function plugin_links_action() { global $script, $post, $vars, $foot_explain; global $_links_messages; if (PKWK_READONLY) { die_message('PKWK_READONLY prohibits this'); } $msg = $body = ''; if (empty($vars['action']) || empty($post['adminpass']) || !pkwk_login($post['adminpass'])) { $msg =& $_links_messages['title_update']; $body = convert_html($_links_messages['msg_usage']); $body .= <<<EOD <form method="POST" action="{$script}"> <div> <input type="hidden" name="plugin" value="links" /> <input type="hidden" name="action" value="update" /> <label for="_p_links_adminpass">{$_links_messages['msg_adminpass']}</label> <input type="password" name="adminpass" id="_p_links_adminpass" size="20" value="" /> <input type="submit" value="{$_links_messages['btn_submit']}" /> </div> </form> EOD; } elseif ($vars['action'] == 'update') { links_init(); $foot_explain = array(); // Exhaust footnotes $msg =& $_links_messages['title_update']; $body =& $_links_messages['msg_done']; } else { $msg =& $_links_messages['title_update']; $body =& $_links_messages['err_invalid']; } return array('msg' => $msg, 'body' => $body); }
function plugin_update_entities_action() { global $script, $vars; global $_entities_messages; if (PKWK_READONLY) { die_message('PKWK_READONLY prohibits this'); } $msg = $body = ''; if (empty($vars['action']) || empty($vars['adminpass']) || !pkwk_login($vars['adminpass'])) { $msg =& $_entities_messages['title_update']; $items = plugin_update_entities_create(); $body = convert_html(sprintf($_entities_messages['msg_usage'], join("\n" . '-', $items))); $body .= <<<EOD <form method="POST" action="{$script}"> <div> <input type="hidden" name="plugin" value="update_entities" /> <input type="hidden" name="action" value="update" /> <label for="_p_update_entities_adminpass">{$_entities_messages['msg_adminpass']}</label> <input type="password" name="adminpass" id="_p_update_entities_adminpass" size="20" value="" /> <input type="submit" value="{$_entities_messages['btn_submit']}" /> </div> </form> EOD; } else { if ($vars['action'] == 'update') { plugin_update_entities_create(TRUE); $msg =& $_entities_messages['title_update']; $body =& $_entities_messages['msg_done']; } else { $msg =& $_entities_messages['title_update']; $body =& $_entities_messages['err_invalid']; } } return array('msg' => $msg, 'body' => $body); }
function plugin_unfreeze_action() { global $script, $vars, $function_freeze; global $_title_isunfreezed, $_title_unfreezed, $_title_unfreeze; global $_msg_invalidpass, $_msg_unfreezing, $_btn_unfreeze; $page = isset($vars['page']) ? $vars['page'] : ''; if (!$function_freeze || !is_page($page)) { return array('msg' => '', 'body' => ''); } $pass = isset($vars['pass']) ? $vars['pass'] : NULL; $msg = $body = ''; if (!is_freeze($page)) { // Unfreezed already $msg =& $_title_isunfreezed; $body = str_replace('$1', htmlspecialchars(strip_bracket($page)), '<p>' . $_title_isunfreezed . '</p>'); } else { if ($pass !== NULL && pkwk_login($pass)) { // Unfreeze $postdata = get_source($page); array_shift($postdata); $postdata = join('', $postdata); file_write(DATA_DIR, $page, $postdata, TRUE); // Update is_freeze($page, TRUE); if (PLUGIN_UNFREEZE_EDIT) { $vars['cmd'] = 'read'; // To show 'Freeze' link $msg =& $_title_unfreezed; $body = edit_form($page, $postdata); } else { $vars['cmd'] = 'read'; $msg =& $_title_unfreezed; $body = ''; } } else { // Show unfreeze form // kazuwaya $msg =& $_title_unfreeze; $s_page = htmlspecialchars($page); $body = $pass === NULL ? '' : "<p><strong>{$_msg_invalidpass}</strong></p>\n"; $body .= <<<EOD <p>{$_msg_unfreezing}</p> <form action="{$script}" method="post"> <p> <input type="hidden" name="cmd" value="unfreeze" /> <input type="hidden" name="page" value="{$s_page}" /> <input type="password" name="pass" size="12" /> <input type="submit" name="ok" value="{$_btn_unfreeze}" /> </p> </form> EOD; } } return array('msg' => $msg, 'body' => $body); }
function plugin_filelist_action() { global $vars; if (!Auth::check_role('role_contents_admin')) { return do_plugin_action('list'); } if (!isset($vars['pass'])) { return filelist_adm(''); } if (!pkwk_login($vars['pass'])) { return filelist_adm('__nopass__'); } return do_plugin_action('list'); }
function plugin_freeze_action() { global $script, $vars, $function_freeze; $_title_isfreezed = _(' $1 has already been frozen'); $_title_freezed = _(' $1 has been frozen.'); $_title_freeze = _('Freeze $1'); $_msg_invalidpass = _('Invalid password.'); $_msg_freezing = _('Please input the password for freezing.'); $_btn_freeze = _('Freeze'); $page = isset($vars['page']) ? $vars['page'] : ''; if (!$function_freeze || is_cantedit($page) || !is_page($page)) { return array('msg' => '', 'body' => ''); } $pass = isset($vars['pass']) ? $vars['pass'] : NULL; $msg = $body = ''; if (is_freeze($page)) { // Freezed already $msg =& $_title_isfreezed; $body = str_replace('$1', htmlspecialchars(strip_bracket($page)), $_title_isfreezed); } else { if (!auth::check_role('role_adm_contents') || $pass !== NULL && pkwk_login($pass)) { // Freeze $postdata = get_source($page); array_unshift($postdata, "#freeze\n"); file_write(DATA_DIR, $page, join('', $postdata), TRUE); // Update is_freeze($page, TRUE); $vars['cmd'] = 'read'; $msg =& $_title_freezed; $body = ''; } else { // Show a freeze form $msg =& $_title_freeze; $s_page = htmlspecialchars($page); $body = $pass === NULL ? '' : "<p><strong>{$_msg_invalidpass}</strong></p>\n"; $body .= <<<EOD <p>{$_msg_freezing}</p> <form action="{$script}" method="post"> <div> <input type="hidden" name="cmd" value="freeze" /> <input type="hidden" name="page" value="{$s_page}" /> <input type="password" name="pass" size="12" /> <input type="submit" name="ok" value="{$_btn_freeze}" /> </div> </form> EOD; } } return array('msg' => $msg, 'body' => $body); }
function plugin_freeze_action() { global $script, $vars, $function_freeze; global $_title_isfreezed, $_title_freezed, $_title_freeze; global $_msg_invalidpass, $_msg_freezing, $_btn_freeze; $qt = get_qt(); //キャッシュしない $qt->enable_cache = false; $page = isset($vars['page']) ? $vars['page'] : ''; if (!$function_freeze || !is_page($page)) { return array('msg' => '', 'body' => ''); } $pass = isset($vars['pass']) ? $vars['pass'] : NULL; $msg = $body = ''; if (is_freeze($page)) { // Freezed already $msg =& $_title_isfreezed; $body = str_replace('$1', htmlspecialchars(strip_bracket($page)), $_title_isfreezed); } else { if ($pass !== NULL && pkwk_login($pass)) { // Freeze $postdata = get_source($page); array_unshift($postdata, "#freeze\n"); file_write(DATA_DIR, $page, join('', $postdata), TRUE); // Update is_freeze($page, TRUE); $vars['cmd'] = 'read'; $msg =& $_title_freezed; $body = ''; } else { // Show a freeze form $msg =& $_title_freeze; $s_page = htmlspecialchars($page); $body = $pass === NULL ? '' : "<p><strong>{$_msg_invalidpass}</strong></p>\n"; $body .= <<<EOD <p>{$_msg_freezing}</p> <form action="{$script}" method="post"> <div> <input type="hidden" name="cmd" value="freeze" /> <input type="hidden" name="page" value="{$s_page}" /> <input type="password" name="pass" size="12" /> <input type="submit" name="ok" value="{$_btn_freeze}" /> </div> </form> EOD; } } return array('msg' => $msg, 'body' => $body); }
