/** * スパムフィルタ * @param string $cmd 動作 */ public static function spamCheck($cmd) { global $spam, $vars, $method; // Adjustment $_spam = !empty($spam); $_cmd = strtolower($cmd); $_ignore = array(); switch ($_cmd) { case 'search': $_spam = FALSE; break; case 'edit': $_page =& $page; if (isset($vars['add']) && $vars['add']) { $_cmd = 'add'; } else { $_ignore[] = 'original'; } break; case 'bugtrack': $_page =& $vars['base']; break; case 'tracker': $_page =& $vars['_base']; break; case 'read': $_page =& $page; break; default: $_page =& $refer; break; } if ($_spam) { if (isset($spam['method'][$_cmd])) { $_method = $spam['method'][$_cmd]; } else { if (isset($spam['method']['_default'])) { $_method = $spam['method']['_default']; } else { $_method = array(); } } $exitmode = isset($spam['exitmode']) ? $spam['exitmode'] : null; // Hack: ignorance several keys if ($_ignore) { $_vars = array(); foreach ($vars as $key => $value) { $_vars[$key] =& $vars[$key]; } foreach ($_ignore as $key) { unset($_vars[$key]); } } else { $_vars = $vars; } Spam::pkwk_spamfilter($method . ' to #' . $_cmd, $_page, $_vars, $_method, $exitmode); } }
function plugin_spam_pages() { global $vars, $post, $_msg_invalidpass, $_spam_messages; $ob = ob_get_level(); $script = Router::get_script_uri(); $start = isset($post['start']) ? $post['start'] : NULL; $s_start = $start === NULL ? '' : Utility::htmlsc($start); $pass = isset($post['pass']) ? $post['pass'] : NULL; $sort = isset($post['sort']); $s_sort = $sort ? ' checked' : ''; $per = 100; $form = <<<EOD <form action="{$script}" method="post" class="spam_form"> \t<input type="hidden" name="cmd" value="spam" /> \t<input type="hidden" name="mode" value="pages" /> \t<fieldset> \t\t<legend>{$_spam_messages['msg_pages']}</legend> \t\t<label for="start">{$_spam_messages['label_start']}</label> \t\t<input type="text" name="start" id="start" size="40" value="{$s_start}" /><br /> \t\t<input type="checkbox" name="sort" value="on" id="sort" {$s_sort} /> \t\t<label for="sort">{$_spam_messages['label_sort']}</label><br /> \t\t<label for="pass">{$_spam_messages['label_pass']}</label> \t\t<input type="password" name="pass" id="pass" size="12" /><br /> \t\t<input type="submit" class="btn btn-primary" name="check" value="{$_spam_messages['check']}" /> \t</fieldset> </form> EOD; if ($pass !== NULL && Auth::login($pass)) { // Check and report $method = array('_comment' => '_default', 'badhost' => TRUE); echo $form; flush(); if ($ob) { @ob_flush(); } $pages = Listing::exists(); if ($sort) { sort($pages, SORT_STRING); } $count = $search = $hit = 0; foreach ($pages as $pagename) { ++$count; if ($start !== '') { if ($start == $pagename) { $start = ''; } else { continue; } } ++$search; if ($search % $per == 0) { flush(); if ($ob) { @ob_flush(); } } $progress = Spam::check_uri_spam(Factory::Wiki($pagename)->get(), $method); if (empty($progress['is_spam'])) { echo Utility::htmlsc($pagename); echo '<br />' . "\n"; } else { ++$hit; echo '<div style="padding: 0pt 0.7em;" class="ui-state-error ui-corner-all">' . '<p><span class="ui-icon ui-icon-alert" style="float: left; margin-right: 0.3em;"></span>' . sprintf($_spam_messages['msg_found'], Utility::htmlsc($pagename)) . '</p>'; echo '<p>' . "\n"; $tmp = Spam::summarize_detail_badhost($progress); if ($tmp != '') { echo ' DETAIL_BADHOST: ' . str_replace(' ', ' ', nl2br(htmlsc($tmp) . "\n")); } } } echo '</p>' . "\n"; echo '<hr />' . "\n"; echo sprintf($_spam_messages['msg_hits'], $hit, $search, $count); exit; } $body = $pass === NULL ? '' : '<p><strong>' . $_msg_invalidpass . '</strong></p>' . "\n"; $body .= $form; return array('msg' => $_spam_messages['title'] . $_spam_messages['title_pages'], 'body' => $body); }
function attach_doupload($file, $page, $pass = NULL, $temp) { global $_attach_messages, $_string; global $notify, $notify_subject, $notify_exclude, $spam; $filename = Utility::encode($page) . '_' . Utility::encode($file); $type = Utility::getMimeInfo($temp); $must_compress = PLUGIN_ATTACH_UNKNOWN_COMPRESS !== 0 ? attach_is_compress($type, PLUGIN_ATTACH_UNKNOWN_COMPRESS) : false; // 不明なファイルを圧縮するか? // ファイル名の長さをチェック $filename_length = strlen($filename); if ($filename_length >= 255 || $must_compress && $filename_length >= 251) { return array('result' => FALSE, 'msg' => $_attach_messages['err_filename']); } // スパムチェック if ($spam !