function plugin_guiedit_edit_form($page, $postdata, $digest = FALSE, $b_template = TRUE) { global $vars; global $load_template_func, $whatsnew; global $_button; global $notimeupdate; global $js_tags, $link_tags, $js_blocks; global $guiedit_use_fck; $script = get_script_uri(); // Newly generate $digest or not if ($digest === FALSE) { $digest = md5(get_source($page, TRUE, TRUE)); } $s_id = isset($vars['id']) ? Utility::htmlsc($vars['id']) : ''; if (!$guiedit_use_fck) { $body = edit_form($page, $postdata, $digest, $b_template); $pattern = "/(<input\\s+type=\"hidden\"\\s+name=\"cmd\"\\s+value=\")edit(\"\\s*\\/?>)/"; $replace = "\$1guiedit\$2\n" . ' <input type="hidden" name="id" value="' . $s_id . '" />' . ' <input type="hidden" name="text" value="1" />'; $body = preg_replace($pattern, $replace, $body); return $body; } // require_once(GUIEDIT_CONF_PATH . 'guiedit.ini.php'); // フォームの値の設定 $s_digest = Utility::htmlsc($digest); $s_page = Utility::htmlsc($page); $s_original = Utility::htmlsc($vars['original']); $s_ticket = md5(MUTIME); if (function_exists('pkwk_session_start') && pkwk_session_start() != 0) { // BugTrack/95 fix Problem: browser RSS request with session $_SESSION[$s_ticket] = md5(get_ticket() . $digest); $_SESSION['origin' . $s_ticket] = md5(get_ticket() . str_replace("\r", '', $s_original)); } // テンプレート $template = ''; if ($load_template_func) { global $guiedit_non_list; $pages = array(); foreach (get_existpages() as $_page) { if ($_page == $whatsnew || check_non_list($_page)) { continue; } foreach ($guiedit_non_list as $key) { $pos = strpos($_page . '/', $key . '/'); if ($pos !== FALSE && $pos == 0) { continue 2; } } $_s_page = Utility::htmlsc($_page); $pages[$_page] = ' <option value="' . $_s_page . '">' . $_s_page . '</option>'; } ksort($pages); $s_pages = join("\n", $pages); $template = <<<EOD <select name="template_page"> \t<option value="">-- {$_button['template']} --</option> {$s_pages} </select> <br /> EOD; } // チェックボックス「タイムスタンプを変更しない」 $add_notimestamp = ''; if ($notimeupdate != 0) { $checked_time = isset($vars['notimestamp']) ? ' checked="checked"' : ''; // if ($notimeupdate == 2) { if ($notimeupdate == 2 && Auth::check_role('role_contents_admin')) { $add_notimestamp = ' ' . '<input type="password" name="pass" size="12" />' . "\n"; } $add_notimestamp = '<input type="checkbox" name="notimestamp" ' . 'id="_edit_form_notimestamp" value="true"' . $checked_time . ' />' . "\n" . ' ' . '<label for="_edit_form_notimestamp"><span class="small">' . $_button['notchangetimestamp'] . '</span></label>' . "\n" . $add_notimestamp . ' '; } // フォーム $body = <<<EOD <div id="guiedit"> \t<form id="guiedit_form" action="{$script}" method="post" style="margin-bottom:0px;"> \t{$template} \t\t<input type="hidden" name="cmd" value="guiedit" /> \t\t<input type="hidden" name="page" value="{$s_page}" /> \t\t<input type="hidden" name="digest" value="{$s_digest}" /> \t\t<input type="hidden" name="ticket" value="{$s_ticket}" /> \t\t<input type="hidden" name="id" value="{$s_id}" /> \t\t<textarea name="original" rows="1" cols="1" style="display:none">{$s_original}</textarea> \t\t<textarea name="msg" id="editor"></textarea> \t\t<div class="pull-left"> \t\t<button type="submit" name="write" accesskey="s" class="btn btn-primary">{$_button['update']}</button> \t\t<button type="button" name="preview" accesskey="p" class="btn btn-secondary">{$_button['preview']}</button> \t\t{$add_notimestamp} \t\t</div> \t</form> \t<form action="{$script}" method="post"> \t\t<input type="hidden" name="cmd" value="guiedit" /> \t\t<input type="hidden" name="page" value="{$s_page}" /> \t\t<input type="submit" name="cancel" value="{$_button['cancel']}" class="btn btn-warning" accesskey="c" /> \t</form> </div> EOD; $js_tags[] = array('type' => 'text/javascript', 'src' => COMMON_URI . 'js/ckeditor/ckeditor.js', 'defer' => 'defer'); $js_tags[] = array('type' => 'text/javascript', 'src' => COMMON_URI . 'js/ckeditor/adapters/jquery.js', 'defer' => 'defer'); $js_tags[] = array('type' => 'text/javascript', 'src' => COMMON_URI . 'js/plugin/guiedit/guiedit.js', 'defer' => 'defer'); return $body; }
