->info['home'] . ' ' . $u->info['nick'] . ']');
                                    } else {
                                        $ip = $formatter->link_repl('[wiki:' . $user . ' ' . $u->info['nick'] . ']');
                                    }
                                }
                            }
                            $ip = $avatar . $ip;
                            $users[$user] = $ip;
                        } else {
                            if (strpos($user, ' ') !== false) {
                                $ip = $avatar . $formatter->link_repl($user);
                                $users[$user] = $ip;
                            } else {
                                if (empty($DBInfo->no_wikihomepage)) {
                                    if (empty($DBInfo->use_hostname) or $DBInfo->hasPage($user)) {
                                        $ip = $avatar . $formatter->link_tag($user);
                                    } else {
                                        $ip = $avatar . $user;
                                    }
                                    $users[$user] = $ip;
                                }
                            }
                        }
                    }
                }
                if (empty($users[$user])) {
                    $rip = $ip;
                    $u = $user;
                    if ($u == 'Anonymous') {
                        $u = $ip;
                    }
                    if (isset($DBInfo->interwiki['Whois'])) {
                        $wip = "<a href='" . $DBInfo->interwiki['Whois'] . "{$ip}' target='_blank'>{$ipicon}</a>";
                    } else {
                        $wip = "<a href='?action=whois&amp;q=" . $ip . "' target='_blank'>{$ipicon}</a>";
                    }
                    if ($ismember) {
                        if (!empty($DBInfo->use_admin_user_url)) {
                            $u = '<a href="' . $DBInfo->use_admin_user_url . $u . '">' . $u . '</a>';
                        }
                        if (!in_array($user, $members)) {
                            $ip = $u . $wip;
                        } else {
                            $ip = $u;
                        }
                    } else {
                        if (empty($DBInfo->show_hosts)) {
                            $ip = $user;
                        } else {
                            if (!empty($DBInfo->mask_hostname)) {
                                if ($user == 'Anonymous') {
                                    $ip = _mask_hostname($ip);
                                } else {
                                    $ip = $user;
                                }
                            } else {
                                if (!empty($members) and in_array($u, $members)) {
                                    $ip = $user;
                                } else {
                                    if (!empty($avatar)) {
                                        if ($user == 'Anonymous') {
                                            $u = _($user);
                                        }
                                        $ip = $u;
                                    } else {
                                        $ip = $u . $wip;
                                    }
                                }
                            }
                        }
                    }
                    $ip = $avatar . $ip;
                    if ($user != 'Anonymous') {
                        $users[$user] = $ip;
                    } else {
                        $users[$rip] = $ip;
                    }
                }
                $comment = !empty($dummy[2]) ? _stripslashes($dummy[2]) : '';
                if ($realip != $lastip) {
                    $via = '<span class="via-proxy">' . $realip . '</span>';
                    $comment = isset($comment[0]) ? $via . ' ' . $comment : $via;
                }
                $state = 4;
                break;
            case 4:
                if (!$rev) {
                    break;
                }
                $rowspan = 1;
                if (!$simple and $comment) {
                    $rowspan = 2;
                }
                $rrev = !empty($rrev) ? $rrev : $formatter->link_to("?action=recall&rev={$rev}", $rev);
                $alt = $ii++ % 2 == 0 ? ' class="alt"' : '';
                $out .= "<tr{$alt}>\n";
                $out .= "<th class='rev' valign='top' rowspan={$rowspan}>{$rrev}</th><td nowrap='nowrap' class='date'>{$inf}</td><td class='change'>{$change}</td><td class='author'>{$ip}&nbsp;</td>";
                $rrev = '';
                $achecked = "";
                $bchecked = "";
                if ($flag == 1) {
                    $achecked = "checked ";
                } else {
                    if (!$flag) {
                        $bchecked = "checked ";
                    }
                }
                $onclick = "onclick='ToggleRev(this)'";
                $out .= "<th nowrap='nowrap' class='check'><input type='radio' name='rev' value='{$rev}' {$achecked} {$onclick} />\n";
                $out .= "<input type='radio' name='rev2' value='{$rev}' {$bchecked} {$onclick} /></th>";
                if (!$simple) {
                    $out .= "<td nowrap='nowrap' class='view'>";
                    foreach ($actions as $k => $v) {
                        $k = is_numeric($k) ? $v : $k;
                        $out .= $formatter->link_to("?action={$k}&amp;rev={$rev}", _($v), ' class="button-small"') . ' ';
                    }
                    if ($flag) {
                        if ($diff_action) {
                            $out .= " " . $formatter->link_to("?action=diff&amp;rev={$rev}", $diff_action, ' class="button-small"');
                        }
                        $out .= "</td>";
                        if (isset($admin)) {
                            $out .= "<td><input type='checkbox' name='range[{$flag}]' value='{$rev}' /></td>";
                        }
                    } else {
                        $out .= "</td>";
                        if (isset($admin)) {
                            $out .= "<td><input type='image' src='{$DBInfo->imgs_dir}/smile/checkmark.png' onClick=\"ToggleAll('infoform');return false;\"/></td>";
                        }
                    }
                }
                $out .= "</tr>\n";
                if (!$simple and $comment) {
                    $out .= "<tr class='log'><td colspan='" . (!empty($admin) ? 6 : 5) . "'><p>{$comment}&nbsp;</p></td></tr>\n";
                }
                $state = 1;
                $flag++;
                $count++;
                if ((empty($options['all']) or $options['all'] != 1) and $count >= $showcount) {
                    $ok = 1;
                }
                break;
        }
    }
    if (!$simple and !empty($admin)) {
        $out .= "<tr><td colspan='" . (!empty($admin) ? 7 : 6) . "' align='right'><input type='checkbox' name='show' checked='checked' />" . _("show only") . ' ';
        if ($DBInfo->security->is_protected("rcspurge", $options)) {
            $out .= "<input type='password' name='passwd'>";
        }
        $out .= "<input type='submit' name='rcspurge' value='" . _("purge") . "'></td></tr>";
    }
    $out .= "<input type='hidden' name='action' value='diff'/>\n</tbody></table></div></form>\n";
    $out .= "<script type='text/javascript' src='{$DBInfo->url_prefix}/local/checkbox.js'></script></div>\n";
    return $out;
}
Beispiel #19
0
function do_bbs($formatter, $options = array())
{
    global $DBInfo;
    $err = '';
    $args = array();
    if ($options['mode'] == 'rss') {
        #$formatter->send_header("Content-Type: text/xml",$options);
        header("Content-Type: application/xml");
        print macro_BBS($formatter, '', $options);
        return;
    }
    # load a config file
    $bname = $formatter->page->name;
    $conf0 = array();
    if (file_exists('config/bbs.' . $bname . '.php')) {
        $confname = 'bbs.' . $bname . '.php';
        $conf0 = _load_php_vars('config/bbs.default.php');
    } else {
        $confname = 'bbs.default.php';
    }
    $conf = _load_php_vars('config/' . $confname);
    $conf = array_merge($conf0, $conf);
    # check valid IP
    $check_ip = true;
    if ($conf['allowed_ip'] and in_array($options['mode'], array('edit', 'delete', 'new'))) {
        include_once 'lib/checkip.php';
        if (!check_ip($conf['allowed_ip'], $_SERVER['REMOTE_ADDR'])) {
            $options['title'] = sprintf(_("Your IP address is not allowed to %s at this BBS"), $options["mode"]);
            $check_ip = false;
        }
    }
    $check_pass = false;
    $MyBBS = macro_BBS($formatter, '', array('new' => 1));
    if ($options['id'] != 'Anonymous' and $options['mode'] == 'edit' and $options['no']) {
        $body = $MyBBS->getPage($options['no']);
        if ($body != null) {
            include_once 'lib/metadata.php';
            list($metas, $dummy) = _get_metadata($body);
            if ($metas['Name'] == $options['id']) {
                # XXX
                $check_pass = true;
            }
        }
    }
    # password check
    while ($options['no'] and ($options['mode'] == 'delete' or $options['mode'] == 'edit') and $_SERVER['REQUEST_METHOD'] == "POST") {
        # check admin(WikiMaster) password
        if (!$check_pass) {
            if ($DBInfo->admin_passwd) {
