function LoadFile($dbi, $filename, $text, $mtime) { set_time_limit(30); // Reset watchdog. if (!$mtime) { $mtime = time(); } // Last resort. $defaults = array('author' => 'The PhpWiki programming team', 'pagename' => rawurldecode($filename), 'created' => $mtime, 'flags' => 0, 'lastmodified' => $mtime, 'refs' => array(), 'version' => 1); if (!($parts = ParseMimeifiedPages($text))) { // Can't parse MIME: assume plain text file. $page = $defaults; $page['pagename'] = rawurldecode($filename); $page['content'] = preg_split('/[ \\t\\r]*\\n/', chop($text)); SavePage($dbi, $page, "text file"); } else { for (reset($parts); $page = current($parts); next($parts)) { // Fill in defaults for missing values? // Should we do more sanity checks here? reset($defaults); while (list($key, $val) = each($defaults)) { if (!isset($page[$key])) { $page[$key] = $val; } } if ($page['pagename'] != rawurldecode($filename)) { printf("<b>Warning:</b> " . "pagename (%s) doesn't match filename (%s)" . " (using pagename)<br>\n", htmlspecialchars($page['pagename']), htmlspecialchars(rawurldecode($filename))); } SavePage($dbi, $page, "MIME file"); } } }
/** * Security alert! We should not allow to import config.ini into our wiki (or from a sister wiki?) * because the sql passwords are in plaintext there. And the webserver must be able to read it. * Detected by Santtu Jarvi. */ function LoadFile(&$request, $filename, $text = false, $mtime = false) { if (preg_match("/config\$/", dirname($filename)) and preg_match("/config.*\\.ini/", basename($filename))) { trigger_error(sprintf("Refused to load %s", $filename), E_USER_WARNING); return; } if (!is_string($text)) { // Read the file. $stat = stat($filename); $mtime = $stat[9]; $text = implode("", file($filename)); } if (!$request->getArg('start_debug')) { @set_time_limit(30); } else { @set_time_limit(240); } // FIXME: basename("filewithnoslashes") seems to return garbage sometimes. $basename = basename("/dummy/" . $filename); if (!$mtime) { $mtime = time(); } // Last resort. $default_pagename = rawurldecode($basename); if ($parts = ParseMimeifiedPages($text)) { usort($parts, 'SortByPageVersion'); foreach ($parts as $pageinfo) { SavePage($request, $pageinfo, sprintf(_("MIME file %s"), $filename), $basename); } } else { if ($pageinfo = ParseSerializedPage($text, $default_pagename, $request->getUser())) { SavePage($request, $pageinfo, sprintf(_("Serialized file %s"), $filename), $basename); } else { $user = $request->getUser(); // Assume plain text file. $pageinfo = array('pagename' => $default_pagename, 'pagedata' => array(), 'versiondata' => array('author' => $user->getId()), 'content' => preg_replace('/[ \\t\\r]*\\n/', "\n", chop($text))); SavePage($request, $pageinfo, sprintf(_("plain file %s"), $filename), $basename); } } }
/** * Security alert! We should not allow to import config.ini into our wiki (or from a sister wiki?) * because the sql passwords are in plaintext there. And the webserver must be able to read it. * Detected by Santtu Jarvi. */ function LoadFile(&$request, $filename, $text = false, $mtime = false) { if (preg_match("/config\$/", dirname($filename)) and preg_match("/config.*\\.ini/", basename($filename))) { trigger_error(sprintf("Refused to load %s", $filename), E_USER_WARNING); return; } if (!is_string($text)) { // Read the file. $stat = stat($filename); $mtime = $stat[9]; $text = implode("", file($filename)); } if (!$request->getArg('start_debug')) { @set_time_limit(30); } else { @set_time_limit(240); } // FIXME: basename("filewithnoslashes") seems to return garbage sometimes. $basename = basename("/dummy/" . $filename); if (!$mtime) { $mtime = time(); } // Last resort. // DONE: check source - target charset for content and pagename // but only for pgsrc'ed content, not from the browser. $default_pagename = rawurldecode($basename); if ($parts = ParseMimeifiedPages($text)) { if (count($parts) > 1) { $overwrite = $request->getArg('overwrite'); } usort($parts, 'SortByPageVersion'); foreach ($parts as $pageinfo) { // force overwrite if (count($parts) > 1) { $request->setArg('overwrite', 1); } SavePage($request, $pageinfo, sprintf(_("MIME file %s"), $filename), $basename); } if (count($parts) > 1) { if ($overwrite) { $request->setArg('overwrite', $overwrite); } else { unset($request->_args['overwrite']); } } } else { if ($pageinfo = ParseSerializedPage($text, $default_pagename, $request->getUser())) { SavePage($request, $pageinfo, sprintf(_("Serialized file %s"), $filename), $basename); } else { // plain old file $user = $request->getUser(); $file_charset = 'utf-8'; // compare to target charset if ($file_charset != strtolower($GLOBALS['charset'])) { $text = charset_convert($file_charset, $GLOBALS['charset'], $text); $default_pagename = charset_convert($file_charset, $GLOBALS['charset'], $default_pagename); } // Assume plain text file. $pageinfo = array('pagename' => $default_pagename, 'pagedata' => array(), 'versiondata' => array('author' => $user->getId()), 'content' => preg_replace('/[ \\t\\r]*\\n/', "\n", chop($text))); SavePage($request, $pageinfo, sprintf(_("plain file %s"), $filename), $basename); } } }