function plugin_dump2_action() { global $style_name, $script; $qm = get_qm(); $style_name = '..'; $back_url = '<p><a href="' . $script . '">' . $qm->m['frontpage'] . '</a> > <a href="' . $script . '?cmd=qhmsetting">' . $qm->m['preferences'] . '</a> > here</p>'; $editable = ss_admin_check(); if (!$editable) { return array('msg' => $qm->m['plg_dump']['title'], 'body' => $qm->m['fmt_err_page_only_for_admin']); } global $vars; if (PKWK_READONLY) { die_message($qm->m['fmt_err_pkwk_readonly']); } $pass = isset($_POST['pass']) ? $_POST['pass'] : NULL; $act = isset($vars['act']) ? $vars['act'] : NULL; $body = ''; if ($pass !== NULL) { if (!pkwk_login($pass)) { $body = "<p><strong>{$qm->m['fmt_msg_invalidpass']}</strong></p>\n"; } else { switch ($act) { case PLUGIN_DUMP_DUMP: $body = plugin_dump2_download(); break; case PLUGIN_DUMP_RESTORE: $retcode = plugin_dump2_upload(); $msg = $retcode['code'] ? $qm->m['plg_dump']['restore_success'] : $qm->m['plg_dump']['restore_failed']; $body .= $retcode['msg']; return array('msg' => $msg, 'body' => $back_url . $body); break; case PLUGIN_DUMP_FULL: $body = plugin_dump2_download_full(); break; } } } // 入力フォームを表示 $body .= plugin_dump2_disp_form(); $msg = ''; if (PLUGIN_DUMP_ALLOW_RESTORE) { $msg = $qm->m['plg_dump']['title_bk_rstr']; } else { $msg = $qm->m['plg_dump']['title_bk']; } return array('msg' => $msg, 'body' => $back_url . $body); }
function plugin_replace_action() { global $post, $cycle, $cantedit; $pass = isset($post['pass']) ? $post['pass'] : '******'; $search = isset($post['search']) ? $post['search'] : NULL; $replace = isset($post['replace']) ? $post['replace'] : NULL; $notimestamp = isset($post['notimestamp']) ? TRUE : FALSE; if ($search != '' && !auth::check_role('role_adm_contents')) { return replace_do($search, $replace, $notimestamp); } // パスワードと検索文字列がないと置換はできない。 if ($search == '' || !pkwk_login($pass) || $pass == 'pass') { $vars['cmd'] = 'read'; return replace_adm($pass, $search); } return replace_do($search, $replace, $notimestamp); }
function plugin_list_action() { global $vars; // global $_title_list,$_title_filelist; $_title_list = _('List of pages'); $_title_filelist = _('List of page files'); // Redirected from filelist plugin? $filelist = isset($vars['cmd']) && $vars['cmd'] == 'filelist'; if ($filelist) { if (!auth::check_role('role_adm_contents')) { $filelist = TRUE; } else { if (!pkwk_login($vars['pass'])) { $filelist = FALSE; } } } $listcmd = isset($vars['listcmd']) ? $vars['listcmd'] : 'read'; return array('msg' => $filelist ? $_title_filelist : $_title_list, 'body' => plugin_list_getlist($filelist, $listcmd)); }
function plugin_revert_action() { global $vars, $post, $_revert_messages, $_msg_preview; $pass = isset($post['pass']) ? $post['pass'] : FALSE; $page = isset($vars['page']) ? $vars['page'] : ''; $age = isset($vars['age']) ? $vars['age'] : ''; if ($page === '') { return; } if (PLUGIN_REVERT_USE_ADMIN_ONLY && $pass === FALSE) { return array('msg' => 'revert plugin', 'body' => plugin_revert_auth($page, $age)); } if (PLUGIN_REVERT_USE_ADMIN_ONLY && !pkwk_login($pass)) { return array('msg' => 'revert plugin', 'body' => $_revert_messages['invalidpass']); } if ($age) { // get_backup($page, $age)の形式だと最後の世代だけ取得できず全世代取得になる $backups = get_backup($page); if (empty($backups[$age]['data'])) { return array('msg' => 'revert plugin', 'body' => 'Backup file not found.'); } $revertdata = $backups[$age]['data']; unset($backups); } else { $filename = DIFF_DIR . encode($page) . '.txt'; if (!file_exists($filename)) { return array('msg' => 'revert plugin', 'body' => 'Diff file not found.'); } $revertdata = array(); foreach (file($filename) as $line) { if ($line[0] !== '+') { $revertdata[] = substr($line, 1); } } } $vars['preview'] = $post['preview'] = 1; $vars['msg'] = $post['msg'] = join('', $revertdata); $vars['digest'] = $post['digest'] = is_page($page) ? md5(join('', get_source($page))) : FALSE; $_msg_preview = $_revert_messages['caution'] . "<br />\n" . $_msg_preview; return do_plugin_action('edit'); }
function plugin_dump_action() { global $vars; if (PKWK_READONLY) { die_message('PKWK_READONLY prohibits this'); } $pass = isset($_POST['pass']) ? $_POST['pass'] : null; $act = isset($vars['act']) ? $vars['act'] : null; $body = ''; if ($pass !== null) { if (!pkwk_login($pass)) { $body = "<p><strong>パスワードが違います。</strong></p>\n"; } else { switch ($act) { case PLUGIN_DUMP_DUMP: $body = plugin_dump_download(); break; case PLUGIN_DUMP_RESTORE: $retcode = plugin_dump_upload(); if ($retcode['code'] == true) { $msg = 'アップロードが完了しました'; } else { $msg = 'アップロードに失敗しました'; } $body .= $retcode['msg']; return array('msg' => $msg, 'body' => $body); break; } } } // 入力フォームを表示 $body .= plugin_dump_disp_form(); $msg = ''; if (PLUGIN_DUMP_ALLOW_RESTORE) { $msg = 'dump & restore'; } else { $msg = 'dump'; } return array('msg' => $msg, 'body' => $body); }
function plugin_update_entities_action() { global $script, $vars; global $_entities_messages; // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits this'); if (auth::check_role('readonly')) { die_message('PKWK_READONLY prohibits this'); } $msg = $body = ''; $admin_pass = empty($vars['adminpass']) ? '' : $vars['adminpass']; if (isset($vars['menu']) && (!auth::check_role('role_adm_contents') || pkwk_login($admin_pass))) { set_time_limit(0); plugin_update_entities_create(TRUE); $msg =& $_entities_messages['title_update']; $body =& $_entities_messages['msg_done']; return array('msg' => $msg, 'body' => $body); } $msg =& $_entities_messages['title_update']; $items = plugin_update_entities_create(); $body = convert_html(sprintf($_entities_messages['msg_usage1'], join("\n" . '-', $items))); $body .= <<<EOD <form method="post" action="{$script}"> <div> <input type="hidden" name="plugin" value="update_entities" /> <input type="hidden" name="menu" value="1" /> EOD; if (auth::check_role('role_adm_contents')) { $body .= convert_html(sprintf($_entities_messages['msg_usage2'])); $body .= <<<EOD <label for="_p_update_entities_adminpass">{$_entities_messages['msg_adminpass']}</label> <input type="password" name="adminpass" id="_p_update_entities_adminpass" size="20" value="" /> EOD; } $body .= <<<EOD <input type="submit" value="{$_entities_messages['btn_submit']}" /> </div> </form> EOD; return array('msg' => $msg, 'body' => $body); }
function plugin_links_action() { global $script, $post, $vars, $foot_explain; global $_links_messages; // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits this'); if (auth::check_role('readonly')) { die_message(_("PKWK_READONLY prohibits this")); } $admin_pass = empty($post['adminpass']) ? '' : $post['adminpass']; if (isset($vars['menu']) && (!auth::check_role('role_adm_contents') || pkwk_login($admin_pass))) { set_time_limit(0); links_init(); $foot_explain = array(); // Exhaust footnotes $msg =& $_links_messages['title_update']; $body =& $_links_messages['msg_done']; return array('msg' => $msg, 'body' => $body); } $msg =& $_links_messages['title_update']; $body = convert_html(sprintf($_links_messages['msg_usage1'])); $body .= <<<EOD <form method="post" action="{$script}"> <div> <input type="hidden" name="plugin" value="links" /> <input type="hidden" name="menu" value="1" /> EOD; if (auth::check_role('role_adm_contents')) { $body .= convert_html(sprintf($_links_messages['msg_usage2'])); $body .= <<<EOD <label for="_p_links_adminpass">{$_links_messages['msg_adminpass']}</label> <input type="password" name="adminpass" id="_p_links_adminpass" size="20" value="" /> EOD; } $body .= <<<EOD <input type="submit" value="{$_links_messages['btn_submit']}" /> </div> </form> EOD; return array('msg' => $msg, 'body' => $body); }