                $check_pass = $DBInfo->admin_passwd == crypt($options['pass'], $DBInfo->admin_passwd);
            } else {
                $check_pass = false;
            }
        }
        # check admin(BBSMaster) password
        if (!$check_pass and $conf['admin_passwd']) {
            $check_pass = $conf['admin_passwd'] == crypt($options['pass'], $conf['admin_passwd']);
        }
        while ($check_ip and $check_pass and $options['mode'] == 'delete') {
            if (($p = strpos($options['no'], ' ')) !== false) {
                $nids = explode(" ", $options['no']);
            } else {
                $nids = array($options['no']);
            }
            for ($i = 0, $sz = sizeof($nids); $i < $sz; $i++) {
                if ($MyBBS->hasPage($nids[$i])) {
                    $MyBBS->deletePage($nids[$i]);
                } else {
                    $MyBBS->deleteIndex($nids[$i]);
                }
            }
            $query = $options['p'] ? '&p=' . $options['p'] : '';
            $myrefresh = '';
            if ($DBInfo->use_save_refresh) {
                $sec = $DBInfo->use_save_refresh - 1;
                $lnk = $formatter->link_url($formatter->page->urlname, '?' . ($query ? $query : 'action=show'));
                $myrefresh = 'Refresh: ' . $sec . '; url=' . qualifiedURL($lnk);
            }
            $options['msg'] = _("Successfully deleted.");
            $header = array("Expires: " . gmdate("D, d M Y H:i:s", 0) . " GMT");
            if ($myrefresh) {
                $header[] = $myrefresh;
            }
            $formatter->send_header($header, $options);
            $formatter->send_title("", "", $options);
            $formatter->send_footer("", $options);
            return;
        }
        break;
    }
    while ($options['mode'] == 'comment' and $options['savetext'] and $_SERVER['REQUEST_METHOD'] == "POST") {
        $query = 'no=' . $options['no'] . ($options['p'] ? '&p=' . $options['p'] : '');
        $myrefresh = '';
        if ($DBInfo->use_save_refresh) {
            $sec = $DBInfo->use_save_refresh - 1;
            $lnk = $formatter->link_url($formatter->page->urlname, '?' . $query);
            $myrefresh = 'Refresh: ' . $sec . '; url=' . qualifiedURL($lnk);
        }
        $header = array("Expires: " . gmdate("D, d M Y H:i:s", 0) . " GMT");
        if ($myrefresh) {
            $header[] = $myrefresh;
        }
        $p = new WikiPage($options['page'] . ':' . $options['no'], $options);
        $formatter->page = $p;
        $options['page'] = $options['page'] . ':' . $options['no'];
        $options['minor'] = 1;
        # do not log
        $formatter->send_header($header, $options);
        $options['action_mode'] = 'ajax';
        $options['call'] = 1;
        $ret = $formatter->ajax_repl('comment', $options);
        if ($ret == false) {
            $options['msg'] = _("Fail to post comment.");
        }
        unset($options['action_mode']);
        $formatter->send_title("", "", $options);
        $formatter->send_footer("", $options);
        return;
        break;
    }
    if ($options['mode'] == 'delete') {
        $msg = sprintf(_("The article %s will be deleted."), $options['no']);
        $url = $formatter->link_url($formatter->page->urlname, '');
        $header = array("Expires: " . gmdate("D, d M Y H:i:s", 0) . " GMT");
        $formatter->send_header($header, $options);
        $formatter->send_title("", "", $options);
        print <<<EOF
<div class='deleteDialog'>
<form method='post' action='{$url}' >
<strong>{$msg}</strong>
<table border='0' width='20%'>
<tbody>
<tr><th>Password:</th><td><input type='password' style="width:200px" name='pass' /></td></tr>
</tbody>
</table>
<input type='hidden' name='no' value='{$options['no']}' />
<input type='hidden' name='p' value='{$options['p']}' />
<input type='hidden' name='action' value='bbs' />
<input type='hidden' name='mode' value='delete' />
</form>
</div>
EOF;
        $formatter->send_footer("", $options);
        return;
    } else {
        if ($options['mode'] == 'edit') {
            $button_preview = $options['button_preview'];
            while ($_SERVER['REQUEST_METHOD'] == "POST") {
                $savetext = $options['savetext'];
                $datestamp = $options['datestamp'];
                $subject = $options['subject'];
                # strip some tags from the subject
                $subject = preg_replace("%</?(marquee|embed|object|script|form|frame|iframe|img|a|)[^>]*>%", '', $subject);
                $args['subject'] = _stripslashes($subject);
                if ($options['id'] == 'Anonymous') {
                    $name = $options['name'];
                    $name = strip_tags($name);
                    $pass = $options['pass'];
                    $home = $options['homepage'];
                    # check a homepage address
                    if (!empty($home)) {
                        if (!preg_match('/^((ftp|http|news):\\/\\/)[a-z0-9][a-z0-9_\\-]+\\.[a-z0-9\\-\\.]+.*/', $home)) {
                            $options['msg'] = _("Invalid HomePage address.");
                            break;
                        } else {
                            if (!eregi("^(ftp|http|news):\\/\\/", $home)) {
                                $home = "http://" . $home;
                            }
                        }
                    }
                    # check email address
                    $email = $options['email'];
                    $args['name'] = _stripslashes($name);
                    $args['pass'] = _stripslashes($pass);
                    $args['home'] = _stripslashes($home);
                    $args['email'] = _stripslashes($email);
                    if (!$name) {
                        $options['msg'] = _("No Name error.");
                        break;
                    }
                } else {
                    $args['name'] = $options['id'];
                }
                $args['no'] = $options['no'] ? $options['no'] : 0;
                if ($options['no'] and !$check_pass) {
                    break;
                }
                # edit mode
                if (!$check_ip) {
                    break;
                }
                # not allowed IPs
                if (!$args['subject'] or !$savetext) {
                    $options['msg'] = _("No Subject error.");
                    break;
                }
                if ($button_preview) {
                    break;
                }
                $savetext = preg_replace("/\r\n|\r/", "\n", $savetext);
                if ($savetext and $DBInfo->spam_filter) {
                    $text = $savetext;
                    $fts = preg_split('/(\\||,)/', $DBInfo->spam_filter);
                    foreach ($fts as $ft) {
                        $text = $formatter->filter_repl($ft, $text, $options);
                    }
                    if ($text != $savetext) {
                        $options['msg'] = _("Sorry, can not save page because some messages are blocked in this wiki.");
                        break;
                    }
                }
                $savetext = rtrim($savetext) . "\n";
                $args['text'] = _stripslashes($savetext);
                $MyBBS = macro_BBS($formatter, '', array('new' => 1));
                $myrefresh = '';
                if ($DBInfo->use_save_refresh) {
                    $sec = $DBInfo->use_save_refresh - 1;
                    $lnk = $formatter->link_url($formatter->page->urlname, "?action=show");
                    $myrefresh = 'Refresh: ' . $sec . '; url=' . qualifiedURL($lnk);
                }
                $header = array("Expires: " . gmdate("D, d M Y H:i:s", 0) . " GMT");
                $options['msg'] = _("New post added successfully");
                if ($myrefresh) {
                    $header[] = $myrefresh;
                }
                $formatter->send_header($header, $options);
                $formatter->send_title("", "", $options);
                if ($MyBBS->use_attach) {
                    # XXX
                    $args['call'] = 1;
                    $lists = array();
                    $lists = $formatter->macro_repl('Attachments', '', $args);
                    unset($args['call']);
                    if (!empty($lists)) {
                        $args['attach'] = $lists;
                    }
                }
                $MyBBS->savePage($args);
                $formatter->send_footer("", $options);
                return;
            }
            #print _bbs_edit_form();
            #print macro_BBSForm($formatter);
            $formatter->send_header("", $options);
            $formatter->send_title("", "", $options);
            if ($options['savetext']) {
                $formatter->_raw_body = $options['savetext'];
                if ($options['no']) {
                    $hidden = "<input type='hidden' name='no' value='{$options['no']}' />\n" . "<input type='hidden' name='p' value='{$options['p']}' />";
                }
            } else {
                if ($options['no']) {
                    $MyBBS = macro_BBS($formatter, '', array('new' => 1));
                    $nid = $options['no'];
                    if ($nid and $MyBBS->hasPage($nid)) {
                        $fields = array('Name', 'Subject', 'Date', 'Email', 'HomePage', 'IP', 'Keywords');
                        include_once 'lib/metadata.php';
