Ejemplo n.º 1
0
 /**
  * スパムフィルタ
  * @param string $cmd 動作
  */
 public static function spamCheck($cmd)
 {
     global $spam, $vars, $method;
     // Adjustment
     $_spam = !empty($spam);
     $_cmd = strtolower($cmd);
     $_ignore = array();
     switch ($_cmd) {
         case 'search':
             $_spam = FALSE;
             break;
         case 'edit':
             $_page =& $page;
             if (isset($vars['add']) && $vars['add']) {
                 $_cmd = 'add';
             } else {
                 $_ignore[] = 'original';
             }
             break;
         case 'bugtrack':
             $_page =& $vars['base'];
             break;
         case 'tracker':
             $_page =& $vars['_base'];
             break;
         case 'read':
             $_page =& $page;
             break;
         default:
             $_page =& $refer;
             break;
     }
     if ($_spam) {
         if (isset($spam['method'][$_cmd])) {
             $_method = $spam['method'][$_cmd];
         } else {
             if (isset($spam['method']['_default'])) {
                 $_method = $spam['method']['_default'];
             } else {
                 $_method = array();
             }
         }
         $exitmode = isset($spam['exitmode']) ? $spam['exitmode'] : null;
         // Hack: ignorance several keys
         if ($_ignore) {
             $_vars = array();
             foreach ($vars as $key => $value) {
                 $_vars[$key] =& $vars[$key];
             }
             foreach ($_ignore as $key) {
                 unset($_vars[$key]);
             }
         } else {
             $_vars = $vars;
         }
         Spam::pkwk_spamfilter($method . ' to #' . $_cmd, $_page, $_vars, $_method, $exitmode);
     }
 }
Ejemplo n.º 2
0
function plugin_spam_pages()
{
    global $vars, $post, $_msg_invalidpass, $_spam_messages;
    $ob = ob_get_level();
    $script = Router::get_script_uri();
    $start = isset($post['start']) ? $post['start'] : NULL;
    $s_start = $start === NULL ? '' : Utility::htmlsc($start);
    $pass = isset($post['pass']) ? $post['pass'] : NULL;
    $sort = isset($post['sort']);
    $s_sort = $sort ? ' checked' : '';
    $per = 100;
    $form = <<<EOD
<form action="{$script}" method="post" class="spam_form">
\t<input type="hidden" name="cmd" value="spam" />
\t<input type="hidden" name="mode" value="pages" />
\t<fieldset>
\t\t<legend>{$_spam_messages['msg_pages']}</legend>
\t\t<label for="start">{$_spam_messages['label_start']}</label>
\t\t<input type="text" name="start" id="start" size="40" value="{$s_start}" /><br />
\t\t<input type="checkbox" name="sort" value="on" id="sort" {$s_sort} />
\t\t<label for="sort">{$_spam_messages['label_sort']}</label><br />
\t\t<label for="pass">{$_spam_messages['label_pass']}</label>
\t\t<input type="password" name="pass" id="pass" size="12" /><br />
\t\t<input type="submit" class="btn btn-primary" name="check" value="{$_spam_messages['check']}" />
\t</fieldset>
</form>

EOD;
    if ($pass !== NULL && Auth::login($pass)) {
        // Check and report
        $method = array('_comment' => '_default', 'badhost' => TRUE);
        echo $form;
        flush();
        if ($ob) {
            @ob_flush();
        }
        $pages = Listing::exists();
        if ($sort) {
            sort($pages, SORT_STRING);
        }
        $count = $search = $hit = 0;
        foreach ($pages as $pagename) {
            ++$count;
            if ($start !== '') {
                if ($start == $pagename) {
                    $start = '';
                } else {
                    continue;
                }
            }
            ++$search;
            if ($search % $per == 0) {
                flush();
                if ($ob) {
                    @ob_flush();
                }
            }
            $progress = Spam::check_uri_spam(Factory::Wiki($pagename)->get(), $method);
            if (empty($progress['is_spam'])) {
                echo Utility::htmlsc($pagename);
                echo '<br />' . "\n";
            } else {
                ++$hit;