function plugin_diff_delete($page) { global $script, $vars; global $_title_diff_delete, $_msg_diff_deleted; global $_msg_diff_adminpass, $_btn_delete, $_msg_invalidpass; $filename = DIFF_DIR . encode($page) . '.txt'; $body = ''; if (!is_pagename($page)) { $body = 'Invalid page name'; } if (!file_exists($filename)) { $body = make_pagelink($page) . '\'s diff seems not found'; } if ($body) { return array('msg' => $_title_diff_delete, 'body' => $body); } if (isset($vars['pass'])) { if (pkwk_login($vars['pass'])) { unlink($filename); return array('msg' => $_title_diff_delete, 'body' => str_replace('$1', make_pagelink($page), $_msg_diff_deleted)); } else { $body .= '<p><strong>' . $_msg_invalidpass . '</strong></p>' . "\n"; } } $s_page = htmlsc($page); $body .= <<<EOD <p>{$_msg_diff_adminpass}</p> <form action="{$script}" method="post"> <div> <input type="hidden" name="cmd" value="diff" /> <input type="hidden" name="page" value="{$s_page}" /> <input type="hidden" name="action" value="delete" /> <input type="password" name="pass" size="12" /> <input type="submit" name="ok" value="{$_btn_delete}" /> </div> </form> EOD; return array('msg' => $_title_diff_delete, 'body' => $body); }
function plugin_backup_delete($page) { global $vars, $layout_pages; $is_layout = FALSE; if (isset($layout_pages) && isset($layout_pages[$page])) { $is_layout = TRUE; } $qm = get_qm(); if (!_backup_file_exists($page)) { return array('msg' => $qm->m['plg_backup']['title_pagebackuplist'], 'body' => plugin_backup_get_list($page)); } // Say "is not found" $body = ''; if (isset($vars['pass'])) { if (pkwk_login($vars['pass'])) { _backup_delete($page); $pagelink = $is_layout ? h($layout_pages[$page]) : make_pagelink($page); $addlink = $is_layout ? "\n" . '<p><a href="' . h($script) . '?cmd=edit&page=' . rawurlencode($page) . '">戻る</a></p>' : ''; return array('msg' => $is_layout ? h($layout_pages[$page]) . ' のバックアップを削除' : $qm->m['plg_backup']['title_backup_delete'], 'body' => str_replace('$1', $pagelink, $qm->m['plg_backup']['backup_deleted']) . $addlink); } else { $body = '<p><strong>' . $qm->m['fmt_err_invalidpass'] . '</strong></p>' . "\n"; } } $script = get_script_uri(); $s_page = htmlspecialchars($page); $body .= <<<EOD <p>{$qm->m['plg_backup']['backup_adminpass']}</p> <form action="{$script}" method="post"> <div> <input type="hidden" name="cmd" value="backup" /> <input type="hidden" name="page" value="{$s_page}" /> <input type="hidden" name="action" value="delete" /> <input type="password" name="pass" size="12" /> <input type="submit" name="ok" value="{$qm->m['fmt_btn_delete']}" /> </div> </form> EOD; $title = $is_layout ? h($layout_pages[$page]) . ' のバックアップを削除' : $qm->m['plg_backup']['title_backup_delete']; return array('msg' => $title, 'body' => $body); }
function plugin_convert_haik_action() { global $vars, $script; if (!ss_admin_check()) { redirect($script, '管理者以外利用できません。'); } if (!file_exists('haik-contents') or !is_dir('haik-contents')) { redirect($script, 'この機能はご利用いただけません。'); } //確認画面 if (!isset($vars['adminpass']) or !pkwk_login($vars['adminpass'])) { $msg = 'haik データ移行'; $info = plugin_convert_haik_get_info(); $warning = plugin_convert_haik_get_warning(); $danger = ''; if (isset($vars['adminpass'])) { $danger = <<<EOD <div class="alert alert-danger"> 管理者パスワードが正しくありません。 </div> EOD; } $body = <<<EOD <h2>{$msg}</h2> <p> haik のデータを QHM で動作するように変換します。<br> 実行すると、<strong>現在のデータに対して</strong>上書きされます。 よろしければ、<strong>開始</strong>ボタンを押して実行してください。 </p> {$warning} {$danger} <form action="{$script}?cmd=convert_haik" method="post" class="form-inline"> <div class="form-group"> <label>管理者パスワード</label> <input type="password" name="adminpass" class="form-control"> </div> <button type="submit" class="qhm-btn qhm-btn-primary">開始</button> </form> <hr> <h3>移行情報</h3> {$info} EOD; return array('msg' => $msg, 'body' => $body); } // タイムスタンプを記録する plugin_convert_haik_write_log(date('Y-m-d H:i:s') . ' haik からのデータ移行開始' . "\n"); //1.haik-contents/config/haik.ini.php を適宜 qhm.ini.php へ移植 plugin_convert_haik_move_inifile(); //2.haik-contents/upload/* を swfu/d/ へ移動し、ファイルチェックを行う plugin_convert_haik_move_uploadfile(); //3.haik-contents/wiki/*.txt を wiki/ へコピーする plugin_convert_haik_move_wiki(); //4.haik と qhm で名前が異なるプラグインを変換する plugin_convert_haik_replace_plugin(); //5.haik-contents/meta/*.php を解釈して書式をソースへ追加する plugin_convert_haik_set_meta(); plugin_convert_haik_write_log(''); $log_text = file_get_contents(CACHE_DIR . 'convert_haik.log'); $url = dirname($script . "dummy") . '/swfu/check.php'; $body = <<<EOD <h2>移行が完了しました</h2> <p> <a href="{$script}" class="qhm-btn qhm-btn-info">トップへ戻る</a> </p> <div class="alert alert-warning"> haik と QHM で対応するプラグインが無い場合、変換が行われていないため、手動での削除、修正をお願いいたします。 <pre>* download プラグイン * mc_form プラグイン * form プラグイン * goo_gl プラグイン * scrollup プラグイン</pre> </div> <div class="alert alert-warning"> icon プラグインは IcoMoon から <a href="http://getbootstrap.com/components/#glyphicons" title="Bootstrap glyphicons" target="_blank">glyphicon</a>, <a href="http://fortawesome.github.io/Font-Awesome/cheatsheet/" title="FontAwesome Cheatsheat" target="_blank">font-awesome</a> に変更されました。<br> 指定したアイコン名によっては表示されなくなる場合があります。 </div> <hr> <h3>移行ログ</h3> <div style="height:300px;overflow-y:scroll"> <pre>{$log_text}</pre> </div> EOD; $body .= '<iframe src="' . $url . '" width="0" height="0"></iframe>'; return array('msg' => 'complete', 'body' => $body); }
function plugin_edit_write() { global $vars, $trackback, $_string, $_msg_edit; global $notimeupdate; $page = isset($vars['page']) ? $vars['page'] : null; $add = isset($vars['add']) ? $vars['add'] : null; $digest = isset($vars['digest']) ? $vars['digest'] : null; $partid = isset($vars['id']) ? $vars['id'] : null; $notimestamp = isset($vars['notimestamp']) && $vars['notimestamp'] !== null; if (empty($page)) { return array('mgs' => 'Error', 'body' => $_msg_edit['err_empty_page']); } $wiki = Factory::Wiki($page); // Check Validate and Ticket if ($notimestamp && !$wiki->isValied()) { return plugin_edit_honeypot(); } // Validate if (is_spampost(array('msg'))) { return plugin_edit_honeypot(); } // Paragraph edit mode if ($partid) { $source = preg_split('/([^\\n]*\\n)/', $vars['original'], -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE); $vars['msg'] = plugin_edit_parts($partid, $source, $vars['msg']) !== FALSE ? join('', $source) : rtrim($vars['original']) . "\n\n" . $vars['msg']; } $retvars = array(); if (isset($vars['msg']) && !empty($vars['msg'])) { // Delete "#freeze" command for form edit. $vars['msg'] = preg_replace('/^#freeze\\s*$/im', '', $vars['msg']); $msg = $vars['msg']; // Reference // Action? if ($add) { // Compat: add plugin and adding contents $postdata = isset($vars['add_top']) && $vars['add_top'] ? $msg . "\n\n" . $oldpagesrc : $oldpagesrc . "\n\n" . $msg; } else { // Edit or Remove $postdata =& $msg; } } else { // CAPTCHAが有効なときで、ページを削除しようとした時、$vars['msg']は空になる。 $wiki->set(''); $retvars['msg'] = sprintf($_msg_edit['title_deleted'], Utility::htmlsc($page)); $retvars['body'] = '<p class="alert alert-success">' . sprintf($_msg_edit['title_deleted'], Utility::htmlsc($page)) . '</p>'; return $retvars; } // $notimeupdate: Checkbox 'Do not change timestamp' // $notimestamp = isset($vars['notimestamp']) && $vars['notimestamp'] != ''; // if ($notimeupdate > 1 && $notimestamp && ! pkwk_login($vars['pass'])) { if ($notimeupdate > 1 && $notimestamp && Auth::check_role('role_contents_admin') && !pkwk_login($vars['pass'])) { // Enable only administrator & password error $retvars['body'] = '<p class="alert alert-danger">' . $_msg_edit['msg_invalidpass'] . '</p>' . "\n"; $retvars['body'] .= Utility::editForm($page, $msg, FALSE); return $retvars; } $wiki->set($postdata, $notimeupdate !== 0 && $notimestamp); if (isset($vars['refpage']) && $vars['refpage'] !== '') { $refwiki = Factory::Wiki($vars['refpage']); $url = $partid ? $refwiki->uri('read', null, rawurlencode($partid)) : $refwiki->uri(); } else { $url = $partid ? $wiki->uri('read', null, rawurlencode($partid)) : $wiki->uri(); } if (isset($vars['ajax'])) { $headers = Header::getHeaders('application/json'); Header::writeResponse($headers, 200, Json::encode(array('msg' => 'Your post has been saved.', 'posted' => true, 'taketime' => Time::getTakeTime()))); } else { Utility::redirect($url); } exit; }