                        $body = $MyBBS->getPage($nid);
                        $boundary = strtoupper(md5("COMMENT"));
                        # XXX
                        list($body, $comments) = explode('----' . $boundary . "\n", $body, 2);
                        # XXX
                        if ($body != null) {
                            list($metas, $nbody) = _get_metadata($body);
                            if ($nbody) {
                                $body = $nbody;
                            }
                            $args['name'] = $metas['Name'];
                            $args['subject'] = $metas['Subject'];
                            $args['home'] = $metas['HomePage'];
                            $args['email'] = $metas['Email'];
                            $args['text'] = $body;
                            $formatter->_raw_body = $body;
                            $hidden = "<input type='hidden' name='no' value='{$nid}' />\n" . "<input type='hidden' name='p' value='{$options['p']}' />";
                        }
                    }
                } else {
                    $formatter->_raw_body = "";
                }
            }
            if ($options['id'] == 'Anonymous') {
                $formatter->_extra_form = <<<EOF
<div>
<table border='0' width='100%'>
<col width='10%' /><col width='10%' /><col width='10%' /><col width='70%' />
<tbody>
<tr><th>Subject:</th><td colspan='3'><input type='text' style="width:80%" name='subject' value='{$args['subject']}' /></td></tr>
<tr><th>Name:</th><td><input type='text' name='name' value='{$args['name']}' /></td>
    <th>Password:</th><td><input type='password' name='pass' /></td></tr>
<tr><th>Email:</th><td colspan='3'><input type='text' style="width:50%" name='email' value='{$args['email']}' /></td></tr>
<tr><th>HomePage:</th><td colspan='3'><input type='text'style="width:50%" name='homepage' value='{$args['home']}' /></td></tr>
</tbody>
</table>
{$hidden}
</div>
EOF;
            } else {
                if (!$check_pass and !empty($options['no']) and $options['mode'] == 'edit') {
                    $pass_form = "<tr><th>Password:</th><td><input type='password' name='pass' /></td></tr>";
                }
                $formatter->_extra_form = <<<EOF
<div>
<table border='0' width='100%'>
<col width='20%' /><col width='80%' />
<tbody>
<tr><th>Subject:</th><td><input type='text' style="width:80%" name='subject' value='{$args['subject']}' /></td></tr>
{$pass_form}
</tbody>
</table>
{$hidden}
</div>
EOF;
            }
            $formatter->_mtime = 0;
            $options['simple'] = 2;
            $options['nocategories'] = 1;
            $options['minor'] = 1;
            # do not show a minor checkbox
            print macro_EditText($formatter, $value, $options);
            $formatter->_raw_body = null;
            $formatter->_extra_form = null;
        } else {
            $formatter->send_header("", $options);
            $formatter->send_title("", "", $options);
            print macro_BBS($formatter, 'no=' . $options['no']);
        }
    }
    $formatter->send_footer("", $options);
    return;
}
Beispiel #20
0
 function _getFormConfig($config, $mode = 0)
 {
     $conf = array();
     while (list($key, $val) = each($config)) {
         $val = _stripslashes($val);
         $val = str_replace(array("\r\n", "\r"), array("\n", "\n"), $val);
         if (!isset($val)) {
             $val = "''";
         }
         if (!$mode) {
             @eval("\$dum={$val};");
             @eval("\${$key}={$val};");
             $conf[$key] = $dum;
         } else {
             $conf[$key] = $val;
         }
         #print("$mode:\$$key=$val;<br/>");
     }
     return $conf;
 }
Beispiel #21
0
 function WikiUser($id = "")
 {
     global $Config;
     if (!empty($Config['cookie_expires'])) {
         $this->cookie_expires = $Config['cookie_expires'];
     }
     if ($id && $id != 'Anonymous') {
         $this->setID($id);
         return;
     }
     $id = '';
     if (isset($_COOKIE['MONI_ID'])) {
         $this->ticket = substr($_COOKIE['MONI_ID'], 0, 32);
         $id = urldecode(substr($_COOKIE['MONI_ID'], 33));
     }
     $ret = $this->setID($id);
     if ($ret) {
         $this->getGroup();
     }
     $this->css = isset($_COOKIE['MONI_CSS']) ? $_COOKIE['MONI_CSS'] : '';
     $this->theme = isset($_COOKIE['MONI_THEME']) ? $_COOKIE['MONI_THEME'] : '';
     $this->bookmark = isset($_COOKIE['MONI_BOOKMARK']) ? $_COOKIE['MONI_BOOKMARK'] : '';
     $this->trail = isset($_COOKIE['MONI_TRAIL']) ? _stripslashes($_COOKIE['MONI_TRAIL']) : '';
     $this->tz_offset = isset($_COOKIE['MONI_TZ']) ? _stripslashes($_COOKIE['MONI_TZ']) : '';
     $this->nick = isset($_COOKIE['MONI_NICK']) ? _stripslashes($_COOKIE['MONI_NICK']) : '';
     $this->verified_email = isset($_COOKIE['MONI_VERIFIED_EMAIL']) ? _stripslashes($_COOKIE['MONI_VERIFIED_EMAIL']) : '';
     if ($this->tz_offset == '') {
         $this->tz_offset = date('Z');
     }
 }
Beispiel #22
0
function do_rss_rc($formatter, $options)
{
    global $DBInfo, $Config;
    // get members to hide log
    $members = $DBInfo->members;
    $days = !empty($DBInfo->rc_days) ? $DBInfo->rc_days : RSS_DEFAULT_DAYS;
    $options['quick'] = 1;
    if (!empty($options['c'])) {
        $options['items'] = $options['c'];
    }
    $lines = $DBInfo->editlog_raw_lines($days, $options);
    if (!empty($DBInfo->rss_rc_options)) {
        $opts = $DBInfo->rss_rc_options;
        $opts = explode(',', $opts);
        foreach ($opts as $opt) {
            $options[$opt] = 1;
            // FIXME
        }
    }
    // HTTP conditional get
    $mtime = $DBInfo->mtime();
    $lastmod = gmdate('D, d M Y H:i:s \\G\\M\\T', $mtime);
    $cache_ttl = !empty($DBInfo->rss_rc_ttl) ? $DBInfo->rss_rc_ttl : 60;
    /* 60 seconds */
    // make etag based on some options and mtime.
    $check_opts = array('quick', 'items', 'oe', 'diffs', 'raw', 'nomsg', 'summary');
    $check = array();
    foreach ($check_opts as $c) {
        if (isset($options[$c])) {
            $check[$c] = $options[$c];
        }
    }
    $etag = md5($mtime . $DBInfo->logo_img . serialize($check) . $cache_ttl . $options['id']);
    $headers = array();
    $headers[] = 'Pragma: cache';
    $maxage = $cache_ttl;
    $public = 'public';
    if ($options['id'] != 'Anonymous') {
        $public = 'private';
    }
    $headers[] = 'Cache-Control: ' . $public . ', max-age=' . $maxage;
    $headers[] = 'Last-Modified: ' . $lastmod;
    $headers[] = 'ETag: "' . $etag . '"';
    $need = http_need_cond_request($mtime, $lastmod, $etag);
    if (!$need) {
        $headers[] = 'HTTP/1.0 304 Not Modified';
    }
    foreach ($headers as $h) {
        header($h);
    }
    if (!$need) {
        @ob_end_clean();
        return;
    }
    $cache = new Cache_Text('rss_rc');
    $cache_delay = min($cache_ttl, 30);
    $mtime = $cache->mtime($etag);
    $val = false;
    if (empty($formatter->refresh)) {
        if (($val = $cache->fetch($etag)) !== false and $DBInfo->checkUpdated($mtime, $cache_delay)) {
            header("Content-Type: text/xml");
            echo $val;
            return;
        }
    }
    // need to update cache
    if ($val !== false and $cache->exists($etag . '.lock')) {
        header("Content-Type: text/xml");
        echo $val . '<!-- cached at ' . date('Y-m-d H:i:s', $mtime) . ' -->';
        return;
    }
    if ($cache->exists($etag . '.lock')) {
        header("Content-Type: text/xml");
        echo '';
        return;
    }
    $cache->update($etag . '.lock', array('lock'), 5);
    // 5s lock
    $time_current = time();
    #  $secs_per_day= 60*60*24;
    #  $days_to_show= 30;
    #  $time_cutoff= $time_current - ($days_to_show * $secs_per_day);
    $URL = qualifiedURL($formatter->prefix);
    $img_url = qualifiedURL($DBInfo->logo_img);
    $url = qualifiedUrl($formatter->link_url("RecentChanges"));
    $channel = <<<CHANNEL
<channel rdf:about="{$URL}">
  <title>{$DBInfo->sitename}</title>
  <link>{$url}</link>
  <description>RecentChanges at {$DBInfo->sitename}</description>
  <image rdf:resource="{$img_url}"></image>
  <items>
  <rdf:Seq>

CHANNEL;
    $items = "";
    $ratchet_day = FALSE;
    if (!$lines) {
        $lines = array();
    }
    foreach ($lines as $line) {
        $parts = explode("\t", $line);
        $page_name = $DBInfo->keyToPagename($parts[0]);
        // hide log
        if (!empty($members) && !in_array($options['id'], $members) && !empty($Config['ruleset']['hidelog'])) {
            if (in_array($page_name, $Config['ruleset']['hidelog'])) {
                continue;
            }
        }
        $addr = $parts[1];
        $ed_time = $parts[2];
        $user = $parts[4];
        $log = _stripslashes($parts[5]);
        $act = rtrim($parts[6]);
        #    if ($ed_time < $time_cutoff)
        #      break;
        $url = qualifiedUrl($formatter->link_url(_rawurlencode($page_name)));
        $diff_url = qualifiedUrl($formatter->link_url(_rawurlencode($page_name), '?action=diff'));
        $extra = "<br /><a href='{$diff_url}'>" . _("show changes") . "</a>\n";
        if (!$DBInfo->hasPage($page_name)) {
            $status = 'deleted';
            $html = '<![CDATA[' . "<a href='{$url}'>" . $page_name . "</a> is deleted" . ']]>' . "\n";
        } else {
            $status = 'updated';
            if (!empty($options['diffs'])) {
                $p = new WikiPage($page_name);
                $f = new Formatter($p);
                $options['raw'] = 1;
