function plugin_newpage_action()
{
global $vars, $_string, $_newpage_messages;
// if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
if (Auth::check_role('readonly')) {
Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_READONLY'), '', 403);
}
if (Auth::is_check_role(PKWK_CREATE_PAGE)) {
Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_CREATE_PAGE'), '', 403);
}
if (!isset($vars['page'])) {
$retvars['msg'] = $_newpage_messages['title'];
$retvars['body'] = plugin_newpage_convert();
return $retvars;
} else {
$page = Utility::stripNullBytes($vars['page']);
if (isset($vars['refer'])) {
$r_page = Utility::getPageName($page, $vars['refer']);
$r_refer = 'refer=' . $vars['refer'];
} else {
$r_page = $page;
$r_refer = '';
}
Utility::redirect(get_page_location_uri($r_page, $r_refer));
exit;
}
}
function plugin_pcomment_action()
{
global $vars, $_string;
// if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
if (Auth::check_role('readonly')) {
Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_READONLY'));
}
if (!isset($vars['msg']) || empty($vars['msg'])) {
return array();
}
// Validate
if (is_spampost(array('msg'))) {
Utility::dump();
return array('msg' => '', 'body' => '');
// Do nothing
}
$refer = isset($vars['refer']) ? $vars['refer'] : '';
if (!is_page($refer) && Auth::is_check_role(PKWK_CREATE_PAGE)) {
Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_CREATE_PAGE'));
}
$retval = plugin_pcomment_insert();
if ($retval['collided']) {
$vars['page'] = $refer;
return $retval;
}
$hash = isset($vars['reply']) ? '#pcmt' . Utility::htmlsc($vars['reply']) : '';
Utility::redirect(get_page_location_uri($refer) . $hash);
}
function plugin_comment_action()
{
global $vars, $post, $_comment_messages;
// if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
if (Auth::check_role('readonly')) {
die_message(sprintf($_comment_messages['err_prohibit'], 'PKWK_READONLY'));
}
if (!is_page($vars['refer']) && Auth::is_check_role(PKWK_CREATE_PAGE)) {
Utility::dieMessage(sprintf($_comment_messages['err_prohibit'], 'PKWK_CREATE_PAGE'));
}
return plugin_comment_write();
}
function plugin_role_convert()
{
global $_role_msg;
$role = Auth::get_role_level();
if ($role == 0) {
return '';
}
$argv = func_get_args();
$i = count($argv);
if ($i < 2) {
return role_list($role);
}
$msg = $argv[$i - 1];
if (!Auth::is_check_role($argv[0])) {
return RendererFactory::factory(str_replace("\r", "\n", $msg));
}
return '';
}
function plugin_guiedit_action()
{
// global $vars, $_title_edit, $load_template_func;
global $vars, $load_template_func;
global $menubar, $sidebar, $topicpath, $_string;
// if (PKWK_READONLY) Utility::dieMessage( sprintf($_string['error_prohibit'],'PKWK_READONLY') );
if (Auth::check_role('readonly')) {
Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_READONLY'));
}
if (PKWK_READONLY == Auth::ROLE_AUTH && Auth::get_role_level() > Auth::ROLE_AUTH) {
Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_READONLY'));
}
$page = isset($vars['page']) ? $vars['page'] : '';
$wiki = Factory::Wiki($page);
if (!$wiki->isEditable()) {
Utility::dieMessage('You have not permission to edit this page.');
}
if (!is_page($page) && Auth::is_check_role(PKWK_CREATE_PAGE)) {
Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_CREATE_PAGE'));
}
global $guiedit_use_fck;
$guiedit_use_fck = isset($vars['text']) ? false : true;
if ($guiedit_use_fck) {
global $guiedit_pkwk_root;
$guiedit_pkwk_root = get_baseuri('abs');
}
if (GUIEDIT_FULL_SIZE) {
$menubar = $sidebar = '';
$topicpath = false;
}
if (isset($vars['edit'])) {
return plugin_guiedit_edit_data($page);
} else {
if ($load_template_func && isset($vars['template'])) {
return plugin_guiedit_template();
} else {
if (isset($vars['preview'])) {
return plugin_guiedit_preview();
} else {
if (isset($vars['write'])) {
return plugin_guiedit_write();
} else {
if (isset($vars['cancel'])) {
return plugin_guiedit_cancel();
}
}
}
}
}
$postdata = $vars['original'] = $wiki->get(true);
if (isset($vars['text'])) {
if (!empty($vars['id'])) {
exist_plugin('edit');
$postdata = plugin_edit_parts($vars['id'], $source);
if ($postdata === FALSE) {
unset($vars['id']);
$postdata = $vars['original'];
}
}
if ($postdata == '') {
$postdata = $wiki->auto_template();
}
}
