function ref_save($page)
{
global $referer, $use_spam_check;
// if (PKWK_READONLY || ! $referer || empty($_SERVER['HTTP_REFERER'])) return TRUE;
// if (auth::check_role('readonly') || ! $referer || empty($_SERVER['HTTP_REFERER'])) return TRUE;
if (!$referer || empty($_SERVER['HTTP_REFERER'])) {
return TRUE;
}
$url = $_SERVER['HTTP_REFERER'];
// Validate URI (Ignore own)
$parse_url = parse_url($url);
if ($parse_url === FALSE || !isset($parse_url['host']) || $parse_url['host'] == $_SERVER['HTTP_HOST']) {
return TRUE;
}
// Blocking SPAM
if ($use_spam_check['referer'] && SpamCheck($parse_url['host'])) {
return TRUE;
}
if (!is_dir(REFERER_DIR)) {
die('No such directory: REFERER_DIR');
}
if (!is_writable(REFERER_DIR)) {
die('Permission denied to write: REFERER_DIR');
}
// Update referer data
if (ereg("[,\"\n\r]", $url)) {
$url = '"' . str_replace('"', '""', $url) . '"';
}
$data = ref_get_data($page, 3);
$d_url = rawurldecode($url);
if (!isset($data[$d_url])) {
$data[$d_url] = array('', UTIME, 0, $url, 1);
}
$data[$d_url][0] = UTIME;
$data[$d_url][2]++;
$filename = ref_get_filename($page);
$fp = fopen($filename, 'w');
if ($fp === FALSE) {
return FALSE;
}
set_file_buffer($fp, 0);
@flock($fp, LOCK_EX);
rewind($fp);
foreach ($data as $line) {
$str = trim(join(',', $line));
if ($str != '') {
fwrite($fp, $str . "\n");
}
}
@flock($fp, LOCK_UN);
fclose($fp);
return TRUE;
}
function page_write($page, $postdata, $notimestamp = FALSE)
{
global $trackback, $autoalias, $aliaspage;
global $autoglossary, $glossarypage;
global $use_spam_check;
// if (PKWK_READONLY) return; // Do nothing
if (auth::check_role('readonly')) {
return;
}
// Do nothing
if (is_page($page)) {
$oldpostdata = get_source($page, TRUE, TRUE);
} else {
if (auth::is_check_role(PKWK_CREATE_PAGE)) {
die_message(_('PKWK_CREATE_PAGE prohibits editing'));
}
$oldpostdata = '';
}
$postdata = make_str_rules($postdata);
// Create and write diff
$diffdata = do_diff($oldpostdata, $postdata);
$role_adm_contents = auth::check_role('role_adm_contents');
$links = array();
if ($trackback > 1 || $role_adm_contents && $use_spam_check['page_contents']) {
$links = get_this_time_links($postdata, $diffdata);
}
// Blocking SPAM
if ($role_adm_contents) {
if ($use_spam_check['page_remote_addr'] && SpamCheck($_SERVER['REMOTE_ADDR'], 'ip')) {
die_message('Writing was limited by IPBL (Blocking SPAM).');
}
if ($use_spam_check['page_contents'] && SpamCheck($links)) {
die_message('Writing was limited by DNSBL (Blocking SPAM).');
}
if ($use_spam_check['page_write_proxy'] && is_proxy()) {
die_message('Writing was limited by PROXY (Blocking SPAM).');
}
}
// Logging postdata
postdata_write();
// Create diff text
file_write(DIFF_DIR, $page, $diffdata);
// Create backup
make_backup($page, $postdata == '');
// Is $postdata null?