                echo '<div style="padding: 0pt 0.7em;" class="ui-state-error ui-corner-all">' . '<p><span class="ui-icon ui-icon-alert" style="float: left; margin-right: 0.3em;"></span>' . sprintf($_spam_messages['msg_found'], Utility::htmlsc($pagename)) . '</p>';
                echo '<p>' . "\n";
                $tmp = Spam::summarize_detail_badhost($progress);
                if ($tmp != '') {
                    echo '&nbsp; DETAIL_BADHOST: ' . str_replace('  ', '&nbsp; ', nl2br(htmlsc($tmp) . "\n"));
                }
            }
        }
        echo '</p>' . "\n";
        echo '<hr />' . "\n";
        echo sprintf($_spam_messages['msg_hits'], $hit, $search, $count);
        exit;
    }
    $body = $pass === NULL ? '' : '<p><strong>' . $_msg_invalidpass . '</strong></p>' . "\n";
    $body .= $form;
    return array('msg' => $_spam_messages['title'] . $_spam_messages['title_pages'], 'body' => $body);
}
Ejemplo n.º 3
0
function attach_doupload($file, $page, $pass = NULL, $temp)
{
    global $_attach_messages, $_string;
    global $notify, $notify_subject, $notify_exclude, $spam;
    $filename = Utility::encode($page) . '_' . Utility::encode($file);
    $type = Utility::getMimeInfo($temp);
    $must_compress = PLUGIN_ATTACH_UNKNOWN_COMPRESS !== 0 ? attach_is_compress($type, PLUGIN_ATTACH_UNKNOWN_COMPRESS) : false;
    // 不明なファイルを圧縮するか?
    // ファイル名の長さをチェック
    $filename_length = strlen($filename);
    if ($filename_length >= 255 || $must_compress && $filename_length >= 251) {
        return array('result' => FALSE, 'msg' => $_attach_messages['err_filename']);
    }
    // スパムチェック
    if ($spam !== 0) {
        // ファイルの内容でスパムチェック
        // if attach spam, filtering attach file.
        $vars['uploadname'] = $file['name'];
        $vars['uploadtext'] = attach_gettext($file['tmp_name']);
        if ($vars['uploadtext'] === '' || $vars['uploadtext'] === FALSE) {
            return FALSE;
        }
        if (isset($spam['method']['attach'])) {
            $_method =& $spam['method']['attach'];
        } else {
            if (isset($spam['method']['_default'])) {
                $_method =& $spam['method']['_default'];
            } else {
                $_method = array();
            }
        }
        $exitmode = isset($spam['exitmode']) ? $spam['exitmode'] : '';
        Spam::pkwk_spamfilter('File Attach', $page, $vars, $_method, $exitmode);
    }
    if ($must_compress) {
        // 添付ファイルを圧縮する
        switch (PLUGIN_ATTACH_COMPRESS_TYPE) {
            case 'GZ':
                if (!extension_loaded('zlib')) {
                    Utility::dieMessage('#attach: zlib extention has not loaded.');
                }
                $obj = new AttachFile($page, $file . '.gz');
                if ($obj->exist) {
                    return array('result' => FALSE, 'msg' => $_attach_messages['err_exists']);
                }
                $tp = fopen($file['tmp_name'], 'rb') or die_message($_attach_messages['err_load_file']);
                $zp = gzopen($obj->filename, 'wb') or die_message($_attach_messages['err_write_tgz']);
                while (!feof($tp)) {
                    gzwrite($zp, fread($tp, 8192));
                }
                gzclose($zp);
                fclose($tp);
                chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE);
                break;
            case 'ZIP':
                if (!class_exists('ZipArchive')) {
                    Utility::dieMessage('#attach: ZipArchive class has not defined.');
                }
                $obj = new AttachFile($page, $file . '.zip');
                if ($obj->exist) {
                    return array('result' => FALSE, 'msg' => $_attach_messages['err_exists']);
                }
                $zip = new ZipArchive();
                $zip->addFile($temp, $file);
                // if ($zip->status !== ZIPARCHIVE::ER_OK)
                if ($zip->status !== 0) {
                    die_message($_attach_messages['err_upload'] . '(' . $zip->status . ').');
                }
                $zip->close();
                chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE);
                break;
            case 'BZ2':
                if (!extension_loaded('bz2')) {
                    Utility::dieMessage('#attach: bz2 extention has not loaded.');
