/**
* Save a wiki page
*
* @author Michael Klier <*****@*****.**>
*/
function putPage($id, $text, $params)
{
global $TEXT;
global $lang;
global $conf;
$id = cleanID($id);
$TEXT = cleanText($text);
$sum = $params['sum'];
$minor = $params['minor'];
if (empty($id)) {
return new IXR_Error(1, 'Empty page ID');
}
if (!page_exists($id) && trim($TEXT) == '') {
return new IXR_ERROR(1, 'Refusing to write an empty new wiki page');
}
if (auth_quickaclcheck($id) < AUTH_EDIT) {
return new IXR_Error(1, 'You are not allowed to edit this page');
}
// Check, if page is locked
if (checklock($id)) {
return new IXR_Error(1, 'The page is currently locked');
}
// SPAM check
if (checkwordblock()) {
return new IXR_Error(1, 'Positive wordblock check');
}
// autoset summary on new pages
if (!page_exists($id) && empty($sum)) {
$sum = $lang['created'];
}
// autoset summary on deleted pages
if (page_exists($id) && empty($TEXT) && empty($sum)) {
$sum = $lang['deleted'];
}
lock($id);
saveWikiText($id, $TEXT, $sum, $minor);
unlock($id);
// run the indexer if page wasn't indexed yet
if (!@file_exists(metaFN($id, '.indexed'))) {
// try to aquire a lock
$lock = $conf['lockdir'] . '/_indexer.lock';
while (!@mkdir($lock, $conf['dmode'])) {
usleep(50);
if (time() - @filemtime($lock) > 60 * 5) {
// looks like a stale lock - remove it
@rmdir($lock);
} else {
return false;
}
}
if ($conf['dperm']) {
chmod($lock, $conf['dperm']);
}
// do the work
idx_addPage($id);
// we're finished - save and free lock
io_saveFile(metaFN($id, '.indexed'), INDEXER_VERSION);
@rmdir($lock);
}
return 0;
}
/**
* Save a wiki page
*
* @author Michael Klier <*****@*****.**>
*/
function putPage($id, $text, $params)
{
global $TEXT;
global $lang;
$id = $this->resolvePageId($id);
$TEXT = cleanText($text);
$sum = $params['sum'];
$minor = $params['minor'];
if (empty($id)) {
throw new RemoteException('Empty page ID', 131);
}
if (!page_exists($id) && trim($TEXT) == '') {
throw new RemoteException('Refusing to write an empty new wiki page', 132);
}
if (auth_quickaclcheck($id) < AUTH_EDIT) {
throw new RemoteAccessDeniedException('You are not allowed to edit this page', 112);
}
// Check, if page is locked
if (checklock($id)) {
throw new RemoteException('The page is currently locked', 133);
}
// SPAM check
if (checkwordblock()) {
throw new RemoteException('Positive wordblock check', 134);
}
// autoset summary on new pages
if (!page_exists($id) && empty($sum)) {
$sum = $lang['created'];
}
// autoset summary on deleted pages
if (page_exists($id) && empty($TEXT) && empty($sum)) {
$sum = $lang['deleted'];
}
lock($id);
saveWikiText($id, $TEXT, $sum, $minor);
unlock($id);
// run the indexer if page wasn't indexed yet
idx_addPage($id);
return 0;
}
/**
* Save a wiki page
*
* @author Michael Klier <*****@*****.**>
*/
function putPage($id, $text, $params)
{
global $TEXT;
global $lang;
global $conf;
$id = cleanID($id);
$TEXT = cleanText($text);
$sum = $params['sum'];
$minor = $params['minor'];
if (empty($id)) {
return new IXR_Error(1, 'Empty page ID');
}
if (!page_exists($id) && trim($TEXT) == '') {
return new IXR_ERROR(1, 'Refusing to write an empty new wiki page');
}
if (auth_quickaclcheck($id) < AUTH_EDIT) {
return new IXR_Error(1, 'You are not allowed to edit this page');
}
// Check, if page is locked
if (checklock($id)) {
return new IXR_Error(1, 'The page is currently locked');
}
// SPAM check
if (checkwordblock()) {
return new IXR_Error(1, 'Positive wordblock check');
}
// autoset summary on new pages
if (!page_exists($id) && empty($sum)) {
$sum = $lang['created'];
}
// autoset summary on deleted pages