return array('msg' => 'GUI Edit', 'body' => plugin_guiedit_edit_form($page, $postdata));
}
function plugin_suckerfish_keyword($name)
{
global $do_backup, $trackback, $referer;
global $function_freeze;
global $vars;
// $is_read = (arg_check('read') && is_page($vars['page']));
$is_read = isset($vars['page']) && is_page($vars['page']);
$is_readonly = Auth::check_role('readonly');
$is_safemode = Auth::check_role('safemode');
$is_createpage = Auth::is_check_role(PKWK_CREATE_PAGE);
$num = func_num_args();
$args = $num ? func_get_args() : array();
switch ($name) {
case 'freeze':
if ($is_readonly) {
break;
}
if (!$is_read) {
break;
}
if ($function_freeze) {
if (!is_freeze($vars['page'])) {
$name = 'freeze';
} else {
$name = 'unfreeze';
}
return _suckerfish($name);
}
break;
case 'upload':
if ($is_readonly) {
break;
}
if (!$is_read) {
break;
}
if ($function_freeze && is_freeze($vars['page'])) {
break;
}
if ((bool) ini_get('file_uploads')) {
return _suckerfish($name);
}
break;
case 'filelist':
if (arg_check('list')) {
return _suckerfish($name);
}
break;
case 'backup':
if ($do_backup) {
return _suckerfish($name);
}
break;
case 'referer':
if ($referer) {
return _suckerfish($name);
}
break;
case 'rss':
case 'mixirss':
return _suckerfish($name);
break;
case 'diff':
if (!$is_read) {
break;
}
if ($is_safemode) {
break;
}
return _suckerfish($name);
break;
case 'edit':
case 'guiedit':
if (!$is_read) {
break;
}
if ($is_readonly) {
break;
}
if ($function_freeze && is_freeze($vars['page'])) {
break;
}
return _suckerfish($name);
break;
case 'new':
case 'newsub':
if ($is_createpage) {
break;
}
case 'rename':
case 'copy':
if ($is_readonly) {
break;
}
case 'reload':
case 'print':
case 'full':
if (!$is_read) {
break;
}
default:
return _suckerfish($name);
break;
}
return array();
}
function plugin_edit_action()
{
// global $vars, $_title_edit, $load_template_func;
global $vars, $load_template_func, $_string, $_edit_msg;
$page = isset($vars['page']) ? $vars['page'] : null;
if (empty($page)) {
return array('msg' => $_edit_msg['msg_edit'], 'body' => $_edit_msg['err_empty_page']);
}
$wiki = Factory::Wiki($page);
if (!$wiki->isEditable(true)) {
Utility::dieMessage($_string['err_empty_page'], 403);
}
// if (PKWK_READONLY) die_message( sprintf($_string['error_prohibit'], 'PKWK_READONLY') );
if (Auth::check_role('readonly')) {
Utility::dieMessage($_string['error_prohibit'], 403);
}
if (PKWK_READONLY == Auth::ROLE_AUTH && Auth::get_role_level() > Auth::ROLE_AUTH) {
Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_READONLY'), 403);
}
if (isset($vars['realview'])) {
return plugin_edit_realview();
}
if (!$wiki->has() && Auth::is_check_role(PKWK_CREATE_PAGE)) {
Utility::dieMessage(sprintf($_string['error_prohibit'], 'PKWK_CREATE_PAGE'), 403);
}
if (preg_match($wiki::INVALIED_PAGENAME_PATTERN, $page)) {
Utility::dieMessage($_string['illegal_chars']);
}
if (isset($vars['preview']) || $load_template_func && isset($vars['template'])) {
return plugin_edit_preview();
} else {
if (isset($vars['write'])) {
return plugin_edit_write();
} else {
if (isset($vars['cancel'])) {
return plugin_edit_cancel();
}
}
}
$postdata = $vars['original'] = $wiki->get(true);
Auth::is_role_page($postdata);
if (isset($vars['id']) && !empty($vars['id'])) {
$source = $wiki->get();
$postdata = plugin_edit_parts($vars['id'], $source);
if ($postdata === FALSE) {
unset($vars['id']);
// なかったことに :)
$postdata = $vars['original'];
}
}
if (empty($postdata)) {
// Check Page name length
// http://pukiwiki.sourceforge.jp/dev/?PukiWiki%2F1.4%2F%A4%C1%A4%E7%A4%C3%A4%C8%CA%D8%CD%F8%A4%CB%2F%C4%B9%A4%B9%A4%AE%A4%EB%A5%DA%A1%BC%A5%B8%CC%BE%A4%CE%A5%DA%A1%BC%A5%B8%A4%CE%BF%B7%B5%AC%BA%EE%C0%AE%A4%F2%CD%DE%BB%DF
$filename_max_length = 250;
$filename = Utility::encode($page) . '.txt';
$filename_length = strlen($filename);
if ($filename_length > $filename_max_length) {
// Filename too long
return array('msg' => $_edit_msg['title_edit'], 'body' => join("\n", array('<p class="alert alert-warning"><span class="fa fa-exclamation-triangle"></span>' . $_edit_msg['err_long'], '</p>', '<dl class="dl-horizontal">', '<dt>Page name</dt>', '<dd>' . Utility::htmlsc($page) . '</dd>', '<dt>Filename</dt>', '<dd>' . $filename . '</dd>', '<dt>Filename length</dt>', '<dd>' . $filename_length . '</dd>', '<dt>Filename limit</dt>', '<dd>' . $filename_max_length . '</dd>', '</dl>')));