                $options['nomsg'] = 1;
                $html = $f->macro_repl('Diff', '', $options);
                if (!$html) {
                    ob_start();
                    $f->send_page('', array('fixpath' => 1));
                    #$f->send_page('');
                    $html = ob_get_contents();
                    ob_end_clean();
                    $extra = '';
                }
                $html = str_replace(']', '&#93;', $html);
                $html = "<![CDATA[" . $html . $extra . "]]>";
                #$html=strtr($html.$extra,array('&'=>'&amp;','<'=>'&lt;'));
            } else {
                if (!empty($options['summary'])) {
                    $p = new WikiPage($page_name);
                    $f = new Formatter($p);
                    $f->section_edit = 0;
                    $f->sister_on = 0;
                    $f->perma_icon = '';
                    $options['nomsg'] = 1;
                    $b = $p->_get_raw_body();
                    $chunks = preg_split('/\\n#{4,}/', $b);
                    # summary breaker is ####
                    ob_start();
                    if ($chunks) {
                        $f->send_page($chunks[0], array('fixpath' => 1));
                    } else {
                        $f->send_page('', array('fixpath' => 1));
                    }
                    #$f->send_page('');
                    $html = ob_get_contents();
                    ob_end_clean();
                    $chunks = preg_split('/<!-- break -->/', $html);
                    # <!-- break -->
                    if ($chunks[0]) {
                        $html = $chunks[0];
                    }
                    $html = str_replace(']', '&#93;', $html);
                    $html = "<![CDATA[" . $html . "]]>";
                } else {
                    $html = str_replace('&', '&amp;', $log);
                }
            }
        }
        $zone = "+00:00";
        $date = gmdate("Y-m-d\\TH:i:s", $ed_time) . $zone;
        #$datetag = gmdate("YmdHis",$ed_time);
        $channel .= "<rdf:li rdf:resource=\"{$url}\"></rdf:li>\n";
        $valid_page_name = preg_replace('/&(?!#?\\w+;)/', '&amp;', _html_escape($page_name));
        $items .= "<item rdf:about=\"{$url}\">\n";
        $items .= "  <title>{$valid_page_name}</title>\n";
        $items .= "  <link>{$url}</link>\n";
        $items .= "  <description>{$html}</description>\n";
        $items .= "  <dc:date>{$date}</dc:date>\n";
        $items .= "<dc:creator>{$user}</dc:creator>\n";
        $items .= "<dc:contributor>{$user}</dc:contributor>\n";
        #    $items.="     <dc:contributor>\n     <rdf:Description>\n"
        #          ."     <rdf:value>$user</rdf:value>\n"
        #          ."     </rdf:Description>\n     </dc:contributor>\n";
        $items .= "     <wiki:status>{$status}</wiki:status>\n";
        $items .= "     <wiki:diff>{$diff_url}</wiki:diff>\n";
        $items .= "</item>\n";
    }
    $url = qualifiedUrl($formatter->link_url($DBInfo->frontpage));
    $channel .= <<<FOOT
    </rdf:Seq>
  </items>
</channel>
<image rdf:about="{$img_url}">
<title>{$DBInfo->sitename}</title>
<link>{$url}</link>
<url>{$img_url}</url>
</image>

FOOT;
    $url = qualifiedUrl($formatter->link_url("FindPage"));
    $form = <<<FORM
<textinput>
<title>Search</title>
<link>{$url}</link>
<name>goto</name>
</textinput>

FORM;
    $new = "";
    if (!empty($options['oe']) and strtolower($options['oe']) != $DBInfo->charset) {
        $charset = $options['oe'];
        if (function_exists('iconv')) {
            $out = $head . $channel . $items . $form;
            $new = iconv($DBInfo->charset, $charset, $out);
            if (!$new) {
                $charset = $DBInfo->charset;
            }
        }
    } else {
        $charset = $DBInfo->charset;
    }
    $head = <<<HEAD
<?xml version="1.0" encoding="{$charset}"?>
<?xml-stylesheet href="{$DBInfo->url_prefix}/css/_feed.css" type="text/css"?>
<rdf:RDF xmlns="http://purl.org/rss/1.0/"
\txmlns:wiki="http://purl.org/rss/1.0/modules/wiki/"
\txmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
\txmlns:xlink="http://www.w3.org/1999/xlink"
\txmlns:dc="http://purl.org/dc/elements/1.1/">
<!--
    Add "diffs=1" to add change diffs to the description of each items.
    Add "summary=1" to add summary to the description of each items.
    Add "oe=utf-8" to convert the charset of this rss to UTF-8.
-->

HEAD;
    header("Content-Type: text/xml");
    if ($new) {
        $out = $head . $new;
    } else {
        $out = $head . $channel . $items . $form;
    }
    $out .= "</rdf:RDF>\n";
    echo $out;
    $cache->update($etag, $out);
    $cache->remove($etag . '.lock');
}
Beispiel #23
0
 /**
  * @return mixed
  * @param string $sql
  * @desc run custom SQL query
  */
 function query($sql)
 {
     //execute and save time for debug
     $start_time = getmicrotime();
     $res = mysql_query($sql);
     $GLOBALS['SQLS'][] = array('sql' => $sql, 'time' => getmicrotime() - $start_time);
     //
     if (!$res) {
         //error MYSQL ERROR
         $this->__logging($sql);
         $this->error = array('message' => mysql_error());
         return false;
     }
     $sql_type = strtolower(substr(trim($sql), 0, 5));
     if ($sql_type == 'inser') {
         $return = mysql_insert_id();
     }
     if ($sql_type == 'selec' || $sql_type == 'show ') {
         //fetch result
         while ($row = mysql_fetch_array($res, MYSQL_ASSOC)) {
             $return[] = _stripslashes($row);
         }
         if (sizeof($return) == 0) {
             $return = false;
         }
         //
         mysql_free_result($res);
     }
     return isset($return) ? $return : true;
 }
Beispiel #24
0
function do_comment($formatter, $options = array())
{
    global $DBInfo;
    if (!$DBInfo->security->writable($options)) {
        $formatter->preview = 1;
        $options['title'] = _("Page is not writable");
        return do_invalid($formatter, $options);
    } else {
        if (!$DBInfo->hasPage($options['page'])) {
            $options['err'] = _("You are not allowed to add a comment.");
            $options['title'] = _("Page does not exists");
            return do_invalid($formatter, $options);
        }
    }
    if (!empty($options['usemeta'])) {
        $use_meta = 1;
    }
    $cols = get_textarea_cols();
    $rows = (!empty($options['rows']) and $options['rows'] > 5) ? $options['rows'] : 8;
    $cols = (!empty($options['cols']) and $options['cols'] > 60) ? $options['cols'] : $cols;
    $url = $formatter->link_url($formatter->page->urlname);
    $button_preview = !empty($options['button_preview']) ? $options['button_preview'] : 0;
    $use_any = 0;
    if (!empty($DBInfo->use_textbrowsers)) {
        if (is_string($DBInfo->use_textbrowsers)) {
            $use_any = preg_match('/' . $DBInfo->use_textbrowsers . '/', $_SERVER['HTTP_USER_AGENT']) ? 1 : 0;
        } else {
            $use_any = preg_match('/Lynx|w3m|links/', $_SERVER['HTTP_USER_AGENT']) ? 1 : 0;
        }
    }
    $ok_ticket = 0;
    if (empty($use_any) and !empty($DBInfo->use_ticket) and $options['id'] == 'Anonymous') {
        if ($options['__seed'] and $options['check']) {
            $mycheck = getTicket($options['__seed'], $_SERVER['REMOTE_ADDR'], 4);
            if ($mycheck == $options['check']) {
                $ok_ticket = 1;
            } else {
                $options['msg'] = _("Invalid ticket !");
                $button_preview = 1;
            }
        } else {
            if (!$button_preview) {
                $options['msg'] = _("You need a ticket !");
            }
            $button_preview = 1;
        }
    } else {
        $ok_ticket = 1;
    }
    if ($options['savetext']) {
        $savetext = _stripslashes($options['savetext']);
        $savetext = str_replace("\r", "", $savetext);
        $savetext = rtrim($savetext);
        #$savetext=str_replace("<","&lt;",$savetext);
    }
    if (!empty($savetext) and empty($button_preview) and !empty($DBInfo->spam_filter)) {
        $text = $savetext;
        $fts = preg_split('/(\\||,)/', $DBInfo->spam_filter);
        foreach ($fts as $ft) {
            $text = $formatter->filter_repl($ft, $text, $options);
        }
        if ($text != $savetext) {
            $button_preview = 1;
            $options['msg'] = _("Sorry, can not save page because some messages are blocked in this wiki.");
        }
    }
    if (!empty($button_preview) && !empty($options['savetext'])) {
        if (empty($options['action_mode']) or $options['action_mode'] != 'ajax') {
            $formatter->send_header("", $options);
            $formatter->send_title(_("Preview comment"), "", $options);
            $formatter->send_page($savetext . "\n----");
            $options['savetext'] = $savetext;
            print macro_Comment($formatter, '', $options);
            print $formatter->macro_repl('EditHints');
            $formatter->send_footer("", $options);
        }
        return false;
    } else {
        if (empty($savetext)) {
            if (empty($options['action_mode']) or $options['action_mode'] != 'ajax') {
                $formatter->send_header("", $options);
                $formatter->send_title(_("Add comment"), "", $options);
                print macro_Comment($formatter, '', $options);
                print $formatter->macro_repl('EditHints');
                $formatter->send_footer("", $options);
            }
            return false;
        }