if (page_exists($id) && empty($TEXT) && empty($sum)) {
$sum = $lang['deleted'];
}
lock($id);
saveWikiText($id, $TEXT, $sum, $minor);
unlock($id);
// run the indexer if page wasn't indexed yet
idx_addPage($id);
return 0;
}
/**
* Revert to a certain revision
*
* @author Andreas Gohr <*****@*****.**>
*/
function act_revert($act)
{
global $ID;
global $REV;
global $lang;
// when no revision is given, delete current one
// FIXME this feature is not exposed in the GUI currently
$text = '';
$sum = $lang['deleted'];
if ($REV) {
$text = rawWiki($ID, $REV);
if (!$text) {
return 'show';
}
//something went wrong
$sum = $lang['restored'];
}
// spam check
if (checkwordblock($Text)) {
return 'wordblock';
}
saveWikiText($ID, $text, $sum, false);
msg($sum, 1);
//delete any draft
act_draftdel($act);
session_write_close();
// when done, show current page
$_SERVER['REQUEST_METHOD'] = 'post';
//should force a redirect
$REV = '';
return 'show';
}
/**
* Saves the comment with the given ID and then displays all comments
*/
function _save($cids, $raw, $act = NULL)
{
global $ID;
if (!$cids) {
return;
}
// do nothing if we get no comment id
if ($raw) {
global $TEXT;
$otxt = $TEXT;
// set $TEXT to comment text for wordblock check
$TEXT = $raw;
// spamcheck against the DokuWiki blacklist
if (checkwordblock()) {
msg($this->getLang('wordblock'), -1);
return false;
}
$TEXT = $otxt;
// restore global $TEXT
}
// get discussion meta file name
$file = metaFN($ID, '.comments');
$data = unserialize(io_readFile($file, false));
if (!is_array($cids)) {
$cids = array($cids);
}
foreach ($cids as $cid) {
if (is_array($data['comments'][$cid]['user'])) {
$user = $data['comments'][$cid]['user']['id'];
$convert = false;
} else {
$user = $data['comments'][$cid]['user'];
$convert = true;
}
// someone else was trying to edit our comment -> abort
if ($user != $_SERVER['REMOTE_USER'] && !auth_ismanager()) {
return false;
}
$date = time();
// need to convert to new format?
if ($convert) {
$data['comments'][$cid]['user'] = array('id' => $user, 'name' => $data['comments'][$cid]['name'], 'mail' => $data['comments'][$cid]['mail'], 'url' => $data['comments'][$cid]['url'], 'address' => $data['comments'][$cid]['address']);
$data['comments'][$cid]['date'] = array('created' => $data['comments'][$cid]['date']);
}
if ($act == 'toogle') {
// toogle visibility
$now = $data['comments'][$cid]['show'];
$data['comments'][$cid]['show'] = !$now;
$data['number'] = $this->_count($data);
$type = $data['comments'][$cid]['show'] ? 'sc' : 'hc';
} elseif ($act == 'show') {
// show comment
$data['comments'][$cid]['show'] = true;
$data['number'] = $this->_count($data);
$type = 'sc';
// show comment
} elseif ($act == 'hide') {
// hide comment
$data['comments'][$cid]['show'] = false;
$data['number'] = $this->_count($data);
$type = 'hc';
// hide comment
} elseif (!$raw) {
// remove the comment
$data['comments'] = $this->_removeComment($cid, $data['comments']);
$data['number'] = $this->_count($data);
$type = 'dc';
// delete comment
} else {
// save changed comment
$xhtml = $this->_render($raw);
// now change the comment's content
$data['comments'][$cid]['date']['modified'] = $date;
$data['comments'][$cid]['raw'] = $raw;
$data['comments'][$cid]['xhtml'] = $xhtml;
$type = 'ec';
// edit comment
}
}
// save the comment metadata file
io_saveFile($file, serialize($data));
$this->_addLogEntry($date, $ID, $type, '', $cid);
$this->_redirect($cid);
return true;
}
/**
* This function checks if the uploaded content is really what the
* mimetype says it is. We also do spam checking for text types here.