                }
                $obj = new AttachFile($page, $file . '.bz2');
                if ($obj->exist) {
                    return array('result' => FALSE, 'msg' => $_attach_messages['err_exists']);
                }
                $tp = fopen($file['tmp_name'], 'rb') or die_message($_attach_messages['err_load_file']);
                $zp = bzopen($obj->filename, 'wb') or die_message($_attach_messages['err_write_tgz']);
                while (!feof($tp)) {
                    bzwrite($zp, fread($tp, 8192));
                }
                bzclose($zp);
                fclose($tp);
                chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE);
                break;
            default:
                //miko
                $obj = new AttachFile($page, $file);
                if ($obj->exist) {
                    return array('result' => FALSE, 'msg' => $_attach_messages['err_exists']);
                }
                if (move_uploaded_file($temp, $obj->filename)) {
                    chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE);
                }
                break;
        }
    } else {
        // 通常添付
        $obj = new AttachFile($page, $file);
        if (isset($obj->exist)) {
            return array('result' => FALSE, 'msg' => $_attach_messages['err_exists']);
        }
        if (move_uploaded_file($temp, $obj->filename)) {
            chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE);
        }
    }
    if (file_exists($temp)) {
        unlink($temp);
    }
    // ページのタイムスタンプを更新
    Factory::Wiki($page)->touch();
    $obj->status['pass'] = $pass !== TRUE && $pass !== NULL ? md5($pass) : '';
    if ($notify) {
        $notify_exec = TRUE;
        foreach ($notify_exclude as $exclude) {
            $exclude = preg_quote($exclude);
            if (substr($exclude, -1) == '.') {
                $exclude .= '*';
            }
            if (preg_match('/^' . $exclude . '/', get_remoteip())) {
                $notify_exec = FALSE;
                break;
            }
        }
        $footer['ACTION'] = 'File attached';
        $footer['FILENAME'] = $file['name'];
        $footer['FILESIZE'] = $file['size'];
        $footer['PAGE'] = $page;
        $footer['URI'] = get_cmd_uri('attach', '', array('refer' => $page, 'pcmd' => 'info', 'file' => $file['name']));
        $footer['USER_AGENT'] = TRUE;
        $footer['REMOTE_ADDR'] = TRUE;
        pkwk_mail_notify($notify_subject, "\n", $footer);
    }
    return array('result' => TRUE, 'msg' => $_attach_messages['msg_uploaded']);
}
Ejemplo n.º 4
0
 /**
  * Main function of spam-uri pickup,
  * A wrapper function of uri_pickup()
  * @param type $string
  * @param type $method
  * @return type
  */
 static function spam_uri_pickup($string = '', $method = array())
 {
     if (!is_array($method) || empty($method)) {
         $method = Spam::check_uri_spam_method();
     }
     $string = self::spam_uri_pickup_preprocess($string, $method);
     $array = self::uri_pickup($string);
     // Area elevation of URIs, for '(especially external)link' intension
     if (!empty($array)) {
         $_method = array();
         if (isset($method['uri_anchor'])) {
             $_method['uri_anchor'] =& $method['uri_anchor'];
         }
         if (isset($method['uri_bbcode'])) {
             $_method['uri_bbcode'] =& $method['uri_bbcode'];
         }
         $areas = self::area_pickup($string, $_method, TRUE);
         if (!empty($areas)) {
             $area_shadow = array();
             foreach (array_keys($array) as $key) {
                 $area_shadow[$key] =& $array[$key]['area'];
                 foreach (array_keys($_method) as $_key) {
                     $area_shadow[$key][$_key] = 0;
                 }
             }
             foreach (array_keys($_method) as $_key) {
                 if (isset($areas[$_key])) {
                     self::area_measure($areas[$_key], $area_shadow, 1, $_key);
                 }
             }
         }
     }
     // Remove 'offset's for area_measure()
     foreach (array_keys($array) as $key) {
         unset($array[$key]['area']['offset']);
     }
     return $array;
 }