    }
    $datestamp = $options['datestamp'];
    if ($formatter->page->mtime() > $datestamp) {
        $options['msg'] = '';
        if (empty($options['action_mode']) or $options['action_mode'] != 'ajax') {
            $formatter->send_header('', $options);
            $formatter->send_title(_("Error: Don't make a clone!"), '', $options);
            $formatter->send_footer('', $options);
        }
        return false;
    }
    $body = $formatter->page->get_raw_body();
    if ($options['id'] == 'Anonymous') {
        $id = $options['name'] ? _stripslashes($options['name']) : $_SERVER['REMOTE_ADDR'];
    } else {
        $id = $options['id'];
    }
    if (!empty($use_meta)) {
        $date = gmdate('Y-m-d H:i:s') . ' GMT';
        $savetext = rtrim($savetext) . "\n";
        $boundary = strtoupper(md5("COMMENT"));
        # XXX
        $idx = 1;
        if (preg_match_all('/-{4}(?:' . $boundary . ')?\\nComment-Id:\\s*(\\d+)\\n/m', $body, $m)) {
            $idx = $m[1][sizeof($m[1]) - 1] + 1;
        }
        if ($options['id'] != 'Anonymous') {
            $id = '@USERNAME@';
        }
        $meta = <<<META
Comment-Id: {$idx}
From: {$id}
Date: {$date}
META;
        $savetext = "----" . $boundary . "\n{$meta}\n\n{$savetext}\n";
    } else {
        if (!empty($options['nosig'])) {
            $savetext = "----\n{$savetext}\n";
        } else {
            if ($options['id'] == 'Anonymous') {
                $savetext = "----\n{$savetext} -- {$id} @DATE@\n";
            } else {
                $savetext = "----\n{$savetext} @SIG@\n";
            }
        }
    }
    while ($options['comment_id']) {
        list($nth, $dum, $v) = explode(',', base64_decode($options['comment_id']), 3);
        if ($v) {
            $check = '[[' . $dum . '(' . $v . ')]]';
        } else {
            $check = '[[' . $dum . ']]';
        }
        if ($v) {
            $check2 = '<<' . $dum . '(' . $v . ')>>';
        } else {
            $check2 = '<<' . $dum . '>>';
        }
        if (is_numeric($nth)) {
            $raw = str_replace("\n", "", $body);
            $chunk = preg_split("/({{{.+}}})/U", $raw, -1, PREG_SPLIT_DELIM_CAPTURE);
            // FIXME
            $nc = '';
            $k = 1;
            $i = 1;
            foreach ($chunk as $c) {
                if ($k % 2) {
                    $nc .= $c;
                } else {
                    $nc .= "" . $i . "";
                    $blocks[$i] = str_replace("", "\n", $c);
                    ++$i;
                }
                $k++;
            }
            $nc = str_replace("", "\n", $nc);
            if (preg_match_all('/(?!\\!)(?:\\<\\<|\\[\\[)Comment(?:.*?)(?:\\]\\]|>>)/', $nc, $m)) {
                if (count($m[0]) == 1) {
                    break;
                }
            }
            $chunk = preg_split('/((?!\\!)(?:\\<\\<|\\[\\[).+(?:\\]\\]|>>))/U', $nc, -1, PREG_SPLIT_DELIM_CAPTURE);
            $nnc = '';
            $ii = 1;
            $matched = 0;
            for ($j = 0, $sz = sizeof($chunk); $j < $sz; ++$j) {
                if (($j + 1) % 2) {
                    $nnc .= $chunk[$j];
                } else {
                    if ($nth == $ii) {
                        $new = $savetext . $chunk[$j];
                        if ($check != $chunk[$j] and $check2 != $chunk[$j]) {
                            break;
                        }
                        $nnc .= $new;
                        $matched = 1;
                    } else {
                        $nnc .= $chunk[$j];
                    }
                    ++$ii;
                }
            }
            if (!empty($blocks)) {
                $formatter->_array_callback($blocks, true);
                $nnc = preg_replace_callback("/(\\d+)/", array(&$formatter, '_array_callback'), $nnc);
            }
        }
        if (!empty($matched)) {
            $body = $nnc;
        }
        break;
    }
    if (empty($matched)) {
        if ($options['comment_id'] and preg_match("/^((?:\\[\\[|\\<\\<)Comment\\(" . $options['comment_id'] . "\\)(?:\\]\\]|>>))/m", $body, $m)) {
            $str = $m[1];
            $body = preg_replace('/' . preg_quote($str) . '/', $savetext . $str, $body, 1);
        } else {
            if (preg_match("/\n##Comment\n/i", $body)) {
                $body = preg_replace("/\n##Comment\n/i", "\n##Comment\n{$savetext}", $body, 1);
            } else {
                if (preg_match("/^((\\[\\[|\\<\\<)Comment(\\([^\\)]*\\))?(\\]\\]|>>)/m", $body)) {
                    $body = preg_replace("/^((\\[\\[|\\<\\<)Comment(\\([^\\)]*\\))?(\\]\\]|>>))/m", $savetext . "\\1", $body, 1);
                } else {
                    $body .= $savetext;
                }
            }
        }
    }
    $formatter->page->write($body);
    $DBInfo->savePage($formatter->page, "Comment added", $options);
    if ($options['action_mode'] == 'ajax') {
        return true;
    }
    $options['msg'] = sprintf(_("%s is commented successfully"), $formatter->link_tag($formatter->page->urlname, "?action=show", $options['page']));
    $title = _("Comment added successfully");
    $myrefresh = '';
    if ($DBInfo->use_save_refresh) {
        $sec = $DBInfo->use_save_refresh - 1;
        $lnk = $formatter->link_url($formatter->page->urlname, "?action=show");
        $myrefresh = 'Refresh: ' . $sec . '; url=' . qualifiedURL($lnk);
    }
    $formatter->send_header($myrefresh, $options);
    $formatter->send_title($title, '', $options);
    $opt['pagelinks'] = 1;
    # re-generates pagelinks
    $formatter->send_page('', $opt);
    $formatter->send_footer('', $options);
    return;
}
Beispiel #25
0
// COMPRESS OUTPUT IF INSTRUCTED
//
if ($_config['compress_output'] && $_system['gzip']) {
    ob_start('ob_gzhandler');
}
//
// STRIP SLASHES FROM GPC IF NECESSARY
//
if ($_system['stripslashes']) {
    function _stripslashes($value)
    {
        return is_array($value) ? array_map('_stripslashes', $value) : (is_string($value) ? stripslashes($value) : $value);
    }
    $_GET = _stripslashes($_GET);
    $_POST = _stripslashes($_POST);
    $_COOKIE = _stripslashes($_COOKIE);
}
//
// FIGURE OUT WHAT TO DO (POST URL-form submit, GET form request, regular request, basic auth, cookie manager, show URL-form)
//
if (isset($_POST[$_config['url_var_name']]) && !isset($_GET[$_config['url_var_name']])) {
    header('Location: ' . $_script_url . '?' . $_config['url_var_name'] . '=' . encode_url($_POST[$_config['url_var_name']]) . '&' . $_config['flags_var_name'] . '=' . base_convert($_iflags, 2, 16));
    exit(0);
}
if (isset($_GET[$_config['get_form_name']])) {
    $_url = decode_url($_GET[$_config['get_form_name']]);
    $qstr = strpos($_url, '?') !== false ? strpos($_url, '?') === strlen($_url) - 1 ? '' : '&' : '?';
    $arr = explode('&', $_SERVER['QUERY_STRING']);
    if (preg_match('#^\\Q' . $_config['get_form_name'] . '\\E#', $arr[0])) {
        array_shift($arr);
    }
Beispiel #26
0
function do_merge($formatter, $params = array())
{
    global $DBInfo;
    if ($_SERVER['REQUEST_METHOD'] == 'POST' && !$DBInfo->security->writable($params)) {
        $params['title'] = _("Page is not writable");
        return do_invalid($formatter, $params);
    }
    // check full permission to edit
    $full_permission = true;
    if (!empty($DBInfo->no_full_edit_permission) or $params['id'] == 'Anonymous' && !empty($DBInfo->anonymous_no_full_edit_permission)) {
        $full_permission = false;
    }
    // members always have full permission to edit
    if (in_array($params['id'], $DBInfo->members)) {
        $full_permission = true;
    }
    $is_new = !$formatter->page->exists();
    if (!$is_new and !$full_permission) {
        $formatter->send_header('', $params);
        $title = _("You do not have full permission to merge this page.");
        $formatter->send_title($title, '', $params);
        $formatter->send_footer('', $params);
        return;
    }
    $pagename = isset($params['name'][0]) ? $params['name'] : '';
    $formatter->send_header('', $params);
    $force = 1;
    if (isset($_POST['name'][0]) and $DBInfo->hasPage($_POST['name'])) {
        $force = 0;
        if ($_POST['force']) {
            $force = 1;
        }
    }
    // validate rev
    if (!empty($params['rev'])) {
        $info = $formatter->page->get_info($params['rev']);
        if (empty($info[0])) {
            unset($params['rev']);
            if (!empty($_POST['rev'])) {
                unset($_POST['rev']);
            }
        }
    }
    if (!empty($_POST['rev']) and isset($_POST['name'][0]) and $pagename !== $formatter->page->name and $DBInfo->hasPage($pagename)) {
        if (!empty($DBInfo->version_class)) {
            $REMOTE_ADDR = $_SERVER['REMOTE_ADDR'];
            $user =& $DBInfo->user;
            $comment = _stripslashes($params['comment']);
            $tag = '{MERGE}';
            if (!empty($comment)) {
                $comment = $tag . ': ' . $comment . ': ';
            } else {
                $comment = $tag . ': ';
            }
            $log = $REMOTE_ADDR . ';;' . $user->id . ';;' . $comment;
            $version = $DBInfo->lazyLoad('version', $DBInfo);
            if (!method_exists($version, 'merge')) {
                // check merge method
                $formatter->send_title(_("No merge method available."), '', $params);
                $formatter->send_footer('', $params);
                return;
            }
            $params['log'] = $log;
            $ret = array();