function plugin_rename_phase3($pages) { global $_rename_messages, $vars; $msg = $input = ''; $files = plugin_rename_get_files($pages); $exists = array(); foreach ($files as $_page => $arr) { foreach ($arr as $old => $new) { if (file_exists($new)) { $exists[$_page][$old] = $new; } } } if (isset($vars['menu']) && !Auth::check_role('role_contents_admin')) { return plugin_rename_phase4($pages, $files, $exists); } $pass = plugin_rename_getvar('pass'); if ($pass != '' && pkwk_login($pass)) { return plugin_rename_phase4($pages, $files, $exists); } else { if ($pass != '') { $msg = plugin_rename_err('adminpass'); } } $method = plugin_rename_getvar('method'); if ($method == 'regex') { $s_src = htmlsc(plugin_rename_getvar('src')); $s_dst = htmlsc(plugin_rename_getvar('dst')); $msg .= $_rename_messages['msg_regex'] . '<br />'; $input .= '<input type="hidden" name="method" value="regex" />'; $input .= '<input type="hidden" name="src" value="' . $s_src . '" />'; $input .= '<input type="hidden" name="dst" value="' . $s_dst . '" />'; } else { $s_refer = htmlsc(plugin_rename_getvar('refer')); $s_page = htmlsc(plugin_rename_getvar('page')); $s_related = htmlsc(plugin_rename_getvar('related')); $msg .= $_rename_messages['msg_page'] . '<br />'; $input .= '<input type="hidden" name="method" value="page" />'; $input .= '<input type="hidden" name="refer" value="' . $s_refer . '" />'; $input .= '<input type="hidden" name="page" value="' . $s_page . '" />'; $input .= '<input type="hidden" name="related" value="' . $s_related . '" />'; } if (!empty($exists)) { $msg .= $_rename_messages['err_already_below'] . '<ul>'; foreach ($exists as $page => $arr) { $msg .= '<li>' . make_pagelink(decode($page)); $msg .= $_rename_messages['msg_arrow']; $msg .= htmlsc(decode($pages[$page])); if (!empty($arr)) { $msg .= '<ul>' . "\n"; foreach ($arr as $ofile => $nfile) { $msg .= '<li>' . $ofile . $_rename_messages['msg_arrow'] . $nfile . '</li>' . "\n"; } $msg .= '</ul>'; } $msg .= '</li>' . "\n"; } $msg .= '</ul><hr />' . "\n"; $input .= '<input type="radio" name="exist" value="0" checked="checked" />' . $_rename_messages['msg_exist_none'] . '<br />' . "\n"; $input .= '<input type="radio" name="exist" value="1" />' . $_rename_messages['msg_exist_overwrite'] . '<br />' . "\n"; } $ret = array(); $auth = ''; if (Auth::check_role('role_contents_admin')) { $auth = <<<EOD <div class="form-group"> <label for="_p_rename_adminpass">{$_rename_messages['msg_adminpass']}</label> <input type="password" name="pass" id="_p_rename_adminpass" value="" class="form-control" /> </div> EOD; } $ret['msg'] = $_rename_messages['msg_title']; $script = get_script_uri(); $ret['body'] = <<<EOD {$msg} \t<form action="{$script}" method="post" class="plugin-rename-form"> \t\t<input type="hidden" name="cmd" value="rename" /> \t\t<input type="hidden" name="menu" value="1" /> \t\t{$input} \t\t{$auth} \t\t<input type="submit" class="btn btn-warning" value="{$_rename_messages['btn_submit']}" /> \t</form> \t<p>{$_rename_messages['msg_confirm']}</p> EOD; ksort($pages, SORT_STRING); $ret['body'] .= '<ul>' . "\n"; foreach ($pages as $old => $new) { $ret['body'] .= '<li>' . make_pagelink(decode($old)) . $_rename_messages['msg_arrow'] . Utility::htmlsc(Utility::decode($new)) . '</li>' . "\n"; } $ret['body'] .= '</ul>' . "\n"; return $ret; }
function plugin_mceedit_write() { global $vars, $trackback; global $notimeupdate; // global $_title_collided, $_msg_collided_auto, $_msg_collided, $_title_deleted; // global $_msg_invalidpass; $page = isset($vars['page']) ? $vars['page'] : ''; $retvars = array(); // 手書きの#freezeを削除 $vars['msg'] = preg_replace('/^#freeze\\s*$/im', '', $vars['msg']); $vars['msg'] = $vars['before'] . "\n#html{{\n" . $vars['msg'] . "\n}}\n"; //TinyMCE $postdata = $postdata_input = $vars['msg']; if (isset($vars['add']) && $vars['add']) { if (isset($vars['add_top']) && $vars['add_top']) { $postdata = $postdata . "\n\n" . @join('', get_source($page)); } else { $postdata = @join('', get_source($page)) . "\n\n" . $postdata; } } else { if (isset($vars['id']) && $vars['id']) { $source = preg_split('/([^\\n]*\\n)/', $vars['original'], -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE); if (plugin_mceedit_parts($vars['id'], $source, $vars['msg']) !== FALSE) { $postdata = $postdata_input = join('', $source); } else { // $post['msg']だけがページに書き込まれてしまうのを防ぐ。 $postdata = $postdata_input = rtrim($vars['original']) . "\n\n" . $vars['msg']; } } } $oldpagesrc = join('', get_source($page)); $oldpagemd5 = md5($oldpagesrc); if (!isset($vars['digest']) || $vars['digest'] != $oldpagemd5) { $vars['digest'] = $oldpagemd5; $retvars['msg'] = _('On updating $1, a collision has occurred.'); list($postdata_input, $auto) = do_update_diff($oldpagesrc, $postdata_input, $vars['original']); $_msg_collided_auto = _('It seems that someone has already updated this page while you were editing it.<br />') . _('The collision has been corrected automatically, but there may still be some problems with the page.<br />') . _('To confirm the changes to the page, press [Update].<br />'); $_msg_collided = _('It seems that someone has already updated this page while you were editing it.<br />') . _(' + is placed at the beginning of a line that was newly added.<br />') . _(' ! is placed at the beginning of a line that has possibly been updated.<br />') . _(' Edit those lines, and submit again.'); $_msg_invalidpass = _('Invalid password.'); $retvars['body'] = ($auto ? $_msg_collided_auto : $_msg_collided) . "\n"; if (TRUE) { global $do_update_diff_table; $retvars['body'] .= $do_update_diff_table; } unset($vars['id']); // 更新が衝突したら全文編集に切り替え $retvars['body'] .= plugin_mceedit_edit_form($page, $postdata_input, $oldpagemd5, FALSE); } else { if ($postdata) { $notimestamp = $notimeupdate != 0 && (isset($vars['notimestamp']) && $vars['notimestamp'] != ''); // if($notimestamp && ($notimeupdate == 2) && !pkwk_login($vars['pass'])) { if ($notimestamp && $notimeupdate == 2 && auth::check_role('role_adm_contents') && !pkwk_login($vars['pass'])) { // enable only administrator & password error $retvars['body'] = "<p><strong>{$_msg_invalidpass}</strong></p>\n"; $retvars['body'] .= plugin_mceedit_edit_form($page, $vars['msg'], $vars['digest'], FALSE); } else { page_write($page, $postdata, $notimestamp); pkwk_headers_sent(); if ($vars['refpage'] != '') { if ($vars['id'] != '') { header('Location: ' . get_script_uri() . '?' . rawurlencode($vars['refpage'])) . '#' . rawurlencode($vars['id']); } else { header('Location: ' . get_script_uri() . '?' . rawurlencode($vars['refpage'])); } } else { if ($vars['id'] != '') { header('Location: ' . get_script_uri() . '?' . rawurlencode($page)) . '#' . rawurlencode($vars['id']); } else { header('Location: ' . get_script_uri() . '?' . rawurlencode($page)); } } exit; } } else { $_title_deleted = _(' $1 was deleted'); page_write($page, $postdata); $retvars['msg'] = $_title_deleted; $retvars['body'] = str_replace('$1', htmlspecialchars($page), $_title_deleted); if ($trackback) { tb_delete($page); } } } return $retvars; }