function plugin_tracker_action() { global $post, $vars, $now; // if (PKWK_READONLY) die_message('PKWK_READONLY prohibits editing'); if (auth::check_role('readonly')) { die_message(_('PKWK_READONLY prohibits editing')); } if (auth::is_check_role(PKWK_CREATE_PAGE)) { die_message(_('PKWK_CREATE_PAGE prohibits editing')); } $base = isset($post['_base']) ? $post['_base'] : ''; $refer = isset($post['_refer']) ? $post['_refer'] : ''; $createProxy = isset($post['_createProxy']) ? $post['_createProxy'] : ''; // $page name to add will be decided here $num = 0; $name = isset($post['_name']) ? $post['_name'] : ''; if (isset($post['_page'])) { $real = $page = $post['_page']; } else { $real = is_pagename($name) ? $name : ++$num; $page = get_fullname('./' . $real, $base); } if (!is_pagename($page)) { $page = $base; } while (is_page($page)) { $real = ++$num; $page = $base . '/' . $real; } $config = isset($post['_config']) ? $post['_config'] : ''; $createProxy = isset($post['_createProxy']) ? $post['_createProxy'] : ''; // Petit SPAM Check (Client(Browser)-Server Ticket Check) $spam = FALSE; if (function_exists('pkwk_session_start') && pkwk_session_start() != 0) { $s_tracker = md5(get_ticket() . $config_name); error_log("\$s_tracker: " . $s_tracker); error_log("\$_SESSION['tracker']: " . $_SESSION['tracker']); // if ($_SESSION['tracker'] != $s_tracker) { // $spam = TRUE; // } } else { if (isset($post['encode_hint']) && $post['encode_hint'] != '') { if (PKWK_ENCODING_HINT != $post['encode_hint']) { $spam = TRUE; } } else { if (PKWK_ENCODING_HINT != '') { $spam = TRUE; } } if (is_spampost(array('body'), PLUGIN_TRACKER_REJECT_SPAMCOUNT)) { $spam = TRUE; } } if ($spam) { honeypot_write(); return array('msg' => 'cannot write', 'body' => '<p>prohibits editing</p>'); } // TODO: Why here // Default $_post = array_merge($post, $_FILES); $_post['_date'] = $now; $_post['_page'] = $page; $_post['_name'] = $name; $_post['_real'] = $real; // $_post['_refer'] = $_post['refer']; // TODO: Why here => See BugTrack/662 // Creating an empty page, before attaching files pkwk_touch_file(get_filename($page)); $from = $to = array(); $tracker_form =& new Tracker_form(); if (!$tracker_form->init($base, $refer, $config)) { return array('msg' => 'Cannot write', 'body' => htmlspecialchars($tracker_form->error)); } // Load $template $template_page = $tracker_form->config->page . '/' . PLUGIN_TRACKER_DEFAULT_PAGE; $template = plugin_tracker_get_source($template_page); if ($template === FALSE || empty($template)) { return array('msg' => 'Cannot write', 'body' => 'Page template (' . htmlspecialchars($template_page) . ') not found'); } if (!$tracker_form->initFields(plugin_tracker_field_pickup(implode('', $template)))) { return array('msg' => 'Cannot write', 'body' => htmlspecialchars($tracker_form->error)); } $fields = $tracker_form->fields; unset($tracker_form); foreach (array_keys($fields) as $field) { $from[] = '[' . $field . ']'; $to[] = isset($_post[$field]) ? $fields[$field]->format_value($_post[$field]) : ''; unset($fields[$field]); } // Repalace every [$field]s (found inside $template) to real values $subject = $escape = array(); foreach (array_keys($template) as $linenum) { if (trim($template[$linenum]) == '') { continue; } // Escape some TextFormattingRules $letter = $template[$linenum][0]; if ($letter == '|' || $letter == ':') { $escape['|'][$linenum] = $template[$linenum]; } else { if ($letter == ',') { $escape[','][$linenum] = $template[$linenum]; } else { // TODO: Escape "\n" except multiline-allowed fields $subject[$linenum] = $template[$linenum]; } } } foreach (str_replace($from, $to, $subject) as $linenum => $line) { $template[$linenum] = $line; } if ($escape) { // Escape for some TextFormattingRules foreach (array_keys($escape) as $hint) { $to_e = plugin_tracker_escape($to, $hint); foreach (str_replace($from, $to_e, $escape[$hint]) as $linenum => $line) { $template[$linenum] = $line; } } unset($to_e); } unset($from, $to); // Write $template, without touch page_write($page, join('', $template)); // Create proxy page if ($createProxy && ($proxyPage = isset($_post[$createProxy]) ? $_post[$createProxy] : '')) { page_write($proxyPage, '#include(' . $page . ',notitle)'); } pkwk_headers_sent(); header('Location: ' . get_page_location_uri($page)); exit; }
function plugin_commentx_convert() { global $vars, $digest; //, $_btn_comment, $_btn_name, $_msg_comment; static $numbers = array(); static $all_numbers = 0; $_btn_name = _("Name: "); $_btn_comment = _("Post Comment"); $_msg_comment = _("Comment: "); $auth_guide = ''; if (PKWK_READONLY == ROLE_AUTH) { // Plus! if (exist_plugin('login')) { $auth_guide = do_plugin_inline('login'); } } if (is_callable(array('auth', 'check_role'))) { // Plus! if (auth::check_role('readonly')) { return $auth_guide; } } else { if (PKWK_READONLY) { return ''; } } if (!isset($numbers[$vars['page']])) { $numbers[$vars['page']] = 0; } $comment_no = $numbers[$vars['page']]++; $comment_all_no = $all_numbers++; $options = func_num_args() ? func_get_args() : array(); $noname = in_array('noname', $options); $nodate = in_array('nodate', $options) ? '1' : '0'; $above = in_array('above', $options) ? '1' : (in_array('below', $options) ? '0' : PLUGIN_COMMENTX_DIRECTION_DEFAULT); $textarea = in_array('textarea', $options) ? TRUE : (in_array('textfield', $options) ? FALSE : PLUGIN_COMMENTX_TEXTAREA); list($user, $link, $disabled) = plugin_commentx_get_nick(); if ($noname) { $nametags = '<label for="_p_comment_comment_' . $comment_all_no . '">' . $_msg_comment . '</label>'; } else { if ($textarea) { $nametags = '<label for="_p_comment_name_' . $comment_all_no . '">' . $_btn_name . '</label>' . '<input type="text" name="name" id="_p_comment_name_' . $comment_all_no . '" size="' . PLUGIN_COMMENTX_SIZE_TEXTAREA_NAME . '" value="' . $user . '"' . $disabled . ' /><br />' . "\n"; } else { $nametags = '<label for="_p_comment_name_' . $comment_all_no . '">' . $_btn_name . '</label>' . '<input type="text" name="name" id="_p_comment_name_' . $comment_all_no . '" size="' . PLUGIN_COMMENTX_SIZE_NAME . '" value="' . $user . '"' . $disabled . ' />' . "\n"; } } if ($textarea) { $comment_box = '<textarea name="msg" id="_p_comment_comment_{' . $comment_all_no . '}" rows="' . PLUGIN_COMMENTX_SIZE_TEXTAREA_ROWS . '" style="width:' . PLUGIN_COMMENTX_SIZE_TEXTAREA_COLS . ';" /></textarea>'; } else { $comment_box = '<input type="text" name="msg" id="_p_comment_comment_{' . $comment_all_no . '}" style="width:' . PLUGIN_COMMENTX_SIZE_MSG . ';" />'; } if (function_exists('edit_form_assistant')) { // Plus! $helptags = edit_form_assistant(); } $refpage = ''; $script = get_script_uri(); $s_page = htmlspecialchars($vars['page']); $r_page = htmlspecialchars(rawurlencode($vars['page'])); $ticket = md5(MUTIME); if (function_exists('pkwk_session_start') && pkwk_session_start() != 0) { $keyword = $ticket; $_SESSION[$keyword] = md5(get_ticket() . $digest); } $string = <<<EOD <br /> {$auth_guide} <form action="{$script}?{$r_page}" method="post"> <div class="commentform" onmouseup="pukiwiki_pos()" onkeyup="pukiwiki_pos()"> <input type="hidden" name="refpage" value="{$refpage}" /> <input type="hidden" name="plugin" value="commentx" /> <input type="hidden" name="refer" value="{$s_page}" /> <input type="hidden" name="comment_no" value="{$comment_no}" /> <input type="hidden" name="nodate" value="{$nodate}" /> <input type="hidden" name="above" value="{$above}" /> <input type="hidden" name="digest" value="{$digest}" /> <input type="hidden" name="ticket" value="{$ticket}" /> {$nametags} {$comment_box} <input type="submit" name="comment" value="{$_btn_comment}" /> {$helptags} </div> </form> EOD; return $string; }
function plugin_approve_action() { global $vars, $post; if (auth::check_role('readonly')) { die_message(_('PKWK_READONLY prohibits editing')); } if (auth::is_check_role(PKWK_CREATE_PAGE)) { die_message(_('PKWK_CREATE_PAGE prohibits editing')); } // Petit SPAM Check (Client(Browser)-Server Ticket Check) $spam = FALSE; if (function_exists('pkwk_session_start') && pkwk_session_start() != 0) { $s_tracker = md5(get_ticket() . 'Approve'); error_log("\$s_tracker: " . $s_tracker); error_log("\$_SESSION['tracker']: " . $_SESSION['tracker']); } else { if (isset($post['encode_hint']) && $post['encode_hint'] != '') { error_log("\$post['encode_hint']: " . $post['encode_hint']); if (PKWK_ENCODING_HINT != $post['encode_hint']) { $spam = TRUE; } } else { error_log("PKWK_ENCODING_HINT: " . PKWK_ENCODING_HINT); if (PKWK_ENCODING_HINT != '') { $spam = TRUE; } } error_log("is_spampost: " . is_spampost(array('body'), PLUGIN_TRACKER_REJECT_SPAMCOUNT)); if (is_spampost(array('body'), PLUGIN_TRACKER_REJECT_SPAMCOUNT)) { $spam = TRUE; } } error_log("isSpam: " . $spam); if ($spam) { honeypot_write(); return array('msg' => 'cannot write', 'body' => '<p>prohibits editing</p>'); } $name = isset($post['name']) ? $post['name'] : ''; $page = isset($post['_page']) ? $post['_page'] : ''; if ($name == '') { return '<p>approve(): empty name.</p>'; } if ($page == '') { return '<p>approve(): empty page.</p>'; } $config_path = PLUGIN_APPROVE_CONFIG_ROOT . $name; $config = new YamlConfig($config_path); if (!$config->read()) { return array('msg' => 'Approve', 'body' => '<p>approve(): failed to load config. "' . $config_path . '"</p>'); } $pattern = $config[PLUGIN_APPROVE_KEY_PATTERN]; $replace = $config[PLUGIN_APPROVE_KEY_REPLACE]; $page_regex = $config[PLUGIN_APPROVE_KEY_PAGE_REGEX]; if ($page == '') { return array('msg' => 'Approve', 'body' => '<p>approve(): empty page.</p>'); } if ($pattern == '') { return array('msg' => 'Approve', 'body' => '<p>approve(): empty pattern.</p>'); } if ($page_regex == '') { return array('msg' => 'Approve', 'body' => '<p>approve(): empty page_regex.</p>'); } if (!preg_match($page_regex, $page)) { return array('msg' => 'Approve', 'body' => '<p>approve(): page not match.</p>'); } if (PKWK_READONLY > 0 || is_freeze($vars['page']) || !plugin_approve_is_edit_authed($page)) { return array('msg' => 'Approve', 'body' => '<p>approve(): prohibit editing. "' . $page . '"</p>'); } $source = get_source($page, TRUE, TRUE); if ($source === FALSE) { return array('msg' => 'Approve', 'body' => '<p>approve(): failed to load page. "' . $page . '"</p>'); } if (strpos($source, $pattern) === FALSE) { return array('msg' => 'Approve', 'body' => '<p>approve(): pattern not match.</p>'); } $source = str_replace($pattern, $replace, $source); //return array('msg'=>'Approve', 'body'=>$source); page_write($page, $source); pkwk_headers_sent(); header('Location: ' . get_page_location_uri($page)); exit; }