} else {
$postdata = $wiki->auto_template();
}
}
return array('msg' => sprintf($_edit_msg['title_edit'], $page), 'body' => Utility::editForm($page, $postdata));
}
/**
* ページを書き込む
* @param string $str 書き込むデーター
* @param boolean $notimestamp タイムスタンプを更新するかのフラグ
* @return void
*/
public function set($str, $keeptimestamp = false)
{
global $use_spam_check, $_string, $vars, $_title, $whatsnew, $whatsdeleted;
// roleのチェック
if (Auth::check_role('readonly')) {
return;
}
// Do nothing
if (Auth::is_check_role(PKWK_CREATE_PAGE)) {
Utility::dieMessage(sprintf($_strings['error_prohibit'], 'PKWK_READONLY'), 403);
}
// 簡易スパムチェック(不正なエンコードだった場合ここでエラー)
if (isset($vars['encode_hint']) && $vars['encode_hint'] !== PKWK_ENCODING_HINT) {
Utility::dump();
Utility::dieMessage($_string['illegal_chars'], 403);
}
// ポカミス対策:配列だった場合文字列に変換
if (is_array($str)) {
$str = join("\n", $str);
}
// 入力データーを整形(※string型です)
$postdata = Rules::make_str_rules($str);
// 過去のデーターを取得
$oldpostdata = self::has() ? self::get(TRUE) : '';
// 差分を生成(ここでの差分データーはAkismetでも使う)
$diff = new Diff($oldpostdata, $postdata);
$diffobj = new LineDiff();
$diffdata = $diffobj->str_compare($oldpostdata, $postdata);
// ログイン済みもしくは、自動更新されるページである
$has_not_permission = Auth::check_role('role_contents_admin');
// 未ログインの場合、S25Rおよび、DNSBLチェック
if ($has_not_permission) {
$ip_filter = new IpFilter();
//if ($ip_filter->isS25R()) Utility::dieMessage('S25R host is denied.');
// 簡易スパムチェック
if (Utility::isSpamPost()) {
Utility::dump();
Utility::dieMessage('Writing was limited. (Blocking SPAM)');
}
if (isset($use_spam_check['page_remote_addr']) && $use_spam_check['page_remote_addr'] !== 0) {
// DNSBLチェック
$listed = $ip_filter->checkHost();
if ($listed !== false) {
Utility::dump('dnsbl');
Utility::dieMessage(sprintf($_strings['prohibit_dnsbl'], $listed), $_title['prohibit'], 400);
}
}
if (isset($use_spam_check['page_contents']) && $use_spam_check['page_contents'] !== 0) {
// URLBLチェック
$reason = self::checkUriBl($diff);
if ($reason !== false) {
Utility::dump($reason);
Utility::dieMessage($_strings['prohibit_uribl'], $_title['prohibit'], 400);
}
}
// 匿名プロクシ
if ($use_spam_check['page_write_proxy'] && ProxyChecker::is_proxy()) {
Utility::dump('proxy');
Utility::dieMessage($_strings['prohibit_proxy'], $_title['prohibit'], 400);
}
// Akismet
global $akismet_api_key;
if (isset($use_spam_check['akismet']) && $use_spam_check['akismet'] !== 0 && !empty($akismet_api_key)) {
$akismet = new Akismet($akismet_api_key, Router::get_script_absuri());
if ($akismet->verifyKey($akismet_api_key)) {
// 送信するデーターをセット
$akismet_post = array('user_ip' => REMOTE_ADDR, 'user_agent' => $_SERVER['HTTP_USER_AGENT'], 'comment_type' => 'comment', 'comment_author' => isset($vars['name']) ? $vars['name'] : 'Anonymous', 'comment_content' => $postdata);
// if ($use_spam_check['akismet'] === 1){
// // 差分のみをAkismetに渡す
// foreach ($diff->getSes() as $key=>$line){
// if ($key !== $diff::SES_ADD) continue;
// $added_data[] = $line;
// }
// $akismet_post['comment_content'] = join("\n",$added_data);
// unset($added_data);
// }
if ($akismet->isSpam($akismet_post)) {
Utility::dump('akismet');
Utility::dieMessage($_strings['prohibit_akismet'], $_title['prohibit'], 400);
}
} else {
Utility::dieMessage('Akismet API key does not valied.', 500);
}
}
// captcha check
if (isset($use_spam_check['captcha']) && $use_spam_check['captcha'] !== 0) {
Captcha::check(false);
}
}
// 現時点のページのハッシュを読む
$old_digest = $this->wiki->has() ? $this->wiki->digest() : 0;
// オリジナルが送られてきている場合、Wikiへの書き込みを中止し、競合画面を出す。
// 現時点のページのハッシュと、送信されたページのハッシュを比較して異なる場合、
// 自分が更新している間に第三者が更新した(=競合が起きた)と判断する。
$collided = isset($vars['digest']) && $old_digest !== 0 && $vars['digest'] !== $old_digest;
if ($collided && isset($vars['original'])) {
return array('msg' => $_string['title_collided'], 'body' => $_string['msg_collided'] . Utility::showCollision($oldpostdata, $postdata, $vars['original']) . Utility::editForm($this->page, $postdata, false));
}
// add client info to diff
// $diffdata[] = '// IP:"'. REMOTE_ADDR . '" TIME:"' . UTIME . '" REFERER:"' . $referer . '" USER_AGENT:"' . $user_agent. "\n";
FileFactory::Diff($this->page)->set($diffdata);
unset($oldpostdata, $diff, $diffdata);
// Logging postdata (Plus!)