function createHomepage($pref) { $pagename = $this->_userid; include "lib/loadsave.php"; // create default homepage: // properly expanded template and the pref metadata $template = Template('homepage.tmpl', $this->_request); $text = $template->getExpansion(); $pageinfo = array('pagedata' => array('pref' => serialize($pref->_pref)), 'versiondata' => array('author' => $this->_userid), 'pagename' => $pagename, 'content' => $text); SavePage($this->_request, $pageinfo, false, false); // create Calender $pagename = $this->_userid . SUBPAGE_SEPARATOR . _('Preferences'); if (!isWikiPage($pagename)) { $pageinfo = array('pagedata' => array(), 'versiondata' => array('author' => $this->_userid), 'pagename' => $pagename, 'content' => "<?plugin Calender ?>\n"); SavePage($this->_request, $pageinfo, false, false); } // create Preferences $pagename = $this->_userid . SUBPAGE_SEPARATOR . _('Preferences'); if (!isWikiPage($pagename)) { $pageinfo = array('pagedata' => array(), 'versiondata' => array('author' => $this->_userid), 'pagename' => $pagename, 'content' => "<?plugin UserPreferences ?>\n"); SavePage($this->_request, $pageinfo, false, false); } }
function add(&$request, $blog, $type = 'wikiblog') { $parent = $blog['pagename']; if (empty($parent)) { $prefix = ""; // allow empty parent for default "Blog/day" $parent = HOME_PAGE; } else { $prefix = $parent . SUBPAGE_SEPARATOR; } //$request->finish(fmt("No pagename specified for %s",$type)); $now = time(); $dbi = $request->getDbh(); $user = $request->getUser(); /* * Page^H^H^H^H Blog meta-data * This method is reused for all attachable pagetypes: wikiblog, comment and wikiforum * * This is info that won't change for each revision. * Nevertheless, it's now stored in the revision meta-data. * Several reasons: * o It's more convenient to have all information required * to render a page revision in the revision meta-data. * o We can avoid a race condition, since version meta-data * updates are atomic with the version creation. */ $blog_meta = array('ctime' => $now, 'creator' => $user->getId(), 'creator_id' => $user->getAuthenticatedId()); // Version meta-data $summary = trim($blog['summary']); $version_meta = array('author' => $blog_meta['creator'], 'author_id' => $blog_meta['creator_id'], 'markup' => 2.0, 'summary' => $summary ? $summary : _("New comment."), 'mtime' => $now, 'pagetype' => $type, $type => $blog_meta); if ($type == 'comment') { unset($version_meta['summary']); } // Comment body. $body = trim($blog['body']); $saved = false; while (!$saved) { // Generate the page name. For now, we use the format: // Rootname/Blog/2003-01-11/14:03:02+00:00 // This gives us natural chronological order when sorted // alphabetically. "Rootname/" is optional. $time = Iso8601DateTime(); if ($type == 'wikiblog') { $pagename = "Blog"; } elseif ($type == 'comment') { $pagename = "Comment"; } elseif ($type == 'wikiforum') { $pagename = substr($summary, 0, 12); } // Check intermediate pages. If not existing they should RedirectTo the parent page. // Maybe add the BlogArchives plugin instead for the new interim subpage. $redirected = $prefix . $pagename; if (!$dbi->isWikiPage($redirected)) { require_once 'lib/loadsave.php'; $pageinfo = array('pagename' => $redirected, 'content' => '<?plugin RedirectTo page=' . $parent . ' ?>', 'pagedata' => array(), 'versiondata' => array('author' => $blog_meta['creator'])); SavePage($request, $pageinfo, '', ''); } $redirected = $prefix . $pagename . SUBPAGE_SEPARATOR . preg_replace("/T.*/", "", "{$time}"); if (!$dbi->isWikiPage($redirected)) { require_once 'lib/loadsave.php'; $pageinfo = array('pagename' => $redirected, 'content' => '<?plugin RedirectTo page=' . $parent . ' ?>', 'pagedata' => array(), 'versiondata' => array('author' => $blog_meta['creator'])); SavePage($request, $pageinfo, '', ''); } $p = $dbi->getPage($prefix . $pagename . SUBPAGE_SEPARATOR . str_replace("T", SUBPAGE_SEPARATOR, "{$time}")); $pr = $p->getCurrentRevision(); // Version should be zero. If not, page already exists // so increment timestamp and try again. if ($pr->getVersion() > 0) { $now++; continue; } // FIXME: there's a slight, but currently unimportant // race condition here. If someone else happens to // have just created a blog with the same name, // we'll have locked it before we discover that the name // is taken. /* * FIXME: For now all blogs are locked. It would be * nice to allow only the 'creator' to edit by default. */ $p->set('locked', true); //lock by default $saved = $p->save($body, 1, $version_meta); $now++; } $dbi->touch(); $request->redirect($request->getURLtoSelf()); // noreturn // FIXME: when submit a comment from preview mode, // adds the comment properly but jumps to browse mode. // Any way to jump back to preview mode??? }