function edit_form($page, $postdata, $digest = FALSE, $b_template = TRUE) { global $script, $vars, $rows, $cols, $hr, $function_freeze; global $load_template_func, $load_refer_related; global $notimeupdate; global $_button, $_string; global $ajax, $ctrl_unload; // Newly generate $digest or not if ($digest === FALSE) { $digest = md5(get_source($page, TRUE, TRUE)); } $refer = $template = $addtag = $add_top = $add_ajax = ''; $checked_top = isset($vars['add_top']) ? ' checked="checked"' : ''; $checked_time = isset($vars['notimestamp']) ? ' checked="checked"' : ''; if (isset($vars['add'])) { $addtag = '<input type="hidden" name="add" value="true" />'; $add_top = '<input type="checkbox" name="add_top" value="true"' . $checked_top . ' /><span class="small">' . $_button['addtop'] . '</span>'; } if ($load_template_func && $b_template) { $pages = array(); foreach (auth::get_existpages() as $_page) { if (is_cantedit($_page) || check_non_list($_page)) { continue; } $s_page = htmlspecialchars($_page); $pages[$_page] = ' <option value="' . $s_page . '">' . $s_page . '</option>'; } ksort($pages, SORT_STRING); $s_pages = join("\n", $pages); $template = <<<EOD <select name="template_page"> <option value="">-- {$_button['template']} --</option> {$s_pages} </select> <input type="submit" name="template" value="{$_button['load']}" accesskey="r" /> <br /> EOD; if ($load_refer_related) { if (isset($vars['refer']) && $vars['refer'] != '') { $refer = '[[' . strip_bracket($vars['refer']) . ']]' . "\n\n"; } } } $r_page = rawurlencode($page); $s_page = htmlspecialchars($page); $s_digest = htmlspecialchars($digest); $s_postdata = htmlspecialchars($refer . $postdata); $s_original = isset($vars['original']) ? htmlspecialchars($vars['original']) : $s_postdata; $s_id = isset($vars['id']) ? htmlspecialchars($vars['id']) : ''; $b_preview = isset($vars['preview']); // TRUE when preview $btn_preview = $b_preview ? $_button['repreview'] : $_button['preview']; $s_ticket = md5(MUTIME); if (function_exists('pkwk_session_start') && pkwk_session_start() != 0) { // BugTrack/95 fix Problem: browser RSS request with session $_SESSION[$s_ticket] = md5(get_ticket() . $digest); $_SESSION['origin' . $s_ticket] = md5(get_ticket() . str_replace("\r", '', $s_original)); } if ($ajax && !is_mobile()) { $add_ajax = '<input type="button" name="add_ajax" value="' . $btn_preview . '" accesskey="p" onclick="pukiwiki_apx(this.form.page.value)" />'; } else { $add_ajax = '<input type="submit" name="preview" value="' . $btn_preview . '" accesskey="p" />'; } $add_notimestamp = ''; if ($notimeupdate != 0 && is_page($page)) { // enable 'do not change timestamp' $add_notimestamp = <<<EOD <input type="checkbox" name="notimestamp" id="_edit_form_notimestamp" value="true"{$checked_time} /> <label for="_edit_form_notimestamp"><span class="small">{$_button['notchangetimestamp']}</span></label> EOD; if ($notimeupdate == 2 && auth::check_role('role_adm_contents')) { // enable only administrator $add_notimestamp .= <<<EOD <input type="password" name="pass" size="12" /> EOD; } $add_notimestamp .= ' '; } $refpage = isset($vars['refpage']) ? htmlspecialchars($vars['refpage']) : ''; $add_assistant = edit_form_assistant(); $body = <<<EOD <div id="realview_outer"><div id="realview"></div><br /></div> <form action="{$script}" method="post" id="form"> <div class="edit_form" onmouseup="pukiwiki_pos()" onkeyup="pukiwiki_pos()"> {$template} {$addtag} <input type="hidden" name="cmd" value="edit" /> <input type="hidden" name="page" value="{$s_page}" /> <input type="hidden" name="digest" value="{$s_digest}" /> <input type="hidden" name="ticket" value="{$s_ticket}" /> <input type="hidden" name="id" value="{$s_id}" /> <textarea id="msg" name="msg" rows="{$rows}" cols="{$cols}" onselect="pukiwiki_apv(this.form.page.value,this)" onfocus="pukiwiki_apv(this.form.page.value,this)" onkeyup="pukiwiki_apv(this.form.page.value,this)" onmouseup="pukiwiki_apv(this.form.page.value,this)">{$s_postdata}</textarea> <br /> {$add_assistant} <br /> <input type="submit" name="write" value="{$_button['update']}" accesskey="s" /> {$add_top} {$add_ajax} {$add_notimestamp} <input type="submit" id="cancel" name="cancel" value="{$_button['cancel']}" accesskey="c" /> <textarea id="original" name="original" rows="1" cols="1" style="display:none">{$s_original}</textarea> </div> </form> EOD; if ($ajax) { global $head_tags; $head_tags[] = ' <script type="text/javascript" charset="utf-8" src="' . SKIN_URI . 'ajax/msxml.js"></script>'; $head_tags[] = ' <script type="text/javascript" charset="utf-8" src="' . SKIN_URI . 'ajax/realedit.js"></script>'; } if ($ctrl_unload) { global $head_tags; $head_tags[] = ' <script type="text/javascript" charset="utf-8" src="' . SKIN_URI . 'ajax/ctrl_unload.js"></script>'; } return $body; }