if (self::POST_LOGGING === TRUE) {
Utility::dump(self::POST_LOG_FILENAME);
}
// 入力が空の場合、削除とする
if (empty($str)) {
// Wikiページを削除
$ret = $this->wiki->set('');
Recent::set($this->page, true);
} else {
// Wikiを保存
$ret = $this->wiki->set($postdata, $keeptimestamp);
// 最終更新を更新
Recent::set($this->page);
}
if ($this->page !== $whatsnew || $this->page !== $whatsdeleted || !$this->isHidden()) {
// バックアップを更新
Factory::Backup($this->page)->set();
// 更新ログをつける
LogFactory::factory('update', $this->page)->set();
if (!$keeptimestamp && !empty($str)) {
// weblogUpdates.pingを送信
$ping = new Ping($this->page);
$ping->send();
}
}
// 簡易競合チェック
if ($collided) {
return array('msg' => $_string['title_collided'], 'body' => $_string['msg_collided_auto']);
}
}
function plugin_amazon_action()
{
global $vars;
global $_amazon_msg, $_string;
global $_title;
// global $_no_name;
if (empty($vars['itemid'])) {
$retvars['msg'] = $_amazon_msg['msg_ReviewEdit'];
$retvars['body'] = amazon_make_review_page();
return $retvars;
} else {
$itemid = Utility::htmlsc($vars['itemid']);
}
if (Auth::check_role('readonly')) {
die_message($_string['prohibit']);
}
if (Auth::is_check_role(PKWK_CREATE_PAGE)) {
die_message($_amazon_msg['err_newpage']);
}
if (empty($vars['refer']) || !check_readable($vars['refer'], false, false)) {
die;
}
$locale = empty($vars['locale']) ? 'jp' : Utility::htmlsc($vars['locale']);
$obj = new amazon_ecs($itemid, $locale);
if (!$obj->is_itemid) {
$retvars['msg'] = $_amazon_msg['err_code_set'];
$retvars['body'] = amazon_make_review_page();
return $retvars;
}
$obj->get_items();
if (empty($obj->asin)) {
die_message($_amazon_msg['err_not_found']);
}
$s_page = $vars['refer'];
// 入力された内容ではなく、一律 ASINに変換
$r_page = $s_page . '/' . $obj->asin;
// 入力された ISBNm ASINで作成
// $r_page = $s_page . '/' . $obj->itemid;
$r_page_url = rawurlencode($r_page);
$wiki = Factory::Wiki($r_page);
$wiki->checkEditable(true);
if (!empty($obj->items['Error'])) {
$obj->rm_cache(array('xml' => true, 'img' => true));
return array('msg' => 'Error', 'body' => $obj->items['Error']);
}
if (empty($obj->items['title']) or preg_match('/^\\//', $s_page)) {
Utility::redirect(Router::get_page_uri($s_page));
}
// レビューページ編集
$body = Factory::Wiki(PLUGIN_AMAZON_TRACKER_PAGE_NAME)->get(true);
// $body = str_replace('$1', $obj->itemid, $body);
$body = str_replace('$1', $obj->asin, $body);
$body = str_replace('$2', $obj->locale, $body);
$body = str_replace('[title]', $obj->items['title'], $body);
$body = str_replace('[asin]', $obj->asin, $body);
$author = $obj->items['author'];
$author = empty($author) ? $obj->items['manufact'] : $author;
$body = str_replace('[author]', $author, $body);
$body = str_replace('[group]', $obj->items['group'], $body);
$auth_key = Auth::get_user_name();
$name = empty($auth_key['nick']) ? $_amazon_msg['msg_myname'] : $auth_key['nick'];
$body = str_replace('[critic]', '[[' . $name . ']]', $body);
$body = str_replace('[date]', '&date;', $body);
$body = str_replace('[recommendation]', '[[' . $_amazon_msg['msg_this_edit'] . ']]', $body);
$body = str_replace('[body]', '[[' . $_amazon_msg['msg_this_edit'] . ']]', $body);
$wiki->set($body);
Utility::redirect($wiki->uri('edit'));
}
function plugin_bugtrack_action()
{
global $vars;
global $_plugin_bugtrack, $_string;
// if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
if (Auth::check_role('readonly')) {
die_message($_string['prohibit']);
}
if (Auth::is_check_role(PKWK_CREATE_PAGE)) {
die_message(str_replace('PKWK_CREATE_PAGE', 'PKWK_READONLY', $_string['prohibit']));
}
if ($vars['mode'] != 'submit') {
return FALSE;
}
// Vaildation foreign values(by miko)
$spam = !in_array($vars['priority'], $_plugin_bugtrack['priority_list']) || !in_array($vars['state'], $_plugin_bugtrack['state_list']) ? TRUE : FALSE;
if ($spam) {
honeypot_write();
return array('msg' => 'cannot write', 'body' => '<p>prohibits editing</p>');
}
$page = plugin_bugtrack_write($vars['base'], $vars['pagename'], $vars['summary'], $vars['name'], $vars['priority'], $vars['state'], $vars['category'], $vars['version'], $vars['body']);
Utility::redirect(get_page_location_uri($page));
exit;
}
function plugin_newpage_subdir_action()
{
global $vars;
if (Auth::check_role('readonly') || Auth::is_check_role(PKWK_CREATE_PAGE)) {
return sprintf($_string['error_prohibit'], 'Readonly');
}
$roots = $retval = array();
$page = empty($vars['page']) ? '' : $vars['page'];
$dir = empty($vars['directory']) ? '' : strip_bracket($vars['directory']);
if (empty($page)) {
if (!empty($dir)) {
$roots[] = substr($dir, -1) == '/' ? substr($dir, 0, -1) : $dir;
}
return array('msg' => sprintf(T_('Create new page to %s directory'), $dir), 'body' => print_form_string(build_directory_list($roots)));
}