function plugin_backup_delete($page) { global $vars, $script; // global $_title_backup_delete, $_title_pagebackuplist, $_msg_backup_deleted; // global $_msg_backup_adminpass, $_btn_delete, $_msg_invalidpass; $_title_backup_delete = _('Deleting backup of $1'); $_title_pagebackuplist = _('Backup list of $1'); $_title_backuplist = _('Backup list'); $_msg_backup_deleted = _('Backup of $1 has been deleted.'); $_msg_backup_adminpass = _('Please input the password for deleting.'); $_btn_delete = _('Delete'); $_msg_invalidpass = _('Invalid password.'); if (!_backup_file_exists($page)) { return array('msg' => $_title_pagebackuplist, 'body' => plugin_backup_get_list($page)); } // Say "is not found" $body = ''; if (!auth::check_role('role_adm_contents')) { _backup_delete($page); return array('msg' => $_title_backup_delete, 'body' => str_replace('$1', make_pagelink($page), $_msg_backup_deleted)); } if (isset($vars['pass'])) { if (pkwk_login($vars['pass'])) { _backup_delete($page); return array('msg' => $_title_backup_delete, 'body' => str_replace('$1', make_pagelink($page), $_msg_backup_deleted)); } else { $body = '<p><strong>' . $_msg_invalidpass . '</strong></p>' . "\n"; } } $s_page = htmlspecialchars($page); $body .= <<<EOD <p>{$_msg_backup_adminpass}</p> <form action="{$script}" method="post"> <div> <input type="hidden" name="cmd" value="backup" /> <input type="hidden" name="page" value="{$s_page}" /> <input type="hidden" name="action" value="delete" /> <input type="password" name="pass" size="12" /> <input type="submit" name="ok" value="{$_btn_delete}" /> </div> </form> EOD; return array('msg' => $_title_backup_delete, 'body' => $body); }
/** * PukiWiki admin login with session * * PukiWiki API Extension * * @param string $pass Password. Use NULL when to get current session state. * @param boolean $use_session Use Session log * @param boolean $use_authlog Use Auth log. * Username 'admin' is deemed to be Admin in PukiWiki Official. * PukiWiki Plus! has role management, roles ROLE_ADM and ROLE_ADM_CONTENTS are deemed to be Admin. * @return boolean */ function is_admin($pass = NULL, $use_session = FALSE, $use_authlog = FALSE) { $is_admin = FALSE; if (!$is_admin) { if ($use_session) { session_start(); $is_admin = isset($_SESSION['pkwk_is_admin']) && $_SESSION['pkwk_is_admin']; } } // BasicAuth (etc) login if (!$is_admin) { if ($use_authlog) { if (is_callable(array('auth', 'check_role'))) { // Plus! $is_admin = !auth::check_role('role_adm_contents'); } else { $is_admin = isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_USER'] === 'admin'; } } } // PukiWiki Admin login if (!$is_admin) { if (isset($pass)) { $is_admin = function_exists('pkwk_login') ? pkwk_login($pass) : md5($pass) === $GLOBALS['adminpass']; // 1.4.3 } } if ($use_session) { session_start(); if ($is_admin) { $_SESSION['pkwk_is_admin'] = TRUE; } } else { global $vars; $vars['pkwk_is_admin'] = $is_admin; } return $is_admin; }
function plugin_rename_phase3($pages) { global $script; $qm = get_qm(); $msg = $input = ''; $files = plugin_rename_get_files($pages); $exists = array(); foreach ($files as $_page => $arr) { foreach ($arr as $old => $new) { if (file_exists($new)) { $exists[$_page][$old] = $new; } } } $pass = plugin_rename_getvar('pass'); if ($pass != '' && pkwk_login($pass)) { return plugin_rename_proceed($pages, $files, $exists); } else { if ($pass != '') { $msg = plugin_rename_err('adminpass'); } } $method = plugin_rename_getvar('method'); if ($method == 'regex') { $s_src = htmlspecialchars(plugin_rename_getvar('src')); $s_dst = htmlspecialchars(plugin_rename_getvar('dst')); $msg .= $qm->m['plg_rename']['regex'] . '<br />'; $input .= '<input type="hidden" name="method" value="regex" />'; $input .= '<input type="hidden" name="src" value="' . $s_src . '" />'; $input .= '<input type="hidden" name="dst" value="' . $s_dst . '" />'; } else { $s_refer = htmlspecialchars(plugin_rename_getvar('refer')); $s_page = htmlspecialchars(plugin_rename_getvar('page')); $s_related = htmlspecialchars(plugin_rename_getvar('related')); $msg .= $qm->m['plg_rename']['page'] . '<br />'; $input .= '<input type="hidden" name="method" value="page" />'; $input .= '<input type="hidden" name="refer" value="' . $s_refer . '" />'; $input .= '<input type="hidden" name="page" value="' . $s_page . '" />'; $input .= '<input type="hidden" name="related" value="' . $s_related . '" />'; } if (!empty($exists)) { $msg .= $qm->m['plg_rename']['err_already_below'] . '<ul>'; foreach ($exists as $page => $arr) { $msg .= '<li>' . make_pagelink(decode($page)); $msg .= $qm->m['plg_rename']['arrow']; $msg .= htmlspecialchars(decode($pages[$page])); if (!empty($arr)) { $msg .= '<ul>' . "\n"; foreach ($arr as $ofile => $nfile) { $msg .= '<li>' . $ofile . $qm->m['plg_rename']['arrow'] . $nfile . '</li>' . "\n"; } $msg .= '</ul>'; } $msg .= '</li>' . "\n"; } $msg .= '</ul><hr />' . "\n"; $input .= '<input type="radio" name="exist" value="0" checked="checked" />' . $qm->m['plg_rename']['exist_none'] . '<br />'; $input .= '<input type="radio" name="exist" value="1" />' . $qm->m['plg_rename']['exist_overwrite'] . '<br />'; } $ret = array(); $ret['msg'] = $qm->m['plg_rename']['title']; $ret['body'] = <<<EOD <p>{$msg}</p> <form action="{$script}" method="post"> <div> <input type="hidden" name="plugin" value="rename" /> {$input} <label for="_p_rename_adminpass">{$qm->m['plg_rename']['adminpass']}</label> <input type="password" name="pass" id="_p_rename_adminpass" value="" /> <input type="submit" value="{$qm->m['plg_rename']['btn_submit']}" /> </div> </form> <p>{$qm->m['plg_rename']['confirm']}</p> EOD; ksort($pages); $ret['body'] .= '<ul>' . "\n"; foreach ($pages as $old => $new) { $ret['body'] .= '<li>' . make_pagelink(decode($old)) . $qm->m['plg_rename']['arrow'] . htmlspecialchars(decode($new)) . '</li>' . "\n"; } $ret['body'] .= '</ul>' . "\n"; return $ret; }
function plugin_update_tinycode_action() { global $script, $vars, $defaultpage; global $username; $qm = get_qm(); //check admin, setting if ($username != $_SESSION['usr'] && $vars['phase'] != 'user2' && $vars['phase'] != 'script' && $vars['phase'] != 'sssavepath') { return array('msg' => $qm->m['plg_update_tinycode']['title_err_auth'], 'body' => $qm->m['plg_update_tinycode']['err_auth']); } if (PKWK_READONLY) { die_message($qm->m['fmt_err_pkwk_readonly']); } // テンプレート指定 $tinycode_title = $qm->m['plg_update_tinycode']['title']; $body_top = ' * ' . $qm->m['plg_update_tinycode']['title'] . ' #contents '; $body_page = ' ** ' . $qm->m['plg_update_tinycode']['hdr_update'] . ' ' . $qm->m['plg_update_tinycode']['ntc_update'] . ' - ' . $qm->m['plg_update_tinycode']['update_pagename'] . ' %update_tinycode% %update_form% &br; '; $body_list = ' ** ' . $qm->m['plg_update_tinycode']['hdr_list'] . ' [#list] ' . $qm->m['plg_update_tinycode']['ntc_list'] . ' %list_form% '; $body_clean = ' ** ' . $qm->m['plg_update_tinycode']['hdr_clean'] . ' [#clean] ' . $qm->m['plg_update_tinycode']['ntc_clean'] . ' %clean_form% &br; '; $body_reset = ' ** ' . $qm->m['plg_update_tinycode']['hdr_reset'] . ' [#reset] ' . $qm->m['plg_update_tinycode']['ntc_reset'] . ' %reset_form% &br; '; $body_verup = ' ** ' . $qm->m['plg_update_tinycode']['hdr_init'] . ' [#verup] ' . $qm->m['plg_update_tinycode']['ntc_init'] . ' %verup_form% &br; '; $pagename = $vars['page']; $go_tinycode_top = '<p style="text-align:right"><a href="' . $script . '?cmd=update_tinycode' . '">>> ' . $tinycode_title . '</a></p>'; $msg = $body = ''; if (empty($vars['action'])) { if ($pagename != '') { if (!is_page($pagename)) { $btn_name = $qm->m['plg_update_tinycode']['btn_delete']; $btn_action = 'clean'; $deletestyle = ' style="color:red;"'; } else { $btn_name = $qm->m['plg_update_tinycode']['btn_update']; $btn_action = 'update'; } $_go_url = $script . '?go=' . get_tiny_code($pagename); $update_page = '<span' . $deletestyle . '>' . $pagename . '</span>'; $update_tinycode = '<input type="text" value="' . $_go_url . '" readonly="readonly" onclick="this.select();" style="width:400px;" />'; $update_form = ' <form method="POST" action="' . $script . '"> <input type="hidden" name="plugin" value="update_tinycode" /> <input type="hidden" name="action" value="' . $btn_action . '" /> <input type="hidden" name="page" value="' . h($pagename) . '" /> <input type="submit" value="' . $btn_name . '" /> </form> ' . $go_tinycode_top; $body = convert_html($body_top . $body_page); $body = str_replace('%update_page%', $update_page, $body); $body = str_replace('%update_tinycode%', $update_tinycode, $body); $body = str_replace('%update_form%', $update_form, $body); } else { $tiny_table = get_tiny_table(false); $list_form = '<div style="overflow:auto;border:1px solid #dcdcdc;padding:5px 10px;margin-left:auto;margin-right:auto;text-align:justify;width:450px;height:300px">'; if (count($tiny_table) > 0) { $list_form .= '<ul class="list1">'; ksort($tiny_table); foreach ($tiny_table as $pname => $code) { $delstyle = ''; if (!is_page($pname)) { $delstyle = ' style="color:red;"'; } if (!preg_match("/^:[config|RenameLog]|InterWikiName|InterWiki/", $pname)) { $_go_url = $script . '?go=' . get_tiny_code($pname); $list_form .= '<li style="margin-bottom:0.5em;"><a' . $delstyle . ' href="' . $script . '?cmd=update_tinycode&page=' . h($pname) . '">' . h($pname) . '</a><br /><input type="text" value="' . $_go_url . '" readonly="readonly" onclick="this.select();" style="width:400px;" /></li>'; } } $list_form .= '</ul>'; } $list_form .= '</div>'; // クリーニング $clean_form = ' <form method="POST" action="' . $script . '"> <input type="hidden" name="plugin" value="update_tinycode" /> <input type="hidden" name="action" value="clean" /> <input type="submit" name="clean" value="' . $qm->m['plg_update_tinycode']['btn_clean'] . '" /> </form>'; // リセット $reset_form = ' <form method="POST" action="' . $script . '"> <div> <input type="hidden" name="plugin" value="update_tinycode" /> <input type="hidden" name="action" value="reset" /> <label for="_p_update_entities_adminpass">' . $qm->m['adminpass'] . '</label> <input type="password" name="adminpass" id="_p_update_entities_adminpass" size="20" value="" /> <input type="submit" value="' . $qm->m['plg_update_tinycode']['btn_reset'] . '" /> </div> </form> '; $body = convert_html($body_top . $body_list . $body_clean . $body_reset); $body = str_replace('%list_form%', $list_form, $body); $body = str_replace('%clean_form%', $clean_form, $body); $body = str_replace('%reset_form%', $reset_form, $body); } } else { if ($vars['action'] == 'versionup') { // バージョンアップ $verup_form = ' <form method="POST" action="' . $script . '"> <div> <input type="hidden" name="plugin" value="update_tinycode" /> <input type="hidden" name="action" value="reset" /> <label for="_p_update_entities_adminpass">' . $qm->m['adminpass'] . '</label> <input type="password" name="adminpass" id="_p_update_entities_adminpass" size="20" value="" /> <input type="submit" value="' . $qm->m['plg_update_tinycode']['btn_init'] . '" /> </div> </form> '; $body = convert_html($body_top . $body_verup); $body = str_replace('%verup_form%', $verup_form, $body); } else { if ($vars['action'] == 'update') { plugin_update_tinycode_update($pagename); $msg = $tinycode_title; $body = $qm->m['plg_update_tinycode']['updated'] . $go_tinycode_top; } else { if ($vars['action'] == 'clean') { plugin_update_tinycode_clean($pagename); $msg = $tinycode_title; $body = $qm->m['plg_update_tinycode']['updated'] . $go_tinycode_top; } else { if ($vars['action'] == 'reset' && !empty($vars['adminpass']) && pkwk_login($vars['adminpass'])) { plugin_update_tinycode_reset(); $msg = $tinycode_title; $body = $qm->m['plg_update_tinycode']['updated'] . $go_tinycode_top; } else { $msg = $tinycode_title; $body = $qm->m['plg_update_tinycode']['err_invalid_action'] . $go_tinycode_top; } } } } } return array('msg' => $msg, 'body' => $body); }
function plugin_replace_tak_action() { global $script, $post; $pass = isset($post['pass']) ? $post['pass'] : NULL; $prefix = isset($post['prefix']) ? $post['prefix'] : NULL; $search = isset($post['search']) ? $post['search'] : PLUGIN_REPLACE_TAK_SEARCH_DEFAULT; $replace = isset($post['replace']) ? $post['replace'] : NULL; $act = isset($post['act']) ? $post['act'] : NULL; $preserveTimeStamp = array_key_exists('preserveTimeStamp', $post) ? $post['preserveTimeStamp'] : NULL; $changedpages = array(); $body = ''; $replace_real = stripcslashes($replace); $preserveTimeStamp = $preserveTimeStamp != '' ? TRUE : FALSE; $islogin = pkwk_login($pass); // パスワード一致 if ($search != PLUGIN_REPLACE_TAK_SEARCH_DEFAULT && $islogin) { $pages = get_existpages(); if ($prefix != NULL) { $tmppages = array(); foreach ($pages as $page) { if (preg_match($prefix, $page)) { $tmppages[] = $page; } } $pages = $tmppages; } natsort($pages); foreach ($pages as $page) { $postdata = ''; $count = 0; $postdata_old = join('', get_source($page)); // キーワードの置換 $postdata = preg_replace($search, $replace_real, $postdata_old, -1, $count); if ($count > 0) { $changedpages[] = htmlspecialchars($page); if ($act == 'Replace') { set_time_limit(30); page_write($page, $postdata, $preserveTimeStamp); } } } if ($act == 'Replace') { $body = '<p>Completed.</p>'; } } if ($pass !== NULL && !$islogin) { $body .= "<p><strong>Password error.</strong></p>\n"; } $replacebutton = $islogin && count($changedpages) > 0 && ($act == 'Preview' || $act == 'Replace') ? '<input type="submit" name="act" value="Replace" />' : ''; $statTimeStamp = $preserveTimeStamp ? 'checked' : ''; $body .= <<<EOD <p>Please input the keyword and password to replace.</p> <form action="{$script}" method="post"> <div> <input type="hidden" name="plugin" value="replace_tak" /> <p>Page Prefix (option, 'Regular Expression (Perl-Compatible)' needed)<br /> <input type="text" name="prefix" size="60" value="{$prefix}" /> </p> <p>Search word ('Regular Expression (Perl-Compatible)' needed)<br /> <input type="text" name="search" size="60" value="{$search}" /></p> <p>Replace word<br /> <input type="text" name="replace" size="60" value="{$replace}" /> </p> <p>Password<br /> <input type="password" name="pass" size="12" value="{$pass}" /> </p> <p><input type="checkbox" name="preserveTimeStamp" {$statTimeStamp} /> preserve time stamp</p> <p><input type="submit" name="act" value="Preview" /> {$replacebutton}</p> </div> </form> EOD; if ($search != PLUGIN_REPLACE_TAK_SEARCH_DEFAULT) { $body .= "<p>Target: " . count($changedpages) . " page(s).</p>\n"; } if (count($changedpages) > 0) { $body .= "<ul>\n"; foreach ($changedpages as $page) { $body .= '<li>' . make_link($page) . "\n"; } $body .= "</ul>\n"; } return array('msg' => 'Replace with regular expression', 'body' => $body); }