foreach ($vars as $key => $value) { $_vars[$key] =& $vars[$key]; } foreach ($_ignore as $key) { unset($_vars[$key]); } } else { $_vars =& $vars; } pkwk_spamfilter($method . ' to #' . $_plugin, $_page, $_vars, $_method, $exitmode); } } // If page output, enable session. // NOTE: if action plugin(command) use session, call pkwk_session_start() // in plugin action-API function. pkwk_session_start(); // auth remoteip if (isset($auth_api['remoteip']['use']) && $auth_api['remoteip']['use']) { if (exist_plugin_inline('remoteip')) { do_plugin_inline('remoteip'); } } $is_protect = auth::is_protect(); // Plugin execution if ($plugin != '') { if ($is_protect) { $plugin_arg = ''; if (auth::is_protect_plugin_action($plugin)) { if (exist_plugin_action($plugin)) { do_plugin_action($plugin); }
function plugin_typekey_action() { global $vars, $auth_api; if (!function_exists('pkwk_session_start')) { return ''; } if (pkwk_session_start() == 0) { return ''; } if (empty($auth_api['typekey']['site_token'])) { return ''; } $obj = new auth_typekey(); $obj->set_regkeys(); $obj->set_need_email($auth_api['typekey']['need_email']); $obj->set_sigKey($vars); $page = empty($vars['page']) ? '' : $vars['page']; if (!$obj->auth()) { if (isset($vars['logout'])) { $obj->auth_session_unset(); } header('Location: ' . get_page_location_uri($page)); die; } // 認証成功 $obj->auth_session_put(); header('Location: ' . get_page_location_uri($page)); die; }
function get_user_name() { global $auth_api; foreach ($auth_api as $api => $val) { // どうしても必要な場合のみ開始 if (!$val['use']) { continue; } if (function_exists('pkwk_session_start')) { pkwk_session_start(); } break; } foreach ($auth_api as $api => $val) { if (!$val['use']) { continue; } if (!exist_plugin($api)) { continue; } $call_func = 'plugin_' . $api . '_get_user_name'; list($role, $name, $nick, $profile) = $call_func(); if (!empty($name)) { return array($role, $name, $nick, $profile); } } return array(ROLE_GUEST, '', '', ''); }
function get_auth_api_info() { global $auth_api, $auth_wkgrp_user, $defaultpage; foreach ($auth_api as $api => $val) { // どうしても必要な場合のみ開始 if (!$val['use']) { continue; } if (function_exists('pkwk_session_start')) { pkwk_session_start(); } break; } require_once LIB_DIR . 'auth_api.cls.php'; $obj = new auth_api(); $msg = $obj->auth_session_get(); if (isset($msg['api']) && $auth_api[$msg['api']]['use']) { if (exist_plugin($msg['api'])) { $call_func = 'plugin_' . $msg['api'] . '_get_user_name'; $auth_key = $call_func(); $auth_key['api'] = $msg['api']; if (empty($auth_key['nick'])) { return array('role' => ROLE_GUEST, 'nick' => '', 'key' => '', 'group' => '', 'displayname' => '', 'home' => '', 'mypage' => '', 'api' => ''); } // 上書き・追加する項目 if (!empty($auth_wkgrp_user[$auth_key['api']][$auth_key['key']])) { $val =& $auth_wkgrp_user[$auth_key['api']][$auth_key['key']]; $auth_key['role'] = empty($val['role']) ? ROLE_ENROLLEE : $val['role']; $auth_key['group'] = empty($val['group']) ? '' : $val['group']; $auth_key['displayname'] = empty($val['displayname']) ? $user : $val['displayname']; $auth_key['home'] = empty($val['home']) ? $defaultpage : $val['home']; $auth_key['mypage'] = empty($val['mypage']) ? '' : $val['mypage']; } return $auth_key; } } return array('role' => ROLE_GUEST, 'nick' => '', 'key' => '', 'group' => '', 'displayname' => '', 'home' => '', 'mypage' => '', 'api' => ''); }
function plugin_guiedit_edit_form($page, $postdata, $digest = FALSE, $b_template = TRUE) { global $vars; global $load_template_func, $whatsnew; global $_button; global $notimeupdate; global $head_tags, $javascript; global $guiedit_use_fck; // Newly generate $digest or not if ($digest === FALSE) { $digest = md5(get_source($page, TRUE, TRUE)); } $s_id = isset($vars['id']) ? htmlspecialchars($vars['id']) : ''; if (!$guiedit_use_fck) { $body = edit_form($page, $postdata, $digest, $b_template); $pattern = "/(<input\\s+type=\"hidden\"\\s+name=\"cmd\"\\s+value=\")edit(\"\\s*\\/?>)/"; $replace = "\$1guiedit\$2\n" . ' <input type="hidden" name="id" value="' . $s_id . '" />' . ' <input type="hidden" name="text" value="1" />'; $body = preg_replace($pattern, $replace, $body); return $body; } require_once GUIEDIT_LIB_PATH . 