            $params['retval'] =& $ret;
            // merge RCS revisions
            $merged = $version->merge($pagename, $formatter->page->name, $params);
            if (!$force) {
                $fname = tempnam($DBInfo->vartmp_dir, 'MERGED');
                $fp = fopen($fname . ',v', 'w');
                if (is_resource($fp)) {
                    fwrite($fp, $merged);
                    fclose($fp);
                }
                // parse rlog
                require_once dirname(__FILE__) . '/Info.php';
                $out = $version->rlog($fname . ',v', '');
                $params['simple'] = true;
                $info = _parse_rlog($formatter, $out, $params);
                @unlink($fname);
                @unlink($fname . ',v');
            } else {
                if ($merged !== false) {
                    // $params['retval']['comment'] has merged versions information
                    $log = $comment . $params['retval']['comment'];
                    $DBInfo->addLogEntry($pagename, $REMOTE_ADDR, $log, 'MERGE');
                    $indexer = $DBInfo->lazyLoad('titleindexer');
                    if ($is_new) {
                        $indexer->addPage($pagename);
                    } else {
                        $indexer->update($pagename);
                    }
                    $info = '';
                }
            }
        } else {
            $formatter->send_title(_("No version control available."), '', $params);
            $formatter->send_footer('', $params);
            return;
        }
        $params['.title'] = _("Merge result.");
        $formatter->send_title(sprintf(_("%s is successfully merged."), $formatter->page->name), '', $params);
        if (!$force) {
            echo '<h3>' . _("This is a testing merge. Please confirm force option to merge it.") . '</h3>';
        }
        echo $info;
        $formatter->send_footer('', $params);
        return;
    } else {
        if (!isset($params['name'][0]) || !$DBInfo->hasPage($params['name'])) {
            $title = _("Please select the original page to merge.");
        } else {
            if (empty($params['rev'])) {
                $title = _("Please select the revision to merge from.");
            } else {
                if ($DBInfo->hasPage($formatter->page->name)) {
                    $title = _("Are you really want to merge this page ?");
                }
            }
        }
        $params['.title'] = _("Merge Page history.");
        $formatter->send_title($title, '', $params);
    }
    $pname = _html_escape($pagename);
    $lab = _("Summary");
    $rev = !empty($params['rev']) ? _html_escape($params['rev']) : '';
    if (!empty($rev) && isset($pagename[0]) && $DBInfo->hasPage($pagename)) {
        $extra = '<input type="checkbox" name="force" />' . _("Force overwrite") . '<br />';
        $placeholder = sprintf(_("Merge [[%s]] with [[%s]] from r%s: "), $pname, _html_escape($formatter->page->name), $rev);
        echo "<form method='post'>\n{$lab}: <input name='comment' size='80' value='{$comment}' placeholder='{$placeholder}' /><br />\n";
        $btn = sprintf(_("Merge [[%s]] to [[%s]]:"), _html_escape($formatter->page->name), $pname);
        $msg = sprintf(_("Only WikiMaster can %s this page"), _("merge"));
        if ($DBInfo->security->is_protected("merge", $params)) {
            echo _("Password") . ": <input type='password' name='passwd' size='20' value='' />\n{$msg}<br />\n";
        }
        echo <<<FORM
    <input type='hidden' name='name' value='{$pname}' />
    <input type='hidden' name='action' value='merge' />
    <input type='hidden' name='rev' value='{$rev}' />
    <input type='submit' value='{$btn}' />{$extra}
    </form>
FORM;
    } else {
        $btn = _("Select Page to Merge");
        echo <<<FORM
    <form method='get'>
    <input name='name' value='{$pname}' />
    <input type='hidden' name='action' value='merge' />
    <input type='submit' value='{$btn}' />{$extra}
    </form>
FORM;
    }
    if (isset($pagename[0]) && $pagename !== $formatter->page->name && $DBInfo->hasPage($pagename)) {
        echo macro_Merge($formatter, $pagename, $params);
    }
    $formatter->send_footer('', $params);
    return;
}
Beispiel #27
0
function do_ImportTable($formatter, $params = array())
{
    global $DBInfo;
    global $HTTP_USER_AGENT;
    $COLS_MSIE = 80;
    $COLS_OTHER = 85;
    $cols = preg_match('/MSIE/', $HTTP_USER_AGENT) ? $COLS_MSIE : $COLS_OTHER;
    $rows = $params['rows'] > 5 ? $params['rows'] : 8;
    $cols = $params['cols'] > 60 ? $params['cols'] : $cols;
    $url = $formatter->link_url($formatter->page->urlname);
    if (!empty($params['tablecontent']) || $params['editor']) {
        $tabletext = trim(_stripslashes($params['tablecontent']));
        $editor = trim(_stripslashes($params['editor']));
        $tabletext = !empty($tabletext) ? $tabletext : $editor;
        $tabletext = str_replace("\r", '', $tabletext);
        $lines = explode("\n", $tabletext);
        // check tab mode
        $tabmode = false;
        if (strpos($tabletext, '<table ') !== false) {
            $tabmode = false;
            $tabletext = strtr($tabletext, "\t", ' ');
        }
        if (strpos($tabletext, "\t") !== false) {
            $tabmode = true;
        } else {
            // preserve table attributes
            $tabletext = preg_replace('/(<)([\\:\\(\\)\\|\\-_\\^v]|width|bgcolor|' . 'colspan|rowspan|#|' . 'table(?:width|style|border|bgcolor)|style|rowbgcolor)/', "\\2", $tabletext);
            // remove some tags
            $tabletext = strip_tags($tabletext, '<table><td><th><tr><br><img><hr><a><b><i><sub><sup><del><tt><u><strong>');
            // convert basic wiki tags
            $tabletext = str_ireplace(array('<b>', '</b>', '<i>', '</i>', '<strong>', '</strong>', '<sub>', '</sub>', '<sup>', '</sup>', '<del>', '</del>', '<hr>'), array("'''", "'''", "''", "''", "'''", "'''", ',,', ',,', '^^', '^^', '~~', '~~', "\n----\n"), $tabletext);
            // BR macro
            $tabletext = preg_replace('@<br\\s*[^>]*>\\n?@is', '[[BR]]', $tabletext);
            // images
            $tabletext = preg_replace('@<img\\s[^>]*src=(\'|")?(?:https?)?//([^\'"]+)(?1)[^>]*>@is', 'http://\\2', $tabletext);
            // href
            $tabletext = preg_replace_callback('@<a\\s([^>]*)>([^<]*)</a>@is', '_a_callback', $tabletext);
            // remove some table tags
            $tabletext = preg_replace('@<(?:tr|/td|/th|/table)[^>]*>\\s*@is', '', $tabletext);
            $tabletext = preg_replace('@\\s*<tr>\\s*@is', '', $tabletext);
            // parse td attributes
            $tabletext = preg_replace_callback('@(<t(?:d|h)([^>]*)>)@i', '_td_callback', $tabletext);
            // table attributes
            $tabletext = preg_replace_callback('@<table([^>]*)>\\s*\\|\\|@is', '_table_callback', $tabletext);
            $tabletext = preg_replace('@</tr>\\s*@is', "||\n", $tabletext);
            // revert <
            $tabletext = str_replace("", '<', $tabletext);
            $lines = explode("\n", $tabletext);
        }
        // trash empty last line
        $end = end($lines);
        if (!isset($end[0])) {
            array_pop($lines);
        }
        // count maximum tabs
        if ($tabmode) {
            $maxtab = 1;
            for ($i = 0, $sz = count($lines); $i < $sz; $i++) {
                $line = $lines[$i];
                // from excel or tab separated table contents
                $tabs[$i] = substr_count($line, "\t");
                $line = preg_replace("/\t(?=\t)/", ' || ', $line);
                $line = str_replace("\t", '||', $line);
                $lines[$i] = '||' . $line . '||';
                if ($tabs[$i] > $maxtab) {
                    $maxtab = $tabs[$i];
                }
            }
            for ($i = 0, $sz = count($tabs); $i < $sz; $i++) {
                if ($tabs[$i] < $maxtab) {
                    $tab = str_repeat('||', $maxtab - $tabs[$i]);
                    $lines[$i] = $tab . $lines[$i];
                }
            }
        }
        $tabletext = implode("\n", $lines);
    }
    if (!empty($tabletext)) {
        $formatter->send_header('', $params);
        $formatter->send_title(_("Preview"), '', $params);
        $formatter->send_page($tabletext . "\n----");
        $params['tablecontent'] = $tabletext;
        $params['editor'] = $editor;
        echo macro_ImportTable($formatter, '', $params);
        $formatter->send_footer('', $params);
    } else {
        if (!$tabletext) {
            $formatter->send_header('', $params);
            $formatter->send_title(_("Import Tables"), '', $params);
            echo macro_ImportTable($formatter, '', $params);
            $formatter->send_footer('', $params);
        }
    }
}
Beispiel #28
0
function do_sendping($formatter, $options)
{
    global $DBInfo, $_release;
    if (!$formatter->page->exists()) {
        $options['msg'] = _("Error: Page Not found !");
        do_invalid($formatter, $options);
        return;
    }
    if (strtolower($DBInfo->charset) == 'utf-8') {
        $checked = 'checked="checked"';
    }
    if (!$options['trackback_url']) {
        $url = $formatter->link_url($formatter->page->urlname);
        $raw_body = $formatter->page->_get_raw_body();
        if ($options['value']) {
            $lines = explode("\n", $raw_body);
            $count = count($lines);
            # add comment
            for ($i = 0; $i < $count; $i++) {