Utility::redirect(Factory::Wiki($dir . $page)->uri('edit'));
}
function plugin_dav_action()
{
global $scriptname, $log_ua, $attach_link;
if (!exist_plugin('attach')) {
dav_error_exit(500, 'attach plugin not found.');
}
$scriptname = SCRIPT_NAME;
header('Expires: Sat, 1 Jan 2000 00:00:00 GMT');
header('Cache-Control: no-store, no-cache, must-revalidate');
header('Cache-Control: post-check=0, pre-check=0', false);
header('Pragma: no-cache');
//$_SERVER['REQUEST_METHOD'] = 'PROPFIND';
$req_headers = apache_request_headers();
$path_info = isset($_SERVER['PATH_INFO']) ? $_SERVER['PATH_INFO'] : '';
switch ($_SERVER['REQUEST_METHOD']) {
case 'OPTIONS':
header('DAV: 1');
// OPTIONS,PROPFIND,GET,HEAD,PUT,DELETE,MOVE,COPY
// header('Allow: OPTIONS,PROPFIND,GET,PUT,MOVE,COPY');
header('Allow: OPTIONS,PROPFIND,GET,PUT,MOVE,COPY,LOCK,UNLOCK');
header('MS-Author-Via: DAV');
exit;
case 'PROPFIND':
// 添付する際にパスワードまたは、管理者のみの場合は、認証を要求
if (!$attach_link || Auth::is_protect() || PLUGIN_ATTACH_PASSWORD_REQUIRE || PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY) {
$is_admin = PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY ? true : false;
// 管理者パスワードを許容するか
$login = Auth::check_auth_pw();
// 認証済かどうか
if (empty($login)) {
dav_error_exit(401, $is_admin);
}
// 未認証の場合、認証要求
// 認証判定
if (dav_login($is_admin) === false || Auth::is_protect()) {
dav_error_exit(403);
}
}
if (empty($path_info)) {
dav_error_exit(301, NULL, dav_myurl1() . '/');
}
$depth = isset($req_headers['Depth']) ? $req_headers['Depth'] : 0;
list($dir, $file) = dav_get_folder_info($path_info, $depth);
if (!isset($dir)) {
dav_error_exit(404);
}
$ret = dav_makemultistat($dir, $file, $_SERVER['REQUEST_URI'], $depth);
if (!isset($ret)) {
dav_error_exit(301, NULL, dav_myurl() . '/');
}
header('HTTP/1.1 207 Multi-Status');
header('Content-Type: text/xml');
echo $ret->saveXML();
exit;
case 'GET':
case 'HEAD':
// 通常のファイル参照時は、このメソッドでアクセスされる
$obj = dav_getfileobj($path_info, true);
if (isset($obj) && $obj->exists) {
$obj->open();
} else {
if ($_SERVER['REQUEST_METHOD'] == 'GET' && empty($path_info) && strpos($log_ua, 'MSIE') > 0) {
dav_officious_message();
exit;
} else {
dav_error_exit(404);
}
}
exit;
case 'PUT':
if (Auth::check_role('readonly')) {
dav_error_exit(403, 'PKWK_READONLY prohibits editing');
}
// 添付する際にパスワードまたは、管理者のみの場合は、認証を要求
if (PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY) {
if (!Auth::check_role('role_contents_admin') && !Auth::is_temp_admin()) {
dav_error_exit(403);
}
}
$size = isset($req_headers['Content-Length']) ? intval($req_headers['Content-Length']) : 0;
// Windows 7のクライアントは、まず0バイト書いて、
// それをLOCKしてから、上書きしにくる。
// しかし、Pukiwikiは基本上書き禁止。
// そこで0バイトの時は無視する。
if ($size == 0) {
exit;
}
if ($size > PLUGIN_ATTACH_MAX_FILESIZE) {
dav_error_exit(403, 'file size error');
}
// get file
$tmpfilename = tempnam('/tmp', 'dav');
$fp = fopen($tmpfilename, 'wb');
$size = 0;
$putdata = fopen('php://input', 'rb');
while ($data = fread($putdata, 1024)) {
$size += strlen($data);
fwrite($fp, $data);
}
@fclose($putdata);
@fclose($fp);
list($_page, $_filename) = dav_get_filename($path_info);
// FIXME - 勝手にファイル名を変更するため、クライアントの挙動がおかしくなる
if (PLUGIN_DAV_MUST_COMPRESS) {
$type = Utility::getMimeInfo($tmpfilename);
$must_compress = attach_is_compress($type, PLUGIN_ATTACH_UNKNOWN_COMPRESS);
} else {
$must_compress = false;
}
$obj = dav_getfileobj($path_info, false, $must_compress);
if (!is_object($obj)) {
dav_error_exit(403, 'no page');
}
if ($obj->exist) {
@unlink($tmpfilename);
dav_error_exit(403, 'already exist.');
}
$ext = $must_compress ? dav_attach_get_ext() : '';
switch ($ext) {
case '.tgz':
$tar = new tarlib();
$tar->create(CACHE_DIR, 'tgz') or dav_error_exit(500);
$tar->add_file($tmpfilename, $_filename);
$tar->close();
@rename($tar->filename, $obj->filename);
chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE);
@unlink($tar->filename);
break;
case '.gz':
$tp = fopen($tmpfilename, 'rb') or dav_error_exit(500);
// アップロードされたファイルが読めません
$zp = gzopen($obj->filename, 'wb') or dav_error_exit(500);
// 圧縮ファイルが書けません
while (!feof($tp)) {
gzwrite($zp, fread($tp, 8192));
}
gzclose($zp);
fclose($tp);
chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE);
@unlink($tmpfilename);
break;
case '.bz2':
$tp = fopen($tmpfilename, 'rb') or dav_error_exit(500);
// アップロードされたファイルが読めません
$zp = bzopen($obj->filename, 'wb') or dav_error_exit(500);
// 圧縮ファイルが書けません
while (!feof($tp)) {
bzwrite($zp, fread($tp, 8192));
}
bzclose($zp);
fclose($tp);
chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE);
@unlink($tmpfilename);
break;
case '.zip':
$zip = new ZipArchive();
$zip->addFile($tmpfilename, $_filename);
if ($zip->status !== 0) {
dav_error_exit(500);
}
// $zip->status
$zip->close();
chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE);
@unlink($tmpfilename);
break;
default:
if (copy($tmpfilename, $obj->filename)) {
chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE);
}
@unlink($tmpfilename);
}
if (is_page($obj->page)) {
touch(get_filename($obj->page));
}
cache_timestamp_touch('attach');
$pass = dav_get_pass();
$obj->getstatus();
$obj->status['pass'] = $pass !== TRUE && $pass !== NULL ? md5($pass) : '';
$obj->putstatus();
// FIXME
// $must_compress 時のファイル名変更に追随できない
exit;
case 'DELETE':
if (Auth::check_role('readonly')) {
dav_error_exit(403, 'PKWK_READONLY prohibits editing');
}
// WinXP,Win7 では
// フォルダーは消せないくせに、消せたように処理してしまう。
// レスポンスコードを確認しないで消すので無意味。
// また、フォルダーの削除は、ページを意味するので除外する
if (substr($path_info, -1) === '/') {
dav_error_exit(501);
}
// 添付する際にパスワードまたは、管理者のみの場合は、認証を要求
if (PLUGIN_ATTACH_DELETE_ADMIN_ONLY) {
if (!Auth::check_role('role_contents_admin') && !Auth::is_temp_admin()) {
dav_error_exit(403);
}
}
$obj =& dav_getfileobj($path_info, false);
if (!is_object($obj)) {
dav_error_exit(403);
}
if ($obj->getstatus() == FALSE) {
dav_error_exit(404);
}
$pass = dav_get_pass();
$obj->delete($pass);
if (file_exists($obj->filename)) {
dav_error_exit(406, "can't delete this file");
}
cache_timestamp_touch('attach');
exit;
case 'MOVE':
case 'COPY':
// 添付ファイルのコピーと移動のみ
// 同じページ内での添付ファイルの移動もわざわざ消して書いている
// ページのコピーや移動は未実装
if (Auth::check_role('readonly')) {
dav_error_exit(403, 'PKWK_READONLY prohibits editing');
}
// 添付する際にパスワードまたは、管理者のみの場合は、認証を要求
if (PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY || PLUGIN_ATTACH_DELETE_ADMIN_ONLY) {
if (!Auth::check_role('role_contents_admin') && !Auth::is_temp_admin()) {
dav_error_exit(403);
}
}
// GET TO (Destination)
$destname = isset($req_headers['Destination']) ? $req_headers['Destination'] : '';
if (strpos($destname, dav_myurl0()) === 0) {
$destname = substr($destname, strlen(dav_myurl0()));
}
if (strpos($destname, $scriptname) === 0) {
$destname = urldecode(substr($destname, strlen($scriptname)));
} else {
dav_error_exit(403, 'not dav directory.');
}
// if ($path_info === $destname) dav_error_exit(403); // Forbidden
// ページ名変更
if (PLUGIN_DAV_CREATE_PAGE && $_SERVER['REQUEST_METHOD'] == 'MOVE') {
// FIXME
// 実在ページ && 添付ファイルなし なら許容
// 下位ページがあっても、無視して実行、関連ファイルもリネームしていない
$from = dav_strip_slash($path_info);
if (is_page($from)) {
$pages = dav_get_existpages_cache();
if (isset($pages[$from]['file']) && count($pages[$from]['file']) == 0) {
$to = dav_strip_slash($destname);
if (isset($pages[$to])) {
dav_error_exit(409);
}
// Conflict
rename(get_filename($from), get_filename($to));
cache_timestamp_touch();
} else {
dav_error_exit(501);
// Method not Implemented
}
exit;
}
}
// FROM (PATH_INFO)
if ($_SERVER['REQUEST_METHOD'] == 'MOVE') {
$obj1 =& dav_getfileobj($path_info, false);
} else {
$obj1 =& dav_getfileobj($path_info, true);
// readonly
}
if (!is_object($obj1)) {
dav_error_exit(403, 'no src page.');
}
if ($obj1->getstatus() == FALSE) {
dav_error_exit(404);
}
// TO (Destination)
$obj2 =& dav_getfileobj($destname, false);
if (!is_object($obj2)) {
dav_error_exit(403, 'no dst page.');
}
if ($obj2->exist) {
dav_error_exit(409);
}
// Conflict - 'already exist'
if (copy($obj1->filename, $obj2->filename)) {
chmod($obj2->filename, PLUGIN_ATTACH_FILE_MODE);
} else {
dav_error_exit(406, "can't copy it");
}
// COPY
$pass = dav_get_pass();
if (is_page($obj2->page)) {
touch(get_filename($obj2->page));
}
$obj2->getstatus();
$obj2->status['pass'] = $pass !== TRUE && $pass !== NULL ? md5($pass) : '';
$obj2->putstatus();
// MOVE(DELETE)
if ($_SERVER['REQUEST_METHOD'] == 'MOVE') {
$obj1->delete($pass);
if (file_exists($obj1->filename)) {
dav_error_exit(406, "can't delete this file");
}
}
cache_timestamp_touch('attach');
exit;
case 'MKCOL':
// Microsoft-WebDAV-MiniRedir などは、[新しいフォルダー] をまず作成しようとするので無意味
if (!PLUGIN_DAV_CREATE_PAGE) {
dav_error_exit(403);
}
if (Auth::check_role('readonly')) {
dav_error_exit(403, 'PKWK_READONLY prohibits editing');
}
if (Auth::is_check_role(PKWK_CREATE_PAGE)) {
dav_error_exit(403, 'PKWK_CREATE_PAGE prohibits editing');
}
// 添付する際にパスワードまたは、管理者のみの場合は、認証を要求
if (PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY || PLUGIN_ATTACH_DELETE_ADMIN_ONLY) {
if (!Auth::check_role('role_contents_admin') && !Auth::is_temp_admin()) {
dav_error_exit(403);
}
}
// windows の場合、スラッシュで終わらない場合がある
if (substr($path_info, -1) !== '/') {
$path_info .= '/';
}
if (!isset($path_info)) {
dav_error_exit(403);
}
if (preg_match('/^\\/(.+)\\/$/', $path_info, $matches) != 1) {
dav_error_exit(403);
}
$page = dav_strip_slash($path_info);
$wiki = Factory::Wiki($page);
if (!$wiki->isValied()) {
dav_error_exit(403);
}
$wiki->set(PLUGIN_DAV_FOLODER_PAGE_BODY);
// write initial string to the page.