'guiedit.ini.php'; // フォームの値の設定 $s_digest = htmlspecialchars($digest); $s_page = htmlspecialchars($page); $s_original = htmlspecialchars($vars['original']); $s_ticket = md5(MUTIME); if (function_exists('pkwk_session_start') && pkwk_session_start() != 0) { // BugTrack/95 fix Problem: browser RSS request with session $_SESSION[$s_ticket] = md5(get_ticket() . $digest); $_SESSION['origin' . $s_ticket] = md5(get_ticket() . str_replace("\r", '', $s_original)); } // テンプレート $template = ''; if ($load_template_func) { global $guiedit_non_list; $pages = array(); foreach (get_existpages() as $_page) { if ($_page == $whatsnew || check_non_list($_page)) { continue; } foreach ($guiedit_non_list as $key) { $pos = strpos($_page . '/', $key . '/'); if ($pos !== FALSE && $pos == 0) { continue 2; } } $_s_page = htmlspecialchars($_page); $pages[$_page] = ' <option value="' . $_s_page . '">' . $_s_page . '</option>'; } ksort($pages); $s_pages = join("\n", $pages); $template = <<<EOD <select name="template_page" onchange="Template()"> <option value="">-- {$_button['template']} --</option> {$s_pages} </select> <br /> EOD; } // チェックボックス「タイムスタンプを変更しない」 $add_notimestamp = ''; if ($notimeupdate != 0) { $checked_time = isset($vars['notimestamp']) ? ' checked="checked"' : ''; // if ($notimeupdate == 2) { if ($notimeupdate == 2 && auth::check_role('role_adm_contents')) { $add_notimestamp = ' ' . '<input type="password" name="pass" size="12" />' . "\n"; } $add_notimestamp = '<input type="checkbox" name="notimestamp" ' . 'id="_edit_form_notimestamp" value="true"' . $checked_time . ' />' . "\n" . ' ' . '<label for="_edit_form_notimestamp"><span class="small">' . $_button['notchangetimestamp'] . '</span></label>' . "\n" . $add_notimestamp . ' '; } // フォーム $body = <<<EOD <div class="edit_form"> <form id="edit_form" action="{$script}" method="post" style="margin-bottom:0px;"> {$template} <input type="hidden" name="cmd" value="guiedit" /> <input type="hidden" name="page" value="{$s_page}" /> <input type="hidden" name="digest" value="{$s_digest}" /> <input type="hidden" name="ticket" value="{$s_ticket}" /> <input type="hidden" name="id" value="{$s_id}" /> <textarea name="msg" rows="1" cols="1" style="display:none"></textarea> <div style="float:left;"> <input type="submit" name="write" value="{$_button['update']}" accesskey="s" onclick="Write()" /> <input type="button" name="preview" value="{$_button['preview']}" accesskey="p" onclick="Preview()" /> {$add_notimestamp} </div> <textarea name="original" rows="1" cols="1" style="display:none">{$s_original}</textarea> </form> <form action="{$script}" method="post" style="margin-top:0px;"> <input type="hidden" name="cmd" value="guiedit" /> <input type="hidden" name="page" value="{$s_page}" /> <input type="submit" name="cancel" value="{$_button['cancel']}" accesskey="c" /> </form> </div> <div id="preview_indicator" style="display:none"></div> <div id="preview_area" style="display:none"></div> EOD; // JavaScript を有効にする $javascript = 1; $root = get_baseuri('abs'); // ヘッダの設定 $head_tags[] = ' <link rel="stylesheet" type="text/css" href="' . GUIEDIT_LIB_PATH . 'guiedit.css" charset="UTF-8" />'; $head_tags[] = ' <script type="text/javascript" src="' . GUIEDIT_FCK_PATH . 'fckeditor.js" charset="UTF-8"></script>'; $head_tags[] = ' <script type="text/javascript" src="' . GUIEDIT_LIB_PATH . 'ajax.js" charset="UTF-8"></script>'; $head_tags[] = ' <script type="text/javascript" src="' . GUIEDIT_LIB_PATH . 'guiedit.js" charset="UTF-8"></script>'; $head_tags[] = ' <script type="text/javascript">'; $head_tags[] = ' <!-- <![CDATA['; $head_tags[] = ' var SMILEY_PATH="' . $root . IMAGE_URI . "face/" . '";'; $head_tags[] = ' var FCK_PATH="' . $root . GUIEDIT_FCK_PATH . '";'; $head_tags[] = ' var GUIEDIT_PATH="' . $root . GUIEDIT_LIB_PATH . '";'; $head_tags[] = ' //]]>-->'; $head_tags[] = ' </script>'; return $body; }
function plugin_openid_action() { global $vars, $_openid_msg, $auth_api; $die_message = PLUS_PROTECT_MODE ? 'die_msg' : 'die_message'; // OpenID 関連プラグイン経由の認証がOKの場合のみ通過を許可 if (!isset($auth_api['openid']['use'])) { return ''; } if (!$auth_api['openid']['use']) { $die_message($_openid_msg['msg_invalid']); } if (!function_exists('pkwk_session_start')) { $die_message($_openid_msg['msg_not_found']); } if (pkwk_session_start() == 0) { $die_message($_openid_msg['msg_not_start']); } // LOGOUT if (isset($vars['logout'])) { $obj = new auth_openid_plus(); $obj->auth_session_unset(); $page = empty($vars['page']) ? '' : $vars['page']; header('Location: ' . get_page_location_uri($page)); die; } // LOGIN if (!isset($vars['action'])) { return array('msg' => $_openid_msg['msg_title'], 'body' => plugin_openid_login_form()); } // AUTH if (!file_exists(PLUGIN_OPENID_STORE_PATH) && !mkdir(PLUGIN_OPENID_STORE_PATH)) { $die_mesage(sprintf($_openid_msg['err_store_path'], PLUGIN_OPENID_STORE_PATH)); } ini_set('include_path', LIB_DIR . 