                if (preg_match("/^({{{)?#!blog (.*)\$/", $lines[$i], $match)) {
                    if (md5($match[2]) == $options['value']) {
                        list($tag, $user, $date, $title) = explode(" ", $lines[$i], 4);
                        $found = 1;
                        if ($match[1]) {
                            $end_tag = '}}}';
                        }
                        break;
                    }
                }
            }
            if ($found) {
                # a blog page with multiple entries
                $i++;
                if ($end_tag) {
                    for (; $i < $count; $i++) {
                        if (preg_match("/^}}}\$/", $lines[$i])) {
                            break;
                        } else {
                            if (preg_match("/^----\$/", $lines[$i])) {
                                break;
                            }
                        }
                        $excerpt .= $lines[$i] . "\n";
                    }
                } else {
                    # a blog page with a single entry
                    list($dummy, $entry) = explode("\n", $raw_body, 2);
                    list($excerpt, $comments) = explode("\n----\n", $entry, 2);
                }
            } else {
                $options['msg'] = _("Error: No entry found!");
                do_invalid($formatter, $options);
                return;
            }
        } else {
            # a plain wiki page
            $excerpt = substr($raw_body, 0, 400);
            $title = $options['page'];
        }
        $COLS_MSIE = 80;
        $COLS_OTHER = 85;
        $cols = preg_match('/MSIE/', $_SERVER['HTTP_USER_AGENT']) ? $COLS_MSIE : $COLS_OTHER;
        $rows = $options['rows'] > 5 ? $options['rows'] : 8;
        $cols = $options['cols'] > 60 ? $options['cols'] : $cols;
        $formatter->send_header("", $options);
        $formatter->send_title(_("Send TrackBack ping"), "", $options);
        $msg1 = _("TrackBack Ping URL");
        print "<form method='post' action='{$url}'>\n";
        print "<b>{$msg1}</b>: <input name='trackback_url' size='60' maxlength='256' style='width:200' /><br />\n";
        if ($options['value']) {
            $options['value'] = _html_escape($options['value']);
            print "<input type='hidden' name='value' value=\"{$options['value']}\" />\n";
        }
        $msg2 = _("Title");
        $title = _html_escape($title);
        print "<b>{$msg2}</b>: <input name='title' value=\"{$title}\" size='70' maxlength='70' style='width:200' /><br />\n";
        if ($DBInfo->use_resizer > 1) {
            echo <<<JS
<script type="text/javascript" src="{$DBInfo->url_prefix}/local/textarea.js"></script>
JS;
        }
        print <<<FORM
<div class="resizable-textarea" style='position:relative'><!-- IE hack -->
<textarea class="wiki resizable" id="content" wrap="virtual" name="excerpt"
 rows="{$rows}" cols="{$cols}" class="wiki">{$excerpt}</textarea></div>
FORM;
        $mb_msg = _("mb encoded");
        $send_msg = _("Send ping");
        $reset = _("Reset");
        print <<<FORM2
<b>{$mb_msg}</b> <input type="checkbox" name="mbencode" {$checked} />&nbsp;
<input type="hidden" name="action" value="sendping" />
<span class="button"><input class="button" type="submit" value="{$send_msg}" /></span>&nbsp;
<span class="button"><input class="button" type="reset" value="{$reset}" /></span>&nbsp;
</form>
FORM2;
        $formatter->send_footer("", $options);
        return;
    }
    # send Trackback ping
    $trackback_url = $options['trackback_url'];
    $title = urlencode(_stripslashes($options['title']));
    $blog_name = urlencode($DBInfo->sitename . ":{$options['id']}");
    $excerpt = _stripslashes($options['excerpt']);
    if ($options['mbencode']) {
        if ($checked and function_exists('iconv') and strtolower($DBInfo->charset) != 'utf-8') {
            $excerpt = iconv($DBInfo->charset, 'utf-8', $excerpt);
        }
        if (function_exists('mb_encode_numericentity')) {
            $new = mb_encode_numericentity($excerpt, $DBInfo->convmap, 'utf-8');
            if ($new) {
                $excerpt = $new;
            }
            $new = mb_encode_numericentity($title, $DBInfo->convmap, 'utf-8');
            if ($new) {
                $title = $new;
            }
        } else {
            include_once 'lib/compat.php';
            $new = utf8_mb_encode($excerpt);
            if ($new) {
                $excerpt = $new;
            }
            $new = utf8_mb_encode($title);
            if ($new) {
                $title = $new;
            }
        }
    }
    $excerpt = urlencode($excerpt);
    $url = $formatter->link_url($options['page'], "#{$options['value']}");
    $url = urlencode(qualifiedUrl($url));
    $query_string = "title={$title}&url={$url}&blog_name={$blog_name}&excerpt={$excerpt}";
    if (strstr($trackback_url, '?')) {
        $trackback_url .= "&" . $query_string;
        $fp = @fopen($trackback_url, 'r');
        $result = @fread($fp, 4096);
        @fclose($fp);
        /* debug code
            $debug_file = 'trackback.log';
            $fp = fopen($debug_file, 'a');
            fwrite($fp, "\n*****\nTrackback URL query:\n\n$trackback_url\n\nResponse:\n\n");
            fwrite($fp, $result);
            fwrite($fp, "\n\n");
            fclose($fp);
        */
    } else {
        $trackback_url = parse_url($trackback_url);
        $http_request = 'POST ' . $trackback_url['path'] . " HTTP/1.0\r\n";
        $http_request .= 'Host: ' . $trackback_url['host'] . "\r\n";
        $http_request .= 'Content-Type: application/x-www-form-urlencoded' . "\r\n";
        $http_request .= 'Content-Length: ' . strlen($query_string) . "\r\n";
        $http_request .= "\r\n";
        $http_request .= $query_string;
        $fs = @fsockopen($trackback_url['host'], 80);
        @fputs($fs, $http_request);
        /* debug code
            $debug_file = 'trackback.log';
            $fp = fopen($debug_file, 'a');
            fwrite($fp, "\n*****\nRequest:\n\n$http_request\n\nResponse:\n\n");
            while(!@feof($fs)) {
              fwrite($fp, @fgets($fs, 4096));
            }
            fwrite($fp, "\n\n");
            fclose($fp);
        */
        @fclose($fs);
    }
    $formatter->send_header("", $options);
    $formatter->send_title(_("Trackback sent"), "", $options);
    #$formatter->send_page("Return: $result");
    print "Return: {$result}";
    $formatter->send_footer("", $options);
    return;
}
Beispiel #29
0
function do_keywords($formatter, $options)
{
    global $DBInfo;
    $supported_lang = array('ko');
    $page = $formatter->page->name;
    if (empty($options['update']) and !empty($options['value'])) {
        $page = $options['value'];
    }
    if (!$DBInfo->hasPage($page)) {
        $options['err'] = _("You are not able to add keywords.");
        $options['title'] = _("Page does not exists");
        do_invalid($formatter, $options);
        return;
    }
    if (!empty($options['update']) or !empty($options['refresh'])) {
        $lk = $DBInfo->getPage(LOCAL_KEYWORDS);
        $force_charset = '';
        if ($DBInfo->force_charset) {
            $force_charset = '; charset=' . $DBInfo->charset;
        }
        $formatter->send_header("Content-type: text/plain" . $force_charset);
        if (!$lk->exists()) {
            print sprintf(_("%s is not found."), LOCAL_KEYWORDS);
            return;
        }
        $raw = $lk->get_raw_body();
        # update keylinks of LocalKeywords
        $kc = new Cache_text('keylinks');
        $lines = explode("\n", $raw);
        $all_keys = array();
        foreach ($lines as $l) {
            $l = trim($l);
            if ($l[0] == '#' or !$l) {
                continue;
            }
            $ws = preg_split('/((?<!\\S)(["\'])[^\\2]+?\\2(?!\\S)|\\S+)/', $l, -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY);
            $ws = array_flip(array_unique($ws));
            unset($ws['"']);
            // delete delims
            unset($ws["'"]);
            unset($ws[' ']);
            $ws = array_flip($ws);
            $ws = array_map(create_function('$a', 'return preg_replace("/^([\\"\'])(.*)\\\\1$/","\\\\2",$a);'), $ws);
            // delete ",'
            $ws = array_unique($ws);
            $all_keys = array_merge($all_keys, $ws);
            foreach ($ws as $k) {
                $rels = array_diff($ws, array($k));
                $krels = $kc->fetch($k);
                if (is_array($krels)) {
                    if ($nrels = array_diff($rels, $krels)) {
                        $rs = array_unique(array_merge($nrels, $krels));
                        $kc->update($k, $rs);
                        print "***** updated {$k}\n";
                    }
                } else {
                    if (sizeof($rels) > 1 and is_array($rels)) {
                        $kc->update($k, $rels);
                        print "***** save {$k}\n";
                    }
                }
            }
        }
        print_r($all_keys);
        print "OK";
        return;
    }
    $args = array();
    $formatter->send_header('', $options);
    if (empty($options['suggest']) and (!empty($options['key']) and is_array($options['key']) or !empty($options['keywords']))) {
        if (!empty($options['keywords'])) {
            // following keyword list are acceptable separated with spaces.
            // Chemistry "Physical Chemistry" "Bio Chemistry" ...