cache_timestamp_touch();
// PROPFIND の挙動 (作成したフォルダーを表示させるため)
$depth = '1';
list($dir, $file) = dav_get_folder_info($path_info, $depth);
if (!isset($dir)) {
dav_error_exit(404);
}
$ret = dav_makemultistat($dir, $file, $_SERVER['REQUEST_URI'], $depth);
if (!isset($ret)) {
dav_error_exit(301, NULL, dav_myurl() . '/');
}
header('HTTP/1.1 200 OK');
header('Content-Type: text/xml');
echo $ret->saveXML();
exit;
case 'PROPPATCH':
// PROPPATCH が失敗するとファイルを消すため必要。
header('HTTP/1.1 207 Multi-Status');
header('Content-Type: text/xml');
$ret = dav_proppatch_dummy_response($_SERVER['REQUEST_URI']);
echo $ret->saveXML();
exit;
case 'LOCK':
case 'UNLOCK':
case 'POST':
dav_error_exit(501);
// Method not Implemented
exit;
default:
dav_error_exit(405);
// Method not Allowed
}
exit;
}
function plugin_cmd_link($name, $page)
{
$is_readonly = Auth::check_role('readonly');
$is_safemode = Auth::check_role('safemode');
$is_createpage = Auth::is_check_role(PKWK_CREATE_PAGE);
if (isset($page)) {
$page = isset($vars['page']) ? $vars['page'] : '';
}
// $is_read = (arg_check('read') && is_page($_page));
$is_read = is_page($page);
$is_editable = is_editable($page);
switch ($name) {
case 'freeze':
case 'unfreeze':
if ($is_read && $function_freeze) {
if ($is_freeze) {
$name = 'unfreeze';
} else {
$name = 'freeze';
}
return plugin_cmd_getlink($name);
}
break;
case 'upload':
if ($is_read && (bool) ini_get('file_uploads') && !$is_freeze && !($_page == $whatsnew || $_page == $whatsdeleted)) {
return plugin_cmd_getlink($name);
}
break;
case 'list':
if ($vars['cmd'] !== 'list') {
return plugin_cmd_getlink($name);
} else {
if ((bool) ini_get('file_uploads')) {
return plugin_cmd_getlink('filelist');
}
}
break;
case 'backup':
if ($do_backup) {
return plugin_cmd_getlink($name);
}
break;
case 'brokenlink':
case 'template':
case 'source':
if (!empty($_page)) {
return plugin_cmd_getlink($name);
}
break;
case 'trackback':
if ($trackback && !($_page == $whatsnew || $_page == $whatsdeleted)) {
$tbcount = tb_count($_page);
if (isset($vars['cmd']) && $vars['cmd'] == 'list') {
return plugin_cmd_getlink($name, 'Trackback list');
} else {
return plugin_cmd_getlink($name, 'Trackback(' . $tbcount . ')');
}
}
break;
case 'referer':
case 'skeylist':
case 'linklist':
if ($referer) {
return plugin_cmd_getlink($name);
}
break;
case 'log_login':
if (log_exist('login', $vars['page'])) {
return plugin_cmd_getlink($name);
}
break;
case 'log_check':
if (log_exist('check', $vars['page'])) {
return plugin_cmd_getlink($name);
}
break;
case 'log_browse':
return plugin_cmd_getlink($name);
// if (log_exist('browse',$vars['page'])) {
// return plugin_cmd_getlink($name);
// }
break;
case 'log_update':
if (log_exist('update', $vars['page'])) {
return plugin_cmd_getlink($name);
}
break;
case 'log_down':
if (log_exist('download', $vars['page'])) {
return plugin_cmd_getlink($name);
}
break;
case '|':
return '</ul>' . "\n" . '<ul>';
break;
// case 'new':
// case 'new':
case 'newsub':
case 'edit':
case 'guiedit':
if ($is_read && $function_freeze && !$is_freeze && !($_page == $whatsnew || $_page == $whatsdeleted)) {
return plugin_cmd_getlink($name);
}
break;
case 'full':
case 'print':
case 'diff':
case 'reload':
case 'copy':
if (!$is_read) {
break;
}
default:
return plugin_cmd_getlink($name);
break;
}
}
function plugin_tracker_action()
{
global $vars, $now, $config_name, $_string, $session;
// if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing');
// Plus! code start
if (Auth::check_role('readonly')) {
die_message($_string['prohibit']);
}
if (Auth::is_check_role(PKWK_CREATE_PAGE)) {
die_message(_('PKWK_CREATE_PAGE prohibits editing'));
}
$base = isset($vars['_base']) ? $vars['_base'] : null;
$refer = isset($vars['_refer']) ? $vars['_refer'] : null;
if (isset($vars['cancel'])) {
Utility::redirect(Router::get_page_uri($refer));
}
$tracker_form = new Tracker_form();
// Petit SPAM Check (Client(Browser)-Server Ticket Check)
$config = $tracker_form->config_name;
// Rescan