'openid/'); require_once 'Auth/OpenID/Consumer.php'; require_once 'Auth/OpenID/FileStore.php'; require_once 'Auth/OpenID/SReg.php'; require_once 'Auth/OpenID/PAPE.php'; ini_restore('include_path'); global $pape_policy_uris; $pape_policy_uris = array(PAPE_AUTH_MULTI_FACTOR_PHYSICAL, PAPE_AUTH_MULTI_FACTOR, PAPE_AUTH_PHISHING_RESISTANT); $store = new Auth_OpenID_FileStore(PLUGIN_OPENID_STORE_PATH); $consumer = new Auth_OpenID_Consumer($store); switch ($vars['action']) { case 'verify': if (empty($vars['openid_url'])) { return array('msg' => $_openid_msg['msg_title'], 'body' => plugin_openid_login_form()); } return plugin_openid_verify($consumer); case 'finish_auth': return plugin_openid_finish_auth($consumer); } // Error. header('Location: ' . get_location_uri()); }
function plugin_bugtrack_print_form($base, $category) { global $_plugin_bugtrack, $script; static $id = 0; ++$id; $select_priority = "\n"; $count = count($_plugin_bugtrack['priority_list']); $selected = ''; for ($i = 0; $i < $count; ++$i) { if ($i == $count - 1) { $selected = ' selected="selected"'; } // The last one $priority_list = htmlspecialchars($_plugin_bugtrack['priority_list'][$i]); $select_priority .= ' <option value="' . $priority_list . '"' . $selected . '>' . $priority_list . '</option>' . "\n"; } $select_state = "\n"; for ($i = 0; $i < count($_plugin_bugtrack['state_list']); ++$i) { $state_list = htmlspecialchars($_plugin_bugtrack['state_list'][$i]); $select_state .= ' <option value="' . $state_list . '">' . $state_list . '</option>' . "\n"; } if (empty($category)) { $encoded_category = '<input name="category" id="_p_bugtrack_category_' . $id . '" type="text" />'; } else { $encoded_category = '<select name="category" id="_p_bugtrack_category_' . $id . '">'; foreach ($category as $_category) { $s_category = htmlspecialchars($_category); $encoded_category .= '<option value="' . $s_category . '">' . $s_category . '</option>' . "\n"; } $encoded_category .= '</select>'; } $ticket = md5(MUTIME); if (function_exists('pkwk_session_start') && pkwk_session_start() != 0) { $keyword = 'B_' . $ticket; $_SESSION[$keyword] = md5(get_ticket() . $ticket); } $s_base = htmlspecialchars($base); $s_name = htmlspecialchars($_plugin_bugtrack['name']); $s_category = htmlspecialchars($_plugin_bugtrack['category']); $s_priority = htmlspecialchars($_plugin_bugtrack['priority']); $s_state = htmlspecialchars($_plugin_bugtrack['state']); $s_pname = htmlspecialchars($_plugin_bugtrack['pagename']); $s_pnamec = htmlspecialchars($_plugin_bugtrack['pagename_comment']); $s_version = htmlspecialchars($_plugin_bugtrack['version']); $s_versionc = htmlspecialchars($_plugin_bugtrack['version_comment']); $s_summary = htmlspecialchars($_plugin_bugtrack['summary']); $s_body = htmlspecialchars($_plugin_bugtrack['body']); $s_submit = htmlspecialchars($_plugin_bugtrack['submit']); $body = <<<EOD <form action="{$script}" method="post"> <table border="0"> <tr> <th><label for="_p_bugtrack_name_{$id}">{$s_name}</label></th> <td><input id="_p_bugtrack_name_{$id}" name="name" size="20" type="text" /></td> </tr> <tr> <th><label for="_p_bugtrack_category_{$id}">{$s_category}</label></th> <td>{$encoded_category}</td> </tr> <tr> <th><label for="_p_bugtrack_priority_{$id}">{$s_priority}</label></th> <td><select id="_p_bugtrack_priority_{$id}" name="priority">{$select_priority} </select></td> </tr> <tr> <th><label for="_p_bugtrack_state_{$id}">{$s_state}</label></th> <td><select id="_p_bugtrack_state_{$id}" name="state">{$select_state} </select></td> </tr> <tr> <th><label for="_p_bugtrack_pagename_{$id}">{$s_pname}</label></th> <td><input id="_p_bugtrack_pagename_{$id}" name="pagename" size="20" type="text" /> <small>{$s_pnamec}</small></td> </tr> <tr> <th><label for="_p_bugtrack_version_{$id}">{$s_version}</label></th> <td><input id="_p_bugtrack_version_{$id}" name="version" size="10" type="text" /> <small>{$s_versionc}</small></td> </tr> <tr> <th><label for="_p_bugtrack_summary_{$id}">{$s_summary}</label></th> <td><input id="_p_bugtrack_summary_{$id}" name="summary" size="60" type="text" /></td> </tr> <tr> <th><label for="_p_bugtrack_body_{$id}">{$s_body}</label></th> <td><textarea id="_p_bugtrack_body_{$id}" name="body" cols="60" rows="6"></textarea></td> </tr> <tr> <td colspan="2" align="center"> <input type="submit" value="{$s_submit}" /> <input type="hidden" name="plugin" value="bugtrack" /> <input type="hidden" name="ticket" value="{$ticket}" /> <input type="hidden" name="mode" value="submit" /> <input type="hidden" name="base" value="{$s_base}" /> </td> </tr> </table> </form> EOD; return $body; }