// Create wiki text
file_write(DATA_DIR, $page, $postdata, $notimestamp);
if (function_exists('senna_update')) {
senna_update($page, $oldpostdata, $postdata);
}
if ($trackback > 1) {
// TrackBack Ping
tb_send($page, $links);
}
unset($oldpostdata, $diffdata, $links);
links_update($page);
// Update autoalias.dat (AutoAliasName)
if ($autoalias && $page == $aliaspage) {
$aliases = get_autoaliases();
if (empty($aliases)) {
// Remove
@unlink(CACHE_DIR . PKWK_AUTOALIAS_REGEX_CACHE);
} else {
// Create or Update
autolink_pattern_write(CACHE_DIR . PKWK_AUTOALIAS_REGEX_CACHE, get_autolink_pattern(array_keys($aliases), $autoalias));
}
}
// Update glossary.dat (AutoGlossary)
if ($autoglossary && $page == $glossarypage) {
$words = get_autoglossaries();
if (empty($words)) {
// Remove
@unlink(CACHE_DIR . PKWK_GLOSSARY_REGEX_CACHE);
} else {
// Create or Update
autolink_pattern_write(CACHE_DIR . PKWK_GLOSSARY_REGEX_CACHE, get_glossary_pattern(array_keys($words), $autoglossary));
}
}
log_write('update', $page);
}
function plugin_tb_save($url, $tb_id)
{
global $vars, $trackback, $use_spam_check;
static $fields = array('url', 'title', 'excerpt', 'blog_name');
$die = '';
if (!$trackback) {
$die .= 'TrackBack feature disabled. ';
}
if ($url == '') {
$die .= 'URL parameter is not set. ';
}
if ($tb_id == '') {
$die .= 'TrackBack Ping ID is not set. ';
}
if ($die != '') {
plugin_tb_return(PLUGIN_TB_ERROR, $die);
}
if (!file_exists(TRACKBACK_DIR)) {
plugin_tb_return(PLUGIN_TB_ERROR, 'No such directory: TRACKBACK_DIR');
}
if (!is_writable(TRACKBACK_DIR)) {
plugin_tb_return(PLUGIN_TB_ERROR, 'Permission denied: TRACKBACK_DIR');
}
$page = tb_id2page($tb_id);
if ($page === FALSE) {
plugin_tb_return(PLUGIN_TB_ERROR, 'TrackBack ID is invalid.');
}
// URL validation (maybe worse of processing time limit)
if (!is_url($url)) {
plugin_tb_return(PLUGIN_TB_ERROR, 'URL is fictitious.');
}
if (PLUGIN_TB_SITE_CHECK === TRUE) {
$result = http_request($url);
if ($result['rc'] !== 200) {
plugin_tb_return(PLUGIN_TB_ERROR, 'URL is fictitious.');
}
$urlbase = get_script_absuri();
$matches = array();
if (preg_match_all('#' . preg_quote($urlbase, '#') . '#i', $result['data'], $matches) == 0) {
honeypot_write();
if (PLUGIN_TB_HTTP_ERROR === TRUE && is_sapi_clicgi() === FALSE) {
header('HTTP/1.0 403 Forbidden');
exit;
}
plugin_tb_return(PLUGIN_TB_ERROR, 'Writing is prohibited.');
}
} else {
$result = http_request($url, 'HEAD');
if ($result['rc'] !== 200) {
plugin_tb_return(PLUGIN_TB_ERROR, 'URL is fictitious.');
}
}
// Update TrackBack Ping data
$filename = tb_get_filename($page);
$data = tb_get($filename);
$matches = array();
$items = array(UTIME);
foreach ($fields as $key) {
$value = isset($vars[$key]) ? $vars[$key] : '';
if (preg_match('/[,"' . "\n\r" . ']/', $value)) {
$value = '"' . str_replace('"', '""', $value) . '"';
}
$items[$key] = $value;
// minimum checking from SPAM
if (preg_match_all('/a\\s+href=/i', $items[$key], $matches) >= 1) {
honeypot_write();
if (PLUGIN_TB_HTTP_ERROR === TRUE && is_sapi_clicgi() === FALSE) {
header('HTTP/1.0 400 Bad Request');
exit;
}
plugin_tb_return(PLUGIN_TB_ERROR, 'Writing is prohibited.');
}
}
// minimum checking from SPAM #2
foreach (array('title', 'excerpt', 'blog_name') as $key) {
if (preg_match_all('#http\\://#i', $items[$key], $matches) >= 1) {
honeypot_write();
if (PLUGIN_TB_HTTP_ERROR === TRUE && is_sapi_clicgi() === FALSE) {
header('HTTP/1.0 400 Bad Request');
exit;
}
plugin_tb_return(PLUGIN_TB_ERROR, 'Writing is prohibited.');
}
}
// Blocking SPAM
if ($use_spam_check['trackback'] && SpamCheck($items['url'])) {
plugin_tb_return(1, 'Writing is prohibited.');
}
$data[rawurldecode($items['url'])] = $items;
$fp = fopen($filename, 'w');
set_file_buffer($fp, 0);
flock($fp, LOCK_EX);
rewind($fp);
foreach ($data as $line) {
$line = preg_replace('/[\\r\\n]/s', '', $line);
// One line, one ping
fwrite($fp, join(',', $line) . "\n");
}
flock($fp, LOCK_UN);
fclose($fp);
plugin_tb_return(PLUGIN_TB_OK);
// Return OK
}