function freeze($freeze, $pass) { global $_attach_messages; if (!pkwk_login($pass)) { return attach_info('err_adminpass'); } $this->getstatus(); $this->status['freeze'] = $freeze; $this->putstatus(); return array('msg' => $_attach_messages[$freeze ? 'msg_freezed' : 'msg_unfreezed']); }
function attach_upload($page, $pass = NULL) { global $_attach_messages, $_string; // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing'); if (Auth::check_role('readonly')) { Utility::dieMessage($_string['error_prohibit']); } $msgs = array(); if (empty($page)) { // 添付先のページが空 return array('result' => FALSE, 'msg' => '#attach: page name is missing.'); } $wiki = Factory::Wiki($page); if (!$wiki->isValied()) { return array('result' => FALSE, 'msg' => $_attach_messages['err_nopage']); } if ($pass !== TRUE) { if (!$wiki->isEditable()) { return array('result' => FALSE, 'msg' => $_attach_messages['err_noparm']); } if (PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY && Auth::check_role('role_contents_admin') && ($pass === NULL || !pkwk_login($pass))) { return array('result' => FALSE, 'msg' => $_attach_messages['err_adminpass']); } } foreach ($_FILES[PLUGIN_ATTACH_FILE_FIELD_NAME]['name'] as $key => $value) { $file = $_FILES[PLUGIN_ATTACH_FILE_FIELD_NAME]['name'][$key]; // 無効な文字が含まれている if (preg_match(PLUGIN_ATTACH_ILLEGAL_CHARS_PATTERN, $file)) { $msgs[$file] = $_string['illegal_chars']; continue; } // 添付ファイルがアップされた時のクエリの長さを取得 $query = Router::get_cmd_uri('attach', '', '', array('refer' => $page, 'pcmd' => 'info', 'file' => $file)); // ファイル名が長すぎる if (PKWK_QUERY_STRING_MAX && strlen($query) > PKWK_QUERY_STRING_MAX) { $msgs[$file] = $_attach_messages['err_too_long']; continue; } // アップロードに失敗 if ($_FILES[PLUGIN_ATTACH_FILE_FIELD_NAME]['error'][$key] !== UPLOAD_ERR_OK) { $msgs[$file] = attach_set_error_message($_FILES[PLUGIN_ATTACH_FILE_FIELD_NAME]['error'][$key]); continue; } // 一時ファイルの生成に失敗 if (empty($_FILES[PLUGIN_ATTACH_FILE_FIELD_NAME]['tmp_name'][$key]) || !is_uploaded_file($_FILES[PLUGIN_ATTACH_FILE_FIELD_NAME]['tmp_name'][$key])) { $msgs[$file] = $_attach_messages['err_upload']; continue; } // サイズが大きすぎる if ($_FILES[PLUGIN_ATTACH_FILE_FIELD_NAME]['size'][$key] > PLUGIN_ATTACH_MAX_FILESIZE) { $msgs[$file] = $_attach_messages['err_exceed']; continue; } $ret = attach_doupload($file, $page, $pass, $_FILES[PLUGIN_ATTACH_FILE_FIELD_NAME]['tmp_name'][$key]); $msgs[$file] = $ret['msg']; } $body[] = '<ul>'; foreach ($msgs as $file => $_result) { $body[] = '<li>' . $file . ': ' . $_result . '</li>'; } $body[] = '</ul>'; return array('msg' => sprintf($_attach_messages['msg_uploaded'], $page), 'body' => '<ul>' . join("\n", $body) . '</ul>', 'result' => true); }
function plugin_edit_write() { global $vars, $trackback; global $_title_collided, $_msg_collided_auto, $_msg_collided, $_title_deleted; global $notimeupdate, $_msg_invalidpass, $do_update_diff_table; $page = isset($vars['page']) ? $vars['page'] : ''; $add = isset($vars['add']) ? $vars['add'] : ''; $digest = isset($vars['digest']) ? $vars['digest'] : ''; $vars['msg'] = preg_replace(PLUGIN_EDIT_FREEZE_REGEX, '', $vars['msg']); $msg =& $vars['msg']; // Reference $retvars = array(); // Collision Detection $oldpagesrc = join('', get_source($page)); $oldpagemd5 = md5($oldpagesrc); if ($digest != $oldpagemd5) { $vars['digest'] = $oldpagemd5; // Reset $original = isset($vars['original']) ? $vars['original'] : ''; list($postdata_input, $auto) = do_update_diff($oldpagesrc, $msg, $original); $retvars['msg'] = $_title_collided; $retvars['body'] = ($auto ? $_msg_collided_auto : $_msg_collided) . "\n"; $retvars['body'] .= $do_update_diff_table; $retvars['body'] .= edit_form($page, $postdata_input, $oldpagemd5, FALSE); return $retvars; } // Action? if ($add) { // Add if (isset($vars['add_top']) && $vars['add_top']) { $postdata = $msg . "\n\n" . @join('', get_source($page)); } else { $postdata = @join('', get_source($page)) . "\n\n" . $msg; } } else { // Edit or Remove $postdata =& $msg; // Reference } // NULL POSTING, OR removing existing page if ($postdata == '') { page_write($page, $postdata); $retvars['msg'] = $_title_deleted; $retvars['body'] = str_replace('$1', htmlspecialchars($page), $_title_deleted); if ($trackback) { tb_delete($page); } return $retvars; } // $notimeupdate: Checkbox 'Do not change timestamp' $notimestamp = isset($vars['notimestamp']) && $vars['notimestamp'] != ''; if ($notimeupdate > 1 && $notimestamp && !pkwk_login($vars['pass'])) { // Enable only administrator & password error $retvars['body'] = '<p><strong>' . $_msg_invalidpass . '</strong></p>' . "\n"; $retvars['body'] .= edit_form($page, $msg, $digest, FALSE); return $retvars; } page_write($page, $postdata, $notimeupdate != 0 && $notimestamp); pkwk_headers_sent(); header('Location: ' . get_script_uri() . '?' . rawurlencode($page)); exit; }
function plugin_dav_action() { global $scriptname, $zslash, $log_ua; if (!exist_plugin('attach')) { plugin_dav_error_exit(500, 'attach plugin not found.'); } $scriptname = SCRIPT_NAME; // 区切り文字の全角 $zslash = mb_convert_kana('/', 'A', SOURCE_ENCODING); header('Expires: Sat, 1 Jan 2000 00:00:00 GMT'); header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0', false); header('Pragma: no-cache'); $req_headers = apache_request_headers(); $path_info = empty($_SERVER['PATH_INFO']) ? '' : $_SERVER['PATH_INFO']; switch ($_SERVER['REQUEST_METHOD']) { case 'OPTIONS': header('DAV: 1'); // OPTIONS,PROPFIND,GET,HEAD,PUT,DELETE,MOVE,COPY header('Allow: OPTIONS,PROPFIND,GET,PUT,MOVE,COPY'); header('MS-Author-Via: DAV'); break; case 'PROPFIND': // 添付する際にパスワードまたは、管理者のみの場合は、認証を要求 if (PLUGIN_ATTACH_PASSWORD_REQUIRE || PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY) { // PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY ? 'admin password' : 'password'; if (!isset($req_headers['Authorization'])) { plugin_dav_error_exit(401); } //$user = auth::check_auth_pw(); // 認証済かのチェック //if (empty($user)) plugin_dav_error_exit(401); // 未認証なら認証を要求 } if (empty($path_info)) { plugin_dav_error_exit(301, NULL, plugin_dav_myurl1() . '/'); } $tree = plugin_dav_maketree($path_info); if (!isset($tree)) { plugin_dav_error_exit(404); } $ret = plugin_dav_makemultistat($tree, $_SERVER['REQUEST_URI'], $req_headers['Depth']); if (!isset($ret)) { plugin_dav_error_exit(301, NULL, plugin_dav_myurl() . '/'); } header('HTTP/1.1 207 Multi-Status'); header('Content-Type: text/xml'); echo $ret->saveXML(); exit; case 'GET': case 'HEAD': // 通常のファイル参照時は、このメソッドでアクセスされる $obj =& plugin_dav_getfileobj($path_info); if ($obj != NULL && $obj->exist) { $obj->open(); } else { if ($_SERVER['REQUEST_METHOD'] == 'GET' && empty($path_info) && strpos($log_ua, 'MSIE') > 0) { plugin_dav_officious_message(); exit; } else { plugin_dav_error_exit(404); } } break; case 'PUT': $pass = NULL; if (auth::check_role('readonly')) { plugin_dav_error_exit(403, 'PKWK_READONLY prohibits editing'); } // 添付する際にパスワードまたは、管理者のみの場合は、認証を要求 if (PLUGIN_ATTACH_PASSWORD_REQUIRE || PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY) { if (isset($req_headers['Authorization'])) { $pass = plugin_dav_getbasicpass($req_headers['Authorization']); } // else // PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY ? 'admin password' : 'password'; // plugin_dav_error_exit(401); } if (PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY && $pass !