*
* We need to do this stuff because we can not rely on the browser
* to do this check correctly. Yes, IE is broken as usual.
*
* @author Andreas Gohr <*****@*****.**>
* @link http://www.splitbrain.org/blog/2007-02/12-internet_explorer_facilitates_cross_site_scripting
* @fixme check all 26 magic IE filetypes here?
*/
function media_contentcheck($file, $mime)
{
global $conf;
if ($conf['iexssprotect']) {
$fh = @fopen($file, 'rb');
if ($fh) {
$bytes = fread($fh, 256);
fclose($fh);
if (preg_match('/<(script|a|img|html|body|iframe)[\\s>]/i', $bytes)) {
return -3;
}
}
}
if (substr($mime, 0, 6) == 'image/') {
$info = @getimagesize($file);
if ($mime == 'image/gif' && $info[2] != 1) {
return -1;
} elseif ($mime == 'image/jpeg' && $info[2] != 2) {
return -1;
} elseif ($mime == 'image/png' && $info[2] != 3) {
return -1;
}
# fixme maybe check other images types as well
} elseif (substr($mime, 0, 5) == 'text/') {
global $TEXT;
$TEXT = io_readFile($file);
if (checkwordblock()) {
return -2;
}
}
return 0;
}
/**
* Handle 'save'
*
* Checks for spam and conflicts and saves the page.
* Does a redirect to show the page afterwards or
* returns a new action.
*
* @author Andreas Gohr <*****@*****.**>
*/
function act_save($act)
{
global $ID;
global $DATE;
global $PRE;
global $TEXT;
global $SUF;
global $SUM;
//spam check
if (checkwordblock()) {
return 'wordblock';
}
//conflict check //FIXME use INFO
if ($DATE != 0 && @filemtime(wikiFN($ID)) > $DATE) {
return 'conflict';
}
//save it
saveWikiText($ID, con($PRE, $TEXT, $SUF, 1), $SUM, $_REQUEST['minor']);
//use pretty mode for con
//unlock it
unlock($ID);
//delete draft
act_draftdel($act);
//show it
session_write_close();
header("Location: " . wl($ID, '', true));
exit;
}
/**
* Check against wordblock.
*/
function _clean_wordblock($excerpt)
{
global $TEXT;
$otext = $TEXT;
$TEXT = $excerpt;
$retval = checkwordblock();
$TEXT = $otext;
return !$retval;
}
/**
* Revert to a certain revision
*
* @author Andreas Gohr <*****@*****.**>
*
* @param string $act action command
* @return string action command
*/
function act_revert($act)
{
global $ID;
global $REV;
global $lang;
/* @var Input $INPUT */
global $INPUT;
// FIXME $INFO['writable'] currently refers to the attic version
// global $INFO;
// if (!$INFO['writable']) {
// return 'show';
// }
// when no revision is given, delete current one
// FIXME this feature is not exposed in the GUI currently
$text = '';
$sum = $lang['deleted'];
if ($REV) {
$text = rawWiki($ID, $REV);
if (!$text) {
return 'show';
}
//something went wrong
$sum = sprintf($lang['restored'], dformat($REV));
}
// spam check
if (checkwordblock($text)) {
msg($lang['wordblock'], -1);
return 'edit';
}
saveWikiText($ID, $text, $sum, false);
msg($sum, 1);
//delete any draft
act_draftdel($act);
session_write_close();
// when done, show current page
$INPUT->server->set('REQUEST_METHOD', 'post');
//should force a redirect
$REV = '';
return 'show';
}