function plugin_comment_convert() { global $vars, $digest, $script; //, $_btn_comment, $_btn_name, $_msg_comment; static $numbers = array(); static $all_numbers = 0; static $comment_cols = PLUGIN_COMMENT_SIZE_MSG; $_btn_name = _("Name: "); $_btn_comment = _("Post Comment"); $_msg_comment = _("Comment: "); $auth_guide = ''; if (PKWK_READONLY == ROLE_AUTH) { exist_plugin('login'); $auth_guide = do_plugin_inline('login'); } // if (PKWK_READONLY) return ''; // Show nothing if (auth::check_role('readonly')) { return $auth_guide; } if (!isset($numbers[$vars['page']])) { $numbers[$vars['page']] = 0; } $comment_no = $numbers[$vars['page']]++; $comment_all_no = $all_numbers++; $options = func_num_args() ? func_get_args() : array(); list($user, $link, $disabled) = plugin_comment_get_nick(); if (in_array('noname', $options)) { $nametags = '<label for="_p_comment_comment_' . $comment_all_no . '">' . $_msg_comment . '</label>'; } else { $nametags = '<label for="_p_comment_name_' . $comment_all_no . '">' . $_btn_name . '</label>' . '<input type="text" name="name" id="_p_comment_name_' . $comment_all_no . '" size="' . PLUGIN_COMMENT_SIZE_NAME . '" value="' . htmlspecialchars($user) . '"' . $disabled . ' />' . "\n"; } $helptags = edit_form_assistant(); $nodate = in_array('nodate', $options) ? '1' : '0'; $above = in_array('above', $options) ? '1' : (in_array('below', $options) ? '0' : PLUGIN_COMMENT_DIRECTION_DEFAULT); $refpage = ''; $s_page = htmlspecialchars($vars['page']); $ticket = md5(MUTIME); if (function_exists('pkwk_session_start') && pkwk_session_start() != 0) { $keyword = $ticket; $_SESSION[$keyword] = md5(get_ticket() . $digest); } $string = <<<EOD <br /> {$auth_guide} <form action="{$script}" method="post"> <div class="commentform" onmouseup="pukiwiki_pos()" onkeyup="pukiwiki_pos()"> <input type="hidden" name="refpage" value="{$refpage}" /> <input type="hidden" name="plugin" value="comment" /> <input type="hidden" name="refer" value="{$s_page}" /> <input type="hidden" name="comment_no" value="{$comment_no}" /> <input type="hidden" name="nodate" value="{$nodate}" /> <input type="hidden" name="above" value="{$above}" /> <input type="hidden" name="digest" value="{$digest}" /> <input type="hidden" name="ticket" value="{$ticket}" /> {$nametags} <input type="text" name="msg" id="_p_comment_comment_{$comment_all_no}" size="{$comment_cols}" /> <input type="submit" name="comment" value="{$_btn_comment}" /> {$helptags} </div> </form> EOD; return $string; }
function plugin_livedoor_action() { global $vars, $auth_api, $_livedoor_msg; if (!$auth_api['livedoor']['use']) { return ''; } if (!function_exists('pkwk_session_start')) { return ''; } if (pkwk_session_start() == 0) { return ''; } $die_message = PLUS_PROTECT_MODE ? 'die_msg' : 'die_message'; // LOGIN if (isset($vars['login'])) { header('Location: ' . plugin_livedoor_jump_url()); die; } $obj = new auth_livedoor(); // LOGOUT if (isset($vars['logout'])) { $obj->auth_session_unset(); $page = empty($vars['page']) ? '' : decode($vars['page']); header('Location: ' . get_page_location_uri($page)); die; } // AUTH $rc = $obj->auth($vars); if (!isset($rc['has_error']) || $rc['has_error'] == 'true') { // ERROR $body = isset($rc['message']) ? $rc['message'] : 'unknown error.'; $die_message($body); } $obj->auth_session_put(); header('Location: ' . get_page_location_uri($obj->get_return_page())); die; }
function plugin_jugemkey_action() { global $vars, $auth_api, $_jugemkey_msg; if (!$auth_api['jugemkey']['use']) { return ''; } if (!function_exists('pkwk_session_start')) { return ''; } if (pkwk_session_start() == 0) { return ''; } $page = empty($vars['page']) ? '' : $vars['page']; $die_message = PLUS_PROTECT_MODE ? 'die_msg' : 'die_message'; // LOGIN if (isset($vars['login'])) { header('Location: ' . plugin_jugemkey_jump_url()); die; } $obj = new auth_jugemkey(); // LOGOUT if (isset($vars['logout'])) { $obj->auth_session_unset(); header('Location: ' . get_page_location_uri($page)); die; } // Get token info if (isset($vars['userinfo'])) { $rc = $obj->get_userinfo($vars['token']); if ($rc['rc'] != 200) { $msg = empty($rc['error']) ? '' : ' (' . $rc['error'] . ')'; $die_message('JugemKey: RC=' . $rc['rc'] . $msg); } $body = '<h3>' . $_jugemkey_msg['msg_userinfo'] . '</h3>' . '<strong>' . $_jugemkey_msg['msg_user_name'] . ': ' . $rc['title'] . '</strong>'; return array('msg' => 'JugemKey', 'body' => $body); } // AUTH $rc = $obj->auth($vars['frob']); if ($rc['rc'] != 200) { $msg = empty($rc['error']) ? '' : ' (' . $rc['error'] . ')'; $die_message('JugemKey: ' . $rc['rc'] . $msg); } $obj->auth_session_put(); header('Location: ' . get_page_location_uri($page)); die; }