            $keywords = _stripslashes($options['keywords']);
            $ws = preg_split('/((?<!\\S)(["\'])[^\\2]+?\\2(?!\\S)|\\S+)/', $keywords, -1, PREG_SPLIT_DELIM_CAPTURE | PREG_SPLIT_NO_EMPTY);
            $ws = array_flip(array_unique($ws));
            unset($ws['"']);
            // delete delims
            unset($ws["'"]);
            unset($ws[' ']);
            $ws = array_flip($ws);
            $ws = array_map(create_function('$a', 'return preg_replace("/^([\\"\'])(.*)\\\\1$/","\\\\2",$a);'), $ws);
            // delete ",'
            if (!is_array($options['key'])) {
                $options['key'] = array();
            }
            $options['key'] = array_merge($options['key'], $ws);
        }
        if (!empty($options['common'])) {
            $raw = "#format plain";
            $lang = $formatter->pi['#language'] ? $formatter->pi['#language'] : '';
            $lang = $options['lang'] ? $options['lang'] : $lang;
            if (in_array($lang, $supported_lang)) {
                $common_word_page = LOCAL_KEYWORDS . '/CommonWords' . ucfirst($lang);
            } else {
                $common_word_page = LOCAL_KEYWORDS . '/CommonWords';
            }
            if ($DBInfo->hasPage($common_word_page)) {
                $p = $DBInfo->getPage($common_word_page);
                if (!$p->exists()) {
                    $dict = array();
                } else {
                    $raw = $p->get_raw_body();
                    $raw = rtrim($raw);
                    $lines = explode("\n", $raw);
                    $body = '';
                    foreach ($lines as $line) {
                        if ($line[0] == '#' or $line == '') {
                            continue;
                        }
                        $body .= $line . "\n";
                    }
                    $body = rtrim($body);
                    $dict = explode("\n", $body);
                }
                $commons = array_diff(array_values($options['key']), $dict);
            } else {
                $p = $DBInfo->getPage($common_word_page);
                $commons = $options['key'];
            }
            if (!empty($commons)) {
                sort($commons);
                $raw .= "\n" . implode("\n", $commons);
                $p->write($raw);
                $DBInfo->savePage($p, "Common words are added", $options);
            }
            $formatter->send_title(sprintf(_("Common words are updated"), $options['page']), '', $options);
            $formatter->send_footer($args, $options);
            return;
        }
        $cache = new Cache_text('keyword');
        $keys = $options['key'];
        $keys = array_flip($keys);
        unset($keys['']);
        $cache->update($page, array_keys($keys));
        # update 'keylinks' caches
        #$kc=new Cache_text('keylinks');
        #foreach ($options['key'] as $k) {
        #    // XXX
        #    $kv=unserialize($kc->fetch($k));
        #    if (!in_array($page,$kv)) {
        #        $kv[]=$page;
        #        $kc->update($k,serialize($kv));
        #    }
        #}
        $raw = "#format plain";
        $lk = $DBInfo->getPage(LOCAL_KEYWORDS);
        if (!$lk->exists()) {
            $dict = array();
        } else {
            $raw = $lk->get_raw_body();
            $raw = rtrim($raw);
            $lines = explode("\n", $raw);
            $body = '';
            foreach ($lines as $line) {
                if ($line[0] == '#' or $line == '') {
                    continue;
                }
                $body .= $line . "\n";
            }
            $body = rtrim($body);
        }
        if (!empty($options['key'])) {
            // XXX
            $ks = array_map(create_function('$a', 'return (strpos($a," ") !== false) ? "\\"$a\\"":$a;'), $options['key']);
            $raw .= "\n" . implode(' ', $ks) . "\n";
            $lk->write($raw);
            $DBInfo->savePage($lk, "Keywords are added", $options);
        }
        $formatter->send_title(sprintf(_("Keywords for %s are updated"), $page), '', $options);
        $ret = '';
        foreach ($keys as $key => $val) {
            $ret .= $key . ',';
        }
        $ret = substr($ret, 0, strlen($ret) - 1);
        print "<tt>#keywords {$ret}</tt>\n";
        if (!empty($DBInfo->use_keywords) or !empty($options['update'])) {
            # auto update the page with selected keywords.
            $body = $formatter->page->get_raw_body();
            $pi = $formatter->page->get_instructions($dum);
            if (!empty($pi['#keywords'])) {
                $tag = preg_quote($pi['#keywords']);
                $nbody = preg_replace('/^#keywords\\s+' . $tag . '/', '#keywords ' . $ret, $body, 1);
                if ($nbody != $body) {
                    $ok = 1;
                }
            } else {
                $nbody = '#keywords ' . $ret . "\n" . $body;
                $ok = 2;
            }
            if (!empty($ok)) {
                if ($ok == 1) {
                    $comment = "Keywords are updated";
                } else {
                    $comment = "Keywords are added";
                }
                $formatter->page->write($nbody);
                $DBInfo->savePage($formatter->page, $comment, $options);
                print "<h2>" . _("Keywords are updated") . "</h2>";
            } else {
                print "<h2>" . _("There are no changes found") . "</h2>";
            }
        } else {
            # user confirmation
            $link = $formatter->link_url(_rawurlencode($page), '');
            $keys = explode(',', $ret);
            $ret = '';
            foreach ($keys as $key) {
                if ($key and strpos($key, ' ') !== false) {
                    $key = '"' . $key . '"';
                }
                $ret .= $key . ' ';
            }
            $btn = _("Update with these Keywords");
            $form = "<form method='post' action='{$link}'>";
            $form .= '<input type="hidden" name="action" value="keywords" />';
            $form .= '<input type="hidden" name="update" value="1" />';
            $form .= '<input type="hidden" name="keywords" value=\'' . $ret . '\' />';
            $form .= "<input type='submit' value='{$btn}' />\n";
            $form .= "</form>";
            print $form;
        }
        $formatter->send_footer($args, $options);
        return;
    }
    if (!empty($options['all']) or !empty($options['tour'])) {
        if (!empty($optiopns['sort']) and $options['sort'] == 'freq') {
            $sort = 'freq';
        }
        $formatter->send_title('', '', $options);
        $myq = '?' . $_SERVER['QUERY_STRING'];
        $myq = preg_replace('/&sort=[^&]+/i', '', $myq);
        if ($sort != 'freq') {
            $myq .= '&sort=freq';
            $txt = _("alphabetically");
            $ltxt = _("by frequency");
        } else {
            $txt = _("by size");
            $ltxt = _("alphabetically");
        }
        $link = $formatter->link_tag(_rawurlencode($page), $myq, $ltxt);
        print "<h2>";
        print sprintf(_("Keywords list %s (or %s)"), $txt, $link);
        print "</h2>\n";
        if (!$options['limit']) {
            $options['limit'] = 0;
        }
    } else {
        $formatter->send_title(sprintf(_("Select keywords for %s"), $options['page']), '', $options);
        $options['merge'] = 1;
        $options['add'] = 1;
    }
    print macro_KeyWords($formatter, $options['page'], $options);
    //$args['editable']=1;
    $formatter->send_footer($args, $options);
}
Beispiel #30
0
function do_fullsearch($formatter, $options)
{
    global $Config;
    $ret =& $options;
    $qnext = '';
    if (!empty($options['offset']) and is_numeric($options['offset'])) {
        if ($options['offset'] > 0) {
            $qnext = '&amp;offset=' . $options['offset'];
        }
    }
    $options['value'] = _stripslashes($options['value']);
    if (!isset($options['value'][0])) {
        $options['value'] = $formatter->page->name;
    }
    if (!empty($options['backlinks'])) {
        $title = sprintf(_("BackLinks search for \"%s\""), $options['value']);
    } else {
        if (!empty($options['keywords'])) {
            $title = sprintf(_("KeyWords search for \"%s\""), $options['value']);
        } else {
            $title = sprintf(_("Full text search for \"%s\""), $options['value']);
        }
    }
    if (!empty($options['backlinks'])) {
        $options['.title'] = sprintf(_("BackLinks of %s"), _html_escape($options['value']));
    }
    $out = macro_FullSearch($formatter, $options['value'], $ret);
    $options['msg'] = !empty($ret['msg']) ? $ret['msg'] : '';
    $options['msgtype'] = 'search';
    $formatter->send_header("", $options);
    $formatter->send_title($title, $formatter->link_url("FindPage"), $options);
    if (!empty($ret['form'])) {
        print $ret['form'];
    }
    print $out;
    $qext = '';
    if (!empty($options['backlinks'])) {
        $qext = '&amp;backlinks=1';
    } else {
        if (!empty($options['keywords'])) {
            $qext = '&amp;keywords=1';
        }
    }
    $offset = '';
    if (isset($options['value'][0])) {
        $val = _html_escape($options['value']);
        printf(_("Found %s matching %s out of %s total pages"), $ret['hit'], $ret['hit'] == 1 ? _("page") : _("pages"), $ret['all']);
        if (!empty($ret['next'])) {
            $limit = isset($DBInfo->fullsearch_page_limit[0]) ? $DBInfo->fullsearch_page_limit : 5000;
            // 5000 pages
            if (isset($ret['searched'])) {
                $limit = $ret['searched'];
            }
            printf(_(" (%s pages are searched)") . '<br />', $limit);
        } else {
            echo '<br />';
        }
        if (empty($ret['context'])) {
            $tag = $formatter->link_to("?action=fullsearch&amp;value={$val}{$qext}{$qnext}&amp;context=20", _("Show Context."));
            print $tag . '<br />';
        }
        if ($options['id'] != 'Anonymous') {
            if (!empty($ret['next']) and $ret['next'] < $ret['all']) {
                $qoff = '&amp;offset=' . $ret['next'];
                $tag = $formatter->link_to("?action=fullsearch{$qext}&amp;value={$val}{$qoff}", _("Search next results"));
                echo $tag;
            }
            if (empty($options['backlinks']) and empty($options['keywords']) or !empty($Config['show_refresh'])) {
                $tag = $formatter->link_to("?action=fullsearch{$qext}&amp;value={$val}{$qnext}&amp;refresh=1", _("Refresh"));
                printf(_(" (%s search results)"), $tag);
            }
        }
    }
    $value = _urlencode($options['value']);
    print '<h2>' . sprintf(_("You can also click %s to search title.\n"), $formatter->link_to("?action=titlesearch&amp;value={$value}", _("here"))) . "</h2>\n";
    $args['noaction'] = 1;
    $formatter->send_footer($args, $options);
}