== TRUE && ($pass === NULL || !pkwk_login($pass))) { plugin_dav_error_exit(401); } // 'admin only.' $obj =& plugin_dav_getfileobj($path_info, false); if (!isset($obj)) { plugin_dav_error_exit(403, 'no page'); } if ($obj->exist) { unlink($tmpfilename); plugin_dav_error_exit(403, 'already exist.'); } $size = intval($req_headers['Content-Length']); // Windows 7のクライアントは、まず0バイト書いて、 // それをLOCKしてから、上書きしにくる。 // しかし、Pukiwikiは基本上書き禁止。 // そこで0バイトの時は無視する。 if ($size > 0) { if ($size > PLUGIN_ATTACH_MAX_FILESIZE) { plugin_dav_error_exit(403, 'file size error'); } $tmpfilename = tempnam('/tmp', 'dav'); $fp = fopen($tmpfilename, 'wb'); $size = 0; $putdata = fopen('php://input', 'rb'); while ($data = fread($putdata, 1024)) { $size += strlen($data); fwrite($fp, $data); } fclose($putdata); fclose($fp); if (copy($tmpfilename, $obj->filename)) { chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE); } if (is_page($obj->page)) { touch(get_filename($obj->page)); } $obj->getstatus(); $obj->status['pass'] = $pass !== TRUE && $pass !== NULL ? md5($pass) : ''; $obj->putstatus(); unlink($tmpfilename); } break; case 'DELETE': // FIXME // フォルダーは消せないくせに、消せたように処理してしまう。 // $pass = NULL; if (auth::check_role('readonly')) { plugin_dav_error_exit(403, 'PKWK_READONLY prohibits editing'); } // 添付する際にパスワードまたは、管理者のみの場合は、認証を要求 if (PLUGIN_ATTACH_PASSWORD_REQUIRE || PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY) { if (isset($req_headers['Authorization'])) { $pass = plugin_dav_getbasicpass($req_headers['Authorization']); } // else // PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY ? 'admin password' : 'password'; // plugin_dav_error_exit(401); } if (PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY && $pass !== TRUE && ($pass === NULL || !pkwk_login($pass))) { plugin_dav_error_exit(401); } // 'admin only.' $obj =& plugin_dav_getfileobj($path_info, false); if (!isset($obj)) { plugin_dav_error_exit(403); } if ($obj->getstatus() == FALSE) { plugin_dav_error_exit(404); } $obj->delete($pass); if (file_exists($obj->filename)) { plugin_dav_error_exit(406, "can't delete this file"); } break; case 'MOVE': case 'COPY': // 添付ファイルのコピーと移動のみ // 同じページ内での添付ファイルの移動もわざわざ消して書いている // ページのコピーや移動は未実装 $pass = NULL; if (auth::check_role('readonly')) { plugin_dav_error_exit(403, 'PKWK_READONLY prohibits editing'); } // 添付する際にパスワードまたは、管理者のみの場合は、認証を要求 if (PLUGIN_ATTACH_PASSWORD_REQUIRE || PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY) { if (isset($req_headers['Authorization'])) { $pass = plugin_dav_getbasicpass($req_headers['Authorization']); } // else // PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY ? 'admin password' : 'password'; // plugin_dav_error_exit(401); } if (PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY && $pass !== TRUE && ($pass === NULL || !pkwk_login($pass))) { plugin_dav_error_exit(401); } // 'admin only.' // FROM (PATH_INFO) if ($_SERVER['REQUEST_METHOD'] == 'MOVE') { $obj1 =& plugin_dav_getfileobj($path_info, false); } else { $obj1 =& plugin_dav_getfileobj($path_info, true); // readonly } if (!isset($obj1)) { plugin_dav_error_exit(403, 'no src page.'); } if ($obj1->getstatus() == FALSE) { plugin_dav_error_exit(404); } // TO (Destination) $destname = $req_headers['Destination']; if (strpos($destname, plugin_dav_myurl0()) === 0) { $destname = substr($destname, strlen(plugin_dav_myurl0())); } if (strpos($destname, $scriptname) === 0) { $destname = urldecode(substr($destname, strlen($scriptname))); } else { plugin_dav_error_exit(403, 'not dav directory.'); } $obj2 =& plugin_dav_getfileobj($destname, false); if (!isset($obj2)) { plugin_dav_error_exit(403, 'no dst page.'); } if ($obj2->exist) { plugin_dav_error_exit(403, 'already exist'); } if (copy($obj1->filename, $obj2->filename)) { chmod($obj2->filename, PLUGIN_ATTACH_FILE_MODE); } else { plugin_dav_error_exit(406, "can't copy it"); } // COPY if (is_page($obj2->page)) { touch(get_filename($obj2->page)); } $obj2->getstatus(); $obj2->status['pass'] = $pass !== TRUE && $pass !== NULL ? md5($pass) : ''; $obj2->putstatus(); // MOVE(DELETE) if ($_SERVER['REQUEST_METHOD'] == 'MOVE') { $obj1->delete($pass); if (file_exists($obj1->filename)) { plugin_dav_error_exit(406, "can't delete this file"); } } break; /* case 'MKCOL': // ページは作成可能 // セキュリティは未検証 // Windowsクライアントを考えると、 // ページのリネームを考えないと無意味 if (auth::check_role('readonly')) plugin_dav_error_exit(403, 'PKWK_READONLY prohibits editing'); // 添付する際にパスワードまたは、管理者のみの場合は、認証を要求 if (PLUGIN_ATTACH_PASSWORD_REQUIRE || PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY) { if(isset($req_headers['Authorization'])) $pass = plugin_dav_getbasicpass($req_headers['Authorization']); // else // PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY ? 'admin password' : 'password'; // plugin_dav_error_exit(401); } $path = $path_info; if(!isset($path)) plugin_dav_error_exit(403); // $path = mb_convert_encoding($path, SOURCE_ENCODING, 'UTF-8'); if(preg_match('/^\/(.+)\/$/', $path, $matches) != 1) plugin_dav_error_exit(403); $page = str_replace($zslash, '/', $matches[1]); if(is_page($page)) plugin_dav_error_exit(403); // ここの辺りにもう一つチェックが必要かも page_write($page, "dav.php"); // write initial string to the page. break; */ /* case 'MKCOL': // ページは作成可能 // セキュリティは未検証 // Windowsクライアントを考えると、 // ページのリネームを考えないと無意味 if (auth::check_role('readonly')) plugin_dav_error_exit(403, 'PKWK_READONLY prohibits editing'); // 添付する際にパスワードまたは、管理者のみの場合は、認証を要求 if (PLUGIN_ATTACH_PASSWORD_REQUIRE || PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY) { if(isset($req_headers['Authorization'])) $pass = plugin_dav_getbasicpass($req_headers['Authorization']); // else // PLUGIN_ATTACH_UPLOAD_ADMIN_ONLY ? 'admin password' : 'password'; // plugin_dav_error_exit(401); } $path = $path_info; if(!isset($path)) plugin_dav_error_exit(403); // $path = mb_convert_encoding($path, SOURCE_ENCODING, 'UTF-8'); if(preg_match('/^\/(.+)\/$/', $path, $matches) != 1) plugin_dav_error_exit(403); $page = str_replace($zslash, '/', $matches[1]); if(is_page($page)) plugin_dav_error_exit(403); // ここの辺りにもう一つチェックが必要かも page_write($page, "dav.php"); // write initial string to the page. break; */ case 'PROPPATCH': // ダミールーチン: Windows 7のクライアントは、PROPPATCHが // 失敗するとファイルを消しに来るため仕方なく。 // header('HTTP/1.1 207 Multi-Status'); header('Content-Type: text/xml'); $doc = plugin_dav_proppatch_dummy_response($_SERVER['REQUEST_URI']); echo $doc->saveXML(); exit; case 'MKCOL': case 'LOCK': case 'UNLOCK': case 'POST': plugin_dav_error_exit(501); // Method not Implemented break; default: plugin_dav_error_exit(405); // Method not Allowed } }
function login() { global $vars; $pass = isset($vars['pass']) ? $vars['pass'] : $this->get_admincookie(); if (pkwk_login($pass)) { $this->set_admincookie($pass); return TRUE; } else { return FALSE; } }
/** * PukiWiki admin login with session * * @param string $pass * @param boolean $use_session Use Session log * @param boolean $use_basicauth Use BasicAuth log * @return boolean */ function is_admin($pass = null, $use_session = false, $use_basicauth = false) { $is_admin = FALSE; if ($use_basicauth) { if (is_callable(array('auth', 'check_role'))) { // Plus! $is_admin = !auth::check_role('role_adm_contents'); } } if (!$is_admin && isset($pass)) { $is_admin = function_exists('pkwk_login') ? pkwk_login($pass) : md5($pass) === $GLOBALS['adminpass']; // 1.4.3 } if ($use_session) { session_start(); if ($is_admin) { $_SESSION['is_admin'] = TRUE; } return isset($_SESSION['is_admin']) && $_SESSION['is_admin']; } else { return $is_admin; } }