== 0) { // ファイルの内容でスパムチェック // if attach spam, filtering attach file. $vars['uploadname'] = $file['name']; $vars['uploadtext'] = attach_gettext($file['tmp_name']); if ($vars['uploadtext'] === '' || $vars['uploadtext'] === FALSE) { return FALSE; } if (isset($spam['method']['attach'])) { $_method =& $spam['method']['attach']; } else { if (isset($spam['method']['_default'])) { $_method =& $spam['method']['_default']; } else { $_method = array(); } } $exitmode = isset($spam['exitmode']) ? $spam['exitmode'] : ''; Spam::pkwk_spamfilter('File Attach', $page, $vars, $_method, $exitmode); } if ($must_compress) { // 添付ファイルを圧縮する switch (PLUGIN_ATTACH_COMPRESS_TYPE) { case 'GZ': if (!extension_loaded('zlib')) { Utility::dieMessage('#attach: zlib extention has not loaded.'); } $obj = new AttachFile($page, $file . '.gz'); if ($obj->exist) { return array('result' => FALSE, 'msg' => $_attach_messages['err_exists']); } $tp = fopen($file['tmp_name'], 'rb') or die_message($_attach_messages['err_load_file']); $zp = gzopen($obj->filename, 'wb') or die_message($_attach_messages['err_write_tgz']); while (!feof($tp)) { gzwrite($zp, fread($tp, 8192)); } gzclose($zp); fclose($tp); chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE); break; case 'ZIP': if (!class_exists('ZipArchive')) { Utility::dieMessage('#attach: ZipArchive class has not defined.'); } $obj = new AttachFile($page, $file . '.zip'); if ($obj->exist) { return array('result' => FALSE, 'msg' => $_attach_messages['err_exists']); } $zip = new ZipArchive(); $zip->addFile($temp, $file); // if ($zip->status !== ZIPARCHIVE::ER_OK) if ($zip->status !== 0) { die_message($_attach_messages['err_upload'] . '(' . $zip->status . ').'); } $zip->close(); chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE); break; case 'BZ2': if (!extension_loaded('bz2')) { Utility::dieMessage('#attach: bz2 extention has not loaded.'); } $obj = new AttachFile($page, $file . '.bz2'); if ($obj->exist) { return array('result' => FALSE, 'msg' => $_attach_messages['err_exists']); } $tp = fopen($file['tmp_name'], 'rb') or die_message($_attach_messages['err_load_file']); $zp = bzopen($obj->filename, 'wb') or die_message($_attach_messages['err_write_tgz']); while (!feof($tp)) { bzwrite($zp, fread($tp, 8192)); } bzclose($zp); fclose($tp); chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE); break; default: //miko $obj = new AttachFile($page, $file); if ($obj->exist) { return array('result' => FALSE, 'msg' => $_attach_messages['err_exists']); } if (move_uploaded_file($temp, $obj->filename)) { chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE); } break; } } else { // 通常添付 $obj = new AttachFile($page, $file); if (isset($obj->exist)) { return array('result' => FALSE, 'msg' => $_attach_messages['err_exists']); } if (move_uploaded_file($temp, $obj->filename)) { chmod($obj->filename, PLUGIN_ATTACH_FILE_MODE); } } if (file_exists($temp)) { unlink($temp); } // ページのタイムスタンプを更新 Factory::Wiki($page)->touch(); $obj->status['pass'] = $pass !== TRUE && $pass !== NULL ? md5($pass) : ''; if ($notify) { $notify_exec = TRUE; foreach ($notify_exclude as $exclude) { $exclude = preg_quote($exclude); if (substr($exclude, -1) == '.') { $exclude .= '*'; } if (preg_match('/^' . $exclude . '/', get_remoteip())) { $notify_exec = FALSE; break; } } $footer['ACTION'] = 'File attached'; $footer['FILENAME'] = $file['name']; $footer['FILESIZE'] = $file['size']; $footer['PAGE'] = $page; $footer['URI'] = get_cmd_uri('attach', '', array('refer' => $page, 'pcmd' => 'info', 'file' => $file['name'])); $footer['USER_AGENT'] = TRUE; $footer['REMOTE_ADDR'] = TRUE; pkwk_mail_notify($notify_subject, "\n", $footer); } return array('result' => TRUE, 'msg' => $_attach_messages['msg_uploaded']); }
/** * Main function of spam-uri pickup, * A wrapper function of uri_pickup() * @param type $string * @param type $method * @return type */ static function spam_uri_pickup($string = '', $method = array()) { if (!is_array($method) || empty($method)) { $method = Spam::check_uri_spam_method(); } $string = self::spam_uri_pickup_preprocess($string, $method); $array = self::uri_pickup($string); // Area elevation of URIs, for '(especially external)link' intension if (!empty($array)) { $_method = array(); if (isset($method['uri_anchor'])) { $_method['uri_anchor'] =& $method['uri_anchor']; } if (isset($method['uri_bbcode'])) { $_method['uri_bbcode'] =& $method['uri_bbcode']; } $areas = self::area_pickup($string, $_method, TRUE); if (!empty($areas)) { $area_shadow = array(); foreach (array_keys($array) as $key) { $area_shadow[$key] =& $array[$key]['area']; foreach (array_keys($_method) as $_key) { $area_shadow[$key][$_key] = 0; } } foreach (array_keys($_method) as $_key) { if (isset($areas[$_key])) { self::area_measure($areas[$_key], $area_shadow, 1, $_key); } } } } // Remove 'offset's for area_measure() foreach (array_keys($array) as $key) { unset($array[$key]['area']['offset']); } return $array; }