/**
* Security alert! We should not allow to import config.ini into our wiki (or from a sister wiki?)
* because the sql passwords are in plaintext there. And the webserver must be able to read it.
* Detected by Santtu Jarvi.
*/
function LoadFile(&$request, $filename, $text = false, $mtime = false)
{
if (preg_match("/config\$/", dirname($filename)) and preg_match("/config.*\\.ini/", basename($filename))) {
trigger_error(sprintf("Refused to load %s", $filename), E_USER_WARNING);
return;
}
if (!is_string($text)) {
// Read the file.
$stat = stat($filename);
$mtime = $stat[9];
$text = implode("", file($filename));
}
if (!$request->getArg('start_debug')) {
@set_time_limit(30);
} else {
@set_time_limit(240);
}
// FIXME: basename("filewithnoslashes") seems to return garbage sometimes.
$basename = basename("/dummy/" . $filename);
if (!$mtime) {
$mtime = time();
}
// Last resort.
$default_pagename = rawurldecode($basename);
if ($parts = ParseMimeifiedPages($text)) {
usort($parts, 'SortByPageVersion');
foreach ($parts as $pageinfo) {
SavePage($request, $pageinfo, sprintf(_("MIME file %s"), $filename), $basename);
}
} else {
if ($pageinfo = ParseSerializedPage($text, $default_pagename, $request->getUser())) {
SavePage($request, $pageinfo, sprintf(_("Serialized file %s"), $filename), $basename);
} else {
$user = $request->getUser();
// Assume plain text file.
$pageinfo = array('pagename' => $default_pagename, 'pagedata' => array(), 'versiondata' => array('author' => $user->getId()), 'content' => preg_replace('/[ \\t\\r]*\\n/', "\n", chop($text)));
SavePage($request, $pageinfo, sprintf(_("plain file %s"), $filename), $basename);
}
}
}
/**
* Security alert! We should not allow to import config.ini into our wiki (or from a sister wiki?)
* because the sql passwords are in plaintext there. And the webserver must be able to read it.
* Detected by Santtu Jarvi.
*/
function LoadFile(&$request, $filename, $text = false, $mtime = false)
{
if (preg_match("/config\$/", dirname($filename)) and preg_match("/config.*\\.ini/", basename($filename))) {
trigger_error(sprintf("Refused to load %s", $filename), E_USER_WARNING);
return;
}
if (!is_string($text)) {
// Read the file.
$stat = stat($filename);
$mtime = $stat[9];
$text = implode("", file($filename));
}
if (!$request->getArg('start_debug')) {
@set_time_limit(30);
} else {
@set_time_limit(240);
}
// FIXME: basename("filewithnoslashes") seems to return garbage sometimes.
$basename = basename("/dummy/" . $filename);
if (!$mtime) {
$mtime = time();
}
// Last resort.
// DONE: check source - target charset for content and pagename
// but only for pgsrc'ed content, not from the browser.
$default_pagename = rawurldecode($basename);
if ($parts = ParseMimeifiedPages($text)) {
if (count($parts) > 1) {
$overwrite = $request->getArg('overwrite');
}
usort($parts, 'SortByPageVersion');
foreach ($parts as $pageinfo) {
// force overwrite
if (count($parts) > 1) {
$request->setArg('overwrite', 1);
}
SavePage($request, $pageinfo, sprintf(_("MIME file %s"), $filename), $basename);
}
if (count($parts) > 1) {
if ($overwrite) {
$request->setArg('overwrite', $overwrite);
} else {
unset($request->_args['overwrite']);
}
}
} else {
if ($pageinfo = ParseSerializedPage($text, $default_pagename, $request->getUser())) {
SavePage($request, $pageinfo, sprintf(_("Serialized file %s"), $filename), $basename);
} else {
// plain old file
$user = $request->getUser();
$file_charset = 'utf-8';
// compare to target charset
if ($file_charset != strtolower($GLOBALS['charset'])) {
$text = charset_convert($file_charset, $GLOBALS['charset'], $text);
$default_pagename = charset_convert($file_charset, $GLOBALS['charset'], $default_pagename);
}
// Assume plain text file.
$pageinfo = array('pagename' => $default_pagename, 'pagedata' => array(), 'versiondata' => array('author' => $user->getId()), 'content' => preg_replace('/[ \\t\\r]*\\n/', "\n", chop($text)));
SavePage($request, $pageinfo, sprintf(_("plain file %s"), $filename), $basename);
}
}
}