if ($session->offsetGet('tracker') !== md5(get_ticket() . $config_name)) {
honeypot_write();
return array('msg' => 'Cannot write', 'body' => 'Prohibits editing');
}
// Plus! code end
// $page name to add will be decided here
$num = 0;
$name = isset($vars['_name']) ? $vars['_name'] : null;
if (isset($vars['_page'])) {
$real = $page = $vars['_page'];
} else {
$real = is_pagename($name) ? $name : ++$num;
$page = get_fullname('./' . $real, $base);
}
if (!is_pagename($page)) {
$page = $base;
}
while (is_page($page)) {
$real = ++$num;
$page = $base . '/' . $real;
}
$config = isset($vars['_config']) ? $vars['_config'] : null;
// TODO: Why here
// Default
if (isset($_FILES)) {
$_post = array_merge($vars, $_FILES);
}
$_post['_date'] = $now;
$_post['_page'] = $page;
$_post['_name'] = $name;
$_post['_real'] = $real;
// $_post['_refer'] = $_post['refer'];
// TODO: Why here => See BugTrack/662
// Creating an empty page, before attaching files
$from = $to = array();
$tracker_form = new Tracker_form();
if (!$tracker_form->init($base, $refer, $config)) {
return array('msg' => 'Cannot write', 'body' => '<p class="alert alert-warning">' . Utility::htmlsc($tracker_form->error) . '</p>');
}
// Load $template
$template_page = $tracker_form->config->page . '/' . PLUGIN_TRACKER_DEFAULT_PAGE;
$template = plugin_tracker_get_source($template_page);
if ($template === FALSE || empty($template)) {
return array('msg' => 'Cannot write', 'body' => '<p class="alert alert-warning">Page template (' . Utility::htmlsc($template_page) . ') not found</p>');
}
if (!$tracker_form->initFields(plugin_tracker_field_pickup(implode(null, $template)))) {
return array('msg' => 'Cannot write', 'body' => '<p class="alert alert-warning">' . Utility::htmlsc($tracker_form->error) . '</p>');
}
$fields = $tracker_form->fields;
unset($tracker_form);
foreach (array_keys($fields) as $field) {
$from[] = '[' . $field . ']';
$to[] = isset($_post[$field]) ? $fields[$field]->format_value($_post[$field]) : null;
unset($fields[$field]);
}
// Repalace every [$field]s (found inside $template) to real values
$subject = $escape = array();
foreach (array_keys($template) as $linenum) {
if (trim($template[$linenum]) == null) {
continue;
}
// Escape some TextFormattingRules
$letter = $template[$linenum][0];
if ($letter == '|' || $letter == ':') {
$escape['|'][$linenum] = $template[$linenum];
} else {
if ($letter == ',') {
$escape[','][$linenum] = $template[$linenum];
} else {
// TODO: Escape "\n" except multiline-allowed fields
$subject[$linenum] = $template[$linenum];
}
}
}
foreach (str_replace($from, $to, $subject) as $linenum => $line) {
$template[$linenum] = $line;
}
if ($escape) {
// Escape for some TextFormattingRules
foreach (array_keys($escape) as $hint) {
$to_e = plugin_tracker_escape($to, $hint);
foreach (str_replace($from, $to_e, $escape[$hint]) as $linenum => $line) {
$template[$linenum] = $line;
}
}
unset($to_e);
}
unset($from, $to);
if (isset($vars['preview'])) {
global $_button;
unset($vars['preview']);
$form[] = '<p class="alert alert-success">' . T_('It will be sent with the contents of the following.') . '</p>';
$form[] = '<form action="' . Router::get_script_uri() . '"enctype="multipart/form-data" method="post" class="form-horizontal plugin-tracker-form">';
foreach ($vars as $key => $value) {
$form[] = '<input type="hidden" name="' . $key . '" value="' . $value . '" />';
}
$form[] = '<button type="submit" class="btn btn-primary" name="write" accesskey="s"><span class="fa fa-check"></span>' . $_button['update'] . '</button>';
$form[] = '<button type="submit" class="btn btn-warning" name="cancel" accesskey="c"><span class="fa fa-ban"></span>' . $_button['cancel'] . '</button>';
$form[] = '</form>';
$form[] = '<hr />';
$form[] = RendererFactory::factory($template);
return array('msg' => 'Preview', 'body' => join("\n", $form));
} else {
// Write $template, without touch
$wiki = Factory::Wiki($page);
$wiki->set($template);
Utility::redirect($wiki->uri());